Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36761 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-10-28 | N/A | 6.5 MEDIUM |
|
Microsoft Word Information Disclosure Vulnerability
|
|||||
| CVE-2023-36802 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2025-10-28 | N/A | 7.8 HIGH |
|
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36874 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-10-28 | N/A | 7.8 HIGH |
|
Windows Error Reporting Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36884 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-10-28 | N/A | 7.5 HIGH |
|
Windows Search Remote Code Execution Vulnerability
|
|||||
| CVE-2023-38180 | 2 Fedoraproject, Microsoft | 4 Fedora, .net, Asp.net Core and 1 more | 2025-10-28 | N/A | 7.5 HIGH |
|
.NET and Visual Studio Denial of Service Vulnerability
|
|||||
| CVE-2023-41763 | 1 Microsoft | 1 Skype For Business Server | 2025-10-28 | N/A | 5.3 MEDIUM |
|
Skype for Business Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-24955 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-10-28 | N/A | 7.2 HIGH |
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-28229 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-28 | N/A | 7.0 HIGH |
|
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-28252 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-28 | N/A | 7.8 HIGH |
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-29336 | 1 Microsoft | 5 Windows 10 1507, Windows 10 1607, Windows Server 2008 and 2 more | 2025-10-28 | N/A | 7.8 HIGH |
|
Win32k Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-29357 | 1 Microsoft | 1 Sharepoint Server | 2025-10-28 | N/A | 9.8 CRITICAL |
|
Microsoft SharePoint Server Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-29360 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2025-10-28 | N/A | 8.4 HIGH |
|
Microsoft Streaming Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-32046 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-10-28 | N/A | 7.8 HIGH |
|
Windows MSHTML Platform Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-32049 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2025-10-28 | N/A | 8.8 HIGH |
|
Windows SmartScreen Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-35311 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-10-28 | N/A | 8.8 HIGH |
|
Microsoft Outlook Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-36025 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-28 | N/A | 8.8 HIGH |
|
Windows SmartScreen Security Feature Bypass Vulnerability
|
|||||
| CVE-2018-8589 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-10-28 | 7.2 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
|
|||||
| CVE-2025-59273 | 1 Microsoft | 1 Azure Event Grid | 2025-10-28 | N/A | 7.3 HIGH |
|
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
|
|||||
| CVE-2025-59275 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-27 | N/A | 7.8 HIGH |
|
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-59277 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-27 | N/A | 7.8 HIGH |
|
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-59278 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-27 | N/A | 7.8 HIGH |
|
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-59284 | 1 Microsoft | 5 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 2 more | 2025-10-27 | N/A | 3.3 LOW |
|
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
|
|||||
| CVE-2025-59285 | 1 Microsoft | 1 Azure Monitor Agent | 2025-10-27 | N/A | 7.0 HIGH |
|
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2023-23376 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-27 | N/A | 7.8 HIGH |
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-23397 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-10-27 | N/A | 9.8 CRITICAL |
|
Microsoft Outlook Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-29824 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-27 | N/A | 7.8 HIGH |
|
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2023-24880 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 7 more | 2025-10-27 | N/A | 4.4 MEDIUM |
|
Windows SmartScreen Security Feature Bypass Vulnerability
|
|||||
| CVE-2025-24983 | 1 Microsoft | 5 Windows 10 1507, Windows 10 1607, Windows Server 2008 and 2 more | 2025-10-27 | N/A | 7.0 HIGH |
|
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-24984 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-27 | N/A | 4.6 MEDIUM |
|
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
|
|||||
| CVE-2025-24985 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-27 | N/A | 7.8 HIGH |
|
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-24989 | 1 Microsoft | 1 Power Pages | 2025-10-27 | N/A | 8.2 HIGH |
|
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vuln ...
Show More |
|||||
| CVE-2025-24991 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-27 | N/A | 5.5 MEDIUM |
|
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2025-24993 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-27 | N/A | 7.8 HIGH |
|
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-30397 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-27 | N/A | 7.5 HIGH |
|
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-30400 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-10-27 | N/A | 7.8 HIGH |
|
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-26633 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-27 | N/A | 7.0 HIGH |
|
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
|
|||||
| CVE-2025-21334 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 4 more | 2025-10-27 | N/A | 7.8 HIGH |
|
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21335 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 4 more | 2025-10-27 | N/A | 7.8 HIGH |
|
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21391 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-27 | N/A | 7.1 HIGH |
|
Windows Storage Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21418 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-10-27 | N/A | 7.8 HIGH |
|
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
|
|||||