Filtered by vendor Microsoft
Subscribe
Total
22938 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2441 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-18 | N/A | 8.8 HIGH |
| Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2008-0015 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2026-02-17 | 9.3 HIGH | 8.8 HIGH |
| Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." | |||||
| CVE-2025-26637 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 22h2 and 9 more | 2026-02-16 | N/A | 6.8 MEDIUM |
| Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||||
| CVE-2025-32709 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-02-13 | N/A | 7.8 HIGH |
| Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-24054 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-02-13 | N/A | 6.5 MEDIUM |
| External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-59213 | 1 Microsoft | 3 Configuration Manager 2403, Configuration Manager 2409, Configuration Manager 2503 | 2026-02-13 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network. | |||||
| CVE-2025-48823 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2026-02-13 | N/A | 5.9 MEDIUM |
| Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-47964 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | N/A | 5.4 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2025-47963 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | N/A | 6.3 MEDIUM |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-47732 | 1 Microsoft | 1 Dataverse | 2026-02-13 | N/A | 8.7 HIGH |
| Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-47176 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2026-02-13 | N/A | 7.8 HIGH |
| '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. | |||||
| CVE-2025-29972 | 1 Microsoft | 1 Azure Storage Resource Provider | 2026-02-13 | N/A | 9.9 CRITICAL |
| Server-side request forgery (ssrf) in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network. | |||||
| CVE-2025-29813 | 1 Microsoft | 1 Azure Devops | 2026-02-13 | N/A | 10.0 CRITICAL |
| Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-26647 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-02-13 | N/A | 8.8 HIGH |
| Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-21389 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-02-13 | N/A | 7.5 HIGH |
| Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-21300 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-02-13 | N/A | 7.5 HIGH |
| Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability | |||||
| CVE-2025-67706 | 3 Esri, Linux, Microsoft | 3 Arcgis Server, Linux Kernel, Windows | 2026-02-13 | N/A | 5.6 MEDIUM |
| ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files, which allows remote attackers to upload arbitrary files. However, exploitation is constrained by server-side controls that prevent execution of uploaded content and do not allow modification of existing application files or system configurations. As a result, successful exploitation would have a low impact on confidentiality, integrity, and availability, and would not enable service disruption, privilege escalation, or unauthorized access to sensitive data. | |||||
| CVE-2024-25709 | 3 Esri, Linux, Microsoft | 3 Portal For Arcgis, Linux Kernel, Windows | 2026-02-13 | N/A | 6.1 MEDIUM |
| There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, which could potentially execute arbitrary JavaScript code in a victim’s browser. Exploitation does not require any privileges and can be performed by an anonymous user. | |||||
| CVE-2024-25705 | 3 Esri, Linux, Microsoft | 3 Portal For Arcgis, Linux Kernel, Windows | 2026-02-13 | N/A | 5.4 MEDIUM |
| There is a cross‑site scripting (XSS) vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Windows and Linux that allows a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s browser. Exploitation requires basic authenticated access but does not require elevated or administrative privileges, indicating low privileges are required. | |||||
| CVE-2024-51954 | 3 Esri, Linux, Microsoft | 3 Arcgis Server, Linux Kernel, Windows | 2026-02-13 | N/A | 8.5 HIGH |
| There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under unique circumstances, could allow a remote, low‑privileged authenticated attacker to access secure services published to a standalone (unfederated) ArcGIS Server instance. Successful exploitation results in unauthorized access to protected services outside the attacker’s originally assigned authorization boundary, constituting a scope change. If exploited, this issue would have a high impact on confidentiality, a low impact on integrity, and no impact on the availability of the software. | |||||