Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2316 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-13 | N/A | 6.5 MEDIUM |
|
Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2026-2315 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-13 | N/A | 8.8 HIGH |
|
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2026-2314 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-13 | N/A | 8.8 HIGH |
|
Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2026-2313 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-13 | N/A | 8.8 HIGH |
|
Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2026-2320 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-13 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2026-2322 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-13 | N/A | 5.4 MEDIUM |
|
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2026-2323 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-13 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-49756 | 1 Microsoft | 1 365 Apps | 2026-02-13 | N/A | 3.3 LOW |
|
Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.
|
|||||
| CVE-2025-49737 | 1 Microsoft | 1 Teams | 2026-02-13 | N/A | 7.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-49735 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2026-02-13 | N/A | 8.1 HIGH |
|
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-49731 | 1 Microsoft | 1 Teams | 2026-02-13 | N/A | 3.1 LOW |
|
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2024-43468 | 1 Microsoft | 3 Configuration Manager 2403, Configuration Manager 2409, Configuration Manager 2503 | 2026-02-13 | N/A | 9.8 CRITICAL |
|
Microsoft Configuration Manager Remote Code Execution Vulnerability
|
|||||
| CVE-2020-0919 | 1 Microsoft | 1 Windows App | 2026-02-12 | 4.6 MEDIUM | 7.8 HIGH |
|
An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'.
|
|||||
| CVE-2026-24300 | 1 Microsoft | 1 Azure Front Door | 2026-02-12 | N/A | 9.8 CRITICAL |
|
Azure Front Door Elevation of Privilege Vulnerability
|
|||||
| CVE-2026-21532 | 1 Microsoft | 1 Azure Functions | 2026-02-12 | N/A | 8.2 HIGH |
|
Azure Function Information Disclosure Vulnerability
|
|||||
| CVE-2026-24302 | 1 Microsoft | 1 Azure Arc | 2026-02-12 | N/A | 8.6 HIGH |
|
Azure Arc Elevation of Privilege Vulnerability
|
|||||
| CVE-2026-20960 | 1 Microsoft | 1 Power Apps | 2026-02-12 | N/A | 8.0 HIGH |
|
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.
|
|||||
| CVE-2026-21218 | 3 Apple, Linux, Microsoft | 4 Macos, Linux Kernel, .net and 1 more | 2026-02-12 | N/A | 7.5 HIGH |
|
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-24307 | 1 Microsoft | 1 365 Copilot | 2026-02-12 | N/A | 9.3 CRITICAL |
|
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2026-24304 | 1 Microsoft | 1 Azure Resource Manager | 2026-02-12 | N/A | 9.9 CRITICAL |
|
Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2025-30398 | 1 Microsoft | 1 Nuance Powerscribe One | 2026-02-12 | N/A | 8.1 HIGH |
|
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2026-21508 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-12 | N/A | 7.0 HIGH |
|
Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21531 | 1 Microsoft | 1 Azure Conversation Authoring Client Library | 2026-02-12 | N/A | 9.8 CRITICAL |
|
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2026-21537 | 1 Microsoft | 1 Defender For Endpoint | 2026-02-11 | N/A | 8.8 HIGH |
|
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
|
|||||
| CVE-2026-21527 | 1 Microsoft | 1 Exchange Server | 2026-02-11 | N/A | 6.5 MEDIUM |
|
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-21523 | 1 Microsoft | 1 Visual Studio Code | 2026-02-11 | N/A | 8.0 HIGH |
|
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
|
|||||
| CVE-2026-21516 | 1 Microsoft | 1 Github Copilot | 2026-02-11 | N/A | 8.8 HIGH |
|
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2026-21512 | 1 Microsoft | 1 Azure Devops Server | 2026-02-11 | N/A | 6.5 MEDIUM |
|
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-21256 | 1 Microsoft | 1 Visual Studio 2022 | 2026-02-11 | N/A | 8.8 HIGH |
|
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2026-21222 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-02-11 | N/A | 5.5 MEDIUM |
|
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2026-21229 | 1 Microsoft | 1 Power Bi Report Server | 2026-02-11 | N/A | 8.0 HIGH |
|
Improper input validation in Power BI allows an authorized attacker to execute code over a network.
|
|||||
| CVE-2026-21231 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21232 | 1 Microsoft | 5 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 and 2 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21234 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2026-02-11 | N/A | 7.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21235 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2026-02-11 | N/A | 7.3 HIGH |
|
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21236 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21237 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 23h2 and 5 more | 2026-02-11 | N/A | 7.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21238 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21239 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21240 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
|
|||||