Filtered by vendor Microsoft
Subscribe
Total
23438 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-24302 | 1 Microsoft | 1 Azure Arc | 2026-04-10 | N/A | 8.6 HIGH |
| Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2023-5042 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2026-04-10 | N/A | 7.5 HIGH |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575. | |||||
| CVE-2023-48677 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2026-04-10 | N/A | 7.8 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575. | |||||
| CVE-2023-44208 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2026-04-10 | N/A | 9.1 CRITICAL |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575. | |||||
| CVE-2023-41743 | 2 Acronis, Microsoft | 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more | 2026-04-10 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575. | |||||
| CVE-2022-46869 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2026-04-10 | N/A | 7.8 HIGH |
| Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis True Image OEM (Windows) before build 42575. | |||||
| CVE-2026-3774 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2026-04-10 | N/A | 4.7 MEDIUM |
| The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen. | |||||
| CVE-2026-26133 | 1 Microsoft | 10 365 Copilot, Edge, Excel and 7 more | 2026-04-09 | N/A | 7.1 HIGH |
| AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2024-0590 | 1 Microsoft | 1 Clarity | 2026-04-08 | N/A | 6.1 MEDIUM |
| The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2026-0385 | 1 Microsoft | 1 Edge Chromium | 2026-04-07 | N/A | 5.0 MEDIUM |
| Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | |||||
| CVE-2026-1243 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2026-04-07 | N/A | 5.4 MEDIUM |
| IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2026-32213 | 1 Microsoft | 1 Azure Ai Foundry | 2026-04-06 | N/A | 10.0 CRITICAL |
| Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2026-32211 | 1 Microsoft | 1 Azure Web Apps | 2026-04-06 | N/A | 9.1 CRITICAL |
| Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-32173 | 1 Microsoft | 1 Azure Sre Agent | 2026-04-06 | N/A | 8.6 HIGH |
| Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-33107 | 1 Microsoft | 1 Azure Databricks | 2026-04-06 | N/A | 10.0 CRITICAL |
| Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2026-26135 | 1 Microsoft | 1 Azure Custom Locations Resource Provider | 2026-04-06 | N/A | 9.6 CRITICAL |
| Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2026-22561 | 2 Anthropic, Microsoft | 2 Claude, Windows | 2026-04-06 | N/A | 7.8 HIGH |
| Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation, enabling arbitrary code execution if a malicious DLL is planted alongside the installer. | |||||
| CVE-2025-13916 | 3 Ibm, Linux, Microsoft | 3 Aspera Shares, Linux Kernel, Windows | 2026-04-06 | N/A | 5.9 MEDIUM |
| IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | |||||
| CVE-2026-33105 | 1 Microsoft | 1 Azure Kubernetes Service | 2026-04-06 | N/A | 10.0 CRITICAL |
| Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2026-2123 | 2 Microfocus, Microsoft | 2 Operations Agent, Windows | 2026-04-03 | N/A | 7.8 HIGH |
| A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability | |||||