Filtered by vendor Microsoft
Subscriptions
Total
21019 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35773 | 1 Microsoft | 1 Azure Real Time Operating System Guix Studio | 2025-05-29 | 7.8 High |
| Azure RTOS GUIX Studio Remote Code Execution Vulnerability | ||||
| CVE-2022-23766 | 2 Bigfile, Microsoft | 2 Bigfileagent, Windows | 2025-05-29 | 7.8 High |
| An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website. | ||||
| CVE-2024-21413 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-05-29 | 9.8 Critical |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2025-24054 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-29 | 6.5 Medium |
| External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-24985 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-29 | 7.8 High |
| Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. | ||||
| CVE-2024-21382 | 2 Google, Microsoft | 2 Android, Edge Chromium | 2025-05-29 | 4.3 Medium |
| Microsoft Edge for Android Information Disclosure Vulnerability | ||||
| CVE-2024-21385 | 1 Microsoft | 1 Edge Chromium | 2025-05-29 | 8.3 High |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
| CVE-2024-23940 | 2 Microsoft, Trendmicro | 6 Windows, Air Support, Antivirus \+ Security and 3 more | 2025-05-29 | 7.8 High |
| Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. | ||||
| CVE-2023-4554 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2025-05-29 | 4.9 Medium |
| Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2. | ||||
| CVE-2024-21388 | 1 Microsoft | 1 Edge Chromium | 2025-05-29 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
| CVE-2025-21224 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-05-29 | 8.1 High |
| Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | ||||
| CVE-2014-1776 | 1 Microsoft | 11 Internet Explorer, Windows 7, Windows 8 and 8 more | 2025-05-29 | 9.8 Critical |
| Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks." | ||||
| CVE-2025-34028 | 3 Commvault, Linux, Microsoft | 3 Commvault, Linux Kernel, Windows | 2025-05-29 | 10 Critical |
| The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affects Command Center Innovation Release: 11.38.0 to 11.38.20. The vulnerability is fixed in 11.38.20 with SP38-CU20-433 and SP38-CU20-436 and also fixed in 11.38.25 with SP38-CU25-434 and SP38-CU25-438. | ||||
| CVE-2023-48695 | 1 Microsoft | 1 Azure Rtos Usbx | 2025-05-29 | 7.2 High |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-3928 | 3 Commvault, Linux, Microsoft | 3 Commvault, Linux Kernel, Windows | 2025-05-28 | 8.8 High |
| Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28. | ||||
| CVE-2022-29800 | 1 Microsoft | 1 Windows Defender For Endpoint | 2025-05-28 | 4.7 Medium |
| A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not. | ||||
| CVE-2023-29336 | 1 Microsoft | 5 Windows 10 1507, Windows 10 1607, Windows Server 2008 and 2 more | 2025-05-27 | 7.8 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2022-29799 | 1 Microsoft | 1 Windows Defender For Endpoint | 2025-05-27 | 5.5 Medium |
| A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory. | ||||
| CVE-2023-32214 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2025-05-27 | 7.5 High |
| Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | ||||
| CVE-2024-24278 | 2 Microsoft, Teamwire | 2 Windows, Teamwire | 2025-05-23 | 7.5 High |
| An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function. | ||||