Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-21241 | 1 Microsoft | 6 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 and 3 more | 2026-02-11 | N/A | 7.0 HIGH |
|
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21242 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 23h2 and 5 more | 2026-02-11 | N/A | 7.0 HIGH |
|
Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21247 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-02-11 | N/A | 7.3 HIGH |
|
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
|
|||||
| CVE-2026-21245 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows Server 2025 | 2026-02-11 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21244 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-02-11 | N/A | 7.3 HIGH |
|
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
|
|||||
| CVE-2026-21243 | 1 Microsoft | 4 Windows Server 2019, Windows Server 2022, Windows Server 2022 23h2 and 1 more | 2026-02-11 | N/A | 7.5 HIGH |
|
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
|
|||||
| CVE-2026-21246 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-20846 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-11 | N/A | 7.5 HIGH |
|
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
|
|||||
| CVE-2026-23571 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-02-11 | N/A | 6.8 MEDIUM |
|
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field. Users of 1E Client version 24.5 or higher are not affected.
|
|||||
| CVE-2026-23570 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-02-11 | N/A | 6.5 MEDIUM |
|
A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged or nonsensical datetime prefixes and compromising log integrity and forensic correlation.
|
|||||
| CVE-2026-21248 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-02-11 | N/A | 7.3 HIGH |
|
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
|
|||||
| CVE-2026-23569 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-02-11 | N/A | 6.5 MEDIUM |
|
An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used to bypass ASLR remotely and facilitate exploitation of other vulnerabilities on the affected system.
|
|||||
| CVE-2026-23568 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-02-11 | N/A | 5.4 MEDIUM |
|
An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation.
|
|||||
| CVE-2026-23567 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-02-11 | N/A | 6.5 MEDIUM |
|
An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to trigger a heap-based buffer overflow and cause a denial-of-service (service crash) via specially crafted UDP packets.
|
|||||
| CVE-2026-21255 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-02-11 | N/A | 8.8 HIGH |
|
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
|
|||||
| CVE-2026-21249 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-11 | N/A | 3.3 LOW |
|
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
|
|||||
| CVE-2026-21250 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows Server 2022 23h2 and 1 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21257 | 1 Microsoft | 1 Visual Studio 2022 | 2026-02-11 | N/A | 8.0 HIGH |
|
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2026-21251 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-23566 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-02-11 | N/A | 6.5 MEDIUM |
|
A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via crafted data sent to the UDP network handler. This can impact log integrity and nonrepudiation.
|
|||||
| CVE-2026-21253 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-11 | N/A | 7.0 HIGH |
|
Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-63372 | 2 Articentgroup, Microsoft | 2 Zip Rar Extractor Tool, Windows | 2026-02-11 | N/A | 4.3 MEDIUM |
|
Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents.
|
|||||
| CVE-2026-23565 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-02-11 | N/A | 6.5 MEDIUM |
|
A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the NomadBranch.exe process to terminate via crafted requests. This can result in a denial-of-service condition of the Content Distribution Service.
|
|||||
| CVE-2026-23564 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-02-11 | N/A | 6.5 MEDIUM |
|
A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive information.
|
|||||
| CVE-2026-23563 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-02-11 | N/A | 5.7 MEDIUM |
|
Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes.
|
|||||
| CVE-2026-21258 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2026-02-11 | N/A | 5.5 MEDIUM |
|
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
|
|||||
| CVE-2026-21259 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21260 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2026-02-11 | N/A | 7.5 HIGH |
|
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-21261 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2026-02-11 | N/A | 5.5 MEDIUM |
|
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
|
|||||
| CVE-2026-21511 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2026-02-11 | N/A | 7.5 HIGH |
|
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-21529 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | N/A | 5.7 MEDIUM |
|
Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.
|
|||||
| CVE-2023-35393 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | N/A | 4.5 MEDIUM |
|
Azure Apache Hive Spoofing Vulnerability
|
|||||
| CVE-2023-36419 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | N/A | 8.8 HIGH |
|
Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36877 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | N/A | 4.5 MEDIUM |
|
Azure Apache Oozie Spoofing Vulnerability
|
|||||
| CVE-2023-36881 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | N/A | 4.5 MEDIUM |
|
Azure Apache Ambari Spoofing Vulnerability
|
|||||
| CVE-2023-35394 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | N/A | 4.6 MEDIUM |
|
Azure HDInsight Jupyter Notebook Spoofing Vulnerability
|
|||||
| CVE-2023-38188 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | N/A | 4.5 MEDIUM |
|
Azure Apache Hadoop Spoofing Vulnerability
|
|||||
| CVE-2023-38156 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | N/A | 7.2 HIGH |
|
Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-23408 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | N/A | 4.5 MEDIUM |
|
Azure Apache Ambari Spoofing Vulnerability
|
|||||
| CVE-2026-1862 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-11 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||