Filtered by vendor Microsoft
Subscriptions
Total
20990 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38198 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-21 | 7.5 High |
| Windows Print Spooler Elevation of Privilege Vulnerability | ||||
| CVE-2024-38197 | 1 Microsoft | 1 Teams | 2025-05-21 | 6.5 Medium |
| Microsoft Teams for iOS Spoofing Vulnerability | ||||
| CVE-2024-38196 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-21 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38193 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-21 | 7.8 High |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||||
| CVE-2024-38191 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2025-05-21 | 7.8 High |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38184 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-05-21 | 7.8 High |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38178 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-21 | 7.5 High |
| Scripting Engine Memory Corruption Vulnerability | ||||
| CVE-2024-38172 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-05-21 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2024-38161 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2025-05-21 | 6.8 Medium |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | ||||
| CVE-2024-38160 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2025-05-21 | 9.1 Critical |
| Windows Network Virtualization Remote Code Execution Vulnerability | ||||
| CVE-2024-38159 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2025-05-21 | 9.1 Critical |
| Windows Network Virtualization Remote Code Execution Vulnerability | ||||
| CVE-2024-38123 | 1 Microsoft | 1 Windows 11 24h2 | 2025-05-21 | 4.4 Medium |
| Windows Bluetooth Driver Information Disclosure Vulnerability | ||||
| CVE-2024-38108 | 1 Microsoft | 1 Azure Stack Hub | 2025-05-21 | 9.3 Critical |
| Azure Stack Hub Spoofing Vulnerability | ||||
| CVE-2019-1064 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1703, Windows 10 1709 and 8 more | 2025-05-21 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links. | ||||
| CVE-2019-1069 | 1 Microsoft | 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more | 2025-05-21 | 7.8 High |
| An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations. | ||||
| CVE-2024-50919 | 2 Jpress, Microsoft | 2 Jpress, Windows | 2025-05-21 | 9.8 Critical |
| Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution | ||||
| CVE-2022-40082 | 2 Cloudwego, Microsoft | 2 Hertz, Windows | 2025-05-21 | 7.5 High |
| Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function. | ||||
| CVE-2022-40708 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2025-05-20 | 3.3 Low |
| An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707. | ||||
| CVE-2022-2778 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-05-20 | 9.8 Critical |
| In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | ||||
| CVE-2019-1105 | 1 Microsoft | 1 Outlook | 2025-05-20 | N/A |
| A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages. | ||||