Filtered by vendor Microsoft
Subscribe
Total
23389 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-5865 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-13 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-5866 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-13 | N/A | 8.8 HIGH |
| Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-5871 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-13 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-34401 | 1 Microsoft | 1 Xml Notepad | 2026-04-13 | N/A | 6.5 MEDIUM |
| XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related to malicious DTD files where an attacker to craft a malicious XML file that loads a DTD that causes XML Notepad to make outbound HTTP/SMB requests, potentially leaking local file contents or capturing the victim's NTLM credentials. This issue has been patched in version 2.9.0.21. | |||||
| CVE-2025-11719 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Thunderbird | 2026-04-13 | N/A | 9.8 CRITICAL |
| Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability was fixed in Firefox 144 and Thunderbird 144. | |||||
| CVE-2026-24302 | 1 Microsoft | 1 Azure Arc | 2026-04-10 | N/A | 8.6 HIGH |
| Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2023-5042 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2026-04-10 | N/A | 7.5 HIGH |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575. | |||||
| CVE-2023-48677 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2026-04-10 | N/A | 7.8 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575. | |||||
| CVE-2023-44208 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2026-04-10 | N/A | 9.1 CRITICAL |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575. | |||||
| CVE-2023-41743 | 2 Acronis, Microsoft | 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more | 2026-04-10 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575. | |||||
| CVE-2022-46869 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2026-04-10 | N/A | 7.8 HIGH |
| Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis True Image OEM (Windows) before build 42575. | |||||
| CVE-2026-3774 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2026-04-10 | N/A | 4.7 MEDIUM |
| The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen. | |||||
| CVE-2026-26133 | 1 Microsoft | 10 365 Copilot, Edge, Excel and 7 more | 2026-04-09 | N/A | 7.1 HIGH |
| AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2024-0590 | 1 Microsoft | 1 Clarity | 2026-04-08 | N/A | 6.1 MEDIUM |
| The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2026-0385 | 1 Microsoft | 1 Edge Chromium | 2026-04-07 | N/A | 5.0 MEDIUM |
| Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | |||||
| CVE-2026-1243 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2026-04-07 | N/A | 5.4 MEDIUM |
| IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2026-32213 | 1 Microsoft | 1 Azure Ai Foundry | 2026-04-06 | N/A | 10.0 CRITICAL |
| Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2026-32211 | 1 Microsoft | 1 Azure Web Apps | 2026-04-06 | N/A | 9.1 CRITICAL |
| Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-32173 | 1 Microsoft | 1 Azure Sre Agent | 2026-04-06 | N/A | 8.6 HIGH |
| Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-33107 | 1 Microsoft | 1 Azure Databricks | 2026-04-06 | N/A | 10.0 CRITICAL |
| Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | |||||