Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-21522 | 1 Microsoft | 1 Confcom | 2026-02-11 | N/A | 6.7 MEDIUM |
|
Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-1861 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-11 | N/A | 8.8 HIGH |
|
Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2026-21332 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-11 | N/A | 5.5 MEDIUM |
|
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21357 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21358 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-11 | N/A | 5.5 MEDIUM |
|
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21329 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21330 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21318 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21319 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 5.5 MEDIUM |
|
After Effects versions 25.6 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21320 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21321 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21322 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21323 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21324 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21325 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21326 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21327 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21328 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21350 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 5.5 MEDIUM |
|
After Effects versions 25.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21351 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21343 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21344 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21345 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21346 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21347 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21342 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21341 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2026-02-11 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21510 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-11 | N/A | 8.8 HIGH |
|
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
|
|||||
| CVE-2026-21519 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2026-21514 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2026-02-11 | N/A | 7.8 HIGH |
|
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
|
|||||
| CVE-2026-21525 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-11 | N/A | 6.2 MEDIUM |
|
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
|
|||||
| CVE-2026-21509 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-02-11 | N/A | 7.8 HIGH |
|
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
|
|||||
| CVE-2026-21513 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-11 | N/A | 8.8 HIGH |
|
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
|
|||||
| CVE-2026-21533 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-11 | N/A | 7.8 HIGH |
|
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-64676 | 1 Microsoft | 1 Purview | 2026-02-10 | N/A | 7.2 HIGH |
|
'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.
|
|||||
| CVE-2025-59282 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2026-02-10 | N/A | 7.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58740 | 2 Microsoft, Milner | 2 Windows, Imagedirector Capture | 2026-02-10 | N/A | 5.5 MEDIUM |
|
The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable.
This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.
|
|||||
| CVE-2025-58742 | 2 Microsoft, Milner | 2 Windows, Imagedirector Capture | 2026-02-10 | N/A | 5.9 MEDIUM |
|
Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the 'Server' field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.
|
|||||
| CVE-2025-58744 | 2 Microsoft, Milner | 2 Windows, Imagedirector Capture | 2026-02-10 | N/A | 7.5 HIGH |
|
Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in
Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.
This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.
|
|||||
| CVE-2025-58743 | 2 Microsoft, Milner | 2 Windows, Imagedirector Capture | 2026-02-10 | N/A | 7.5 HIGH |
|
Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability
in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.
|
|||||