Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-16964 | 1 Microsoft | 5 Windows 10, Windows 7, Windows Server 2008 and 2 more | 2025-08-28 | 7.2 HIGH | 7.8 HIGH |
|
Windows Backup Engine Elevation of Privilege Vulnerability
|
|||||
| CVE-2020-16963 | 1 Microsoft | 5 Windows 10, Windows 7, Windows Server 2008 and 2 more | 2025-08-28 | 7.2 HIGH | 7.8 HIGH |
|
Windows Backup Engine Elevation of Privilege Vulnerability
|
|||||
| CVE-2020-16962 | 1 Microsoft | 5 Windows 10, Windows 7, Windows Server 2008 and 2 more | 2025-08-28 | 7.2 HIGH | 7.8 HIGH |
|
Windows Backup Engine Elevation of Privilege Vulnerability
|
|||||
| CVE-2020-16961 | 1 Microsoft | 5 Windows 10, Windows 7, Windows Server 2008 and 2 more | 2025-08-28 | 7.2 HIGH | 7.8 HIGH |
|
Windows Backup Engine Elevation of Privilege Vulnerability
|
|||||
| CVE-2020-16960 | 1 Microsoft | 5 Windows 10, Windows 7, Windows Server 2008 and 2 more | 2025-08-28 | 7.2 HIGH | 7.8 HIGH |
|
Windows Backup Engine Elevation of Privilege Vulnerability
|
|||||
| CVE-2020-16959 | 1 Microsoft | 5 Windows 10, Windows 7, Windows Server 2008 and 2 more | 2025-08-28 | 7.2 HIGH | 7.8 HIGH |
|
Windows Backup Engine Elevation of Privilege Vulnerability
|
|||||
| CVE-2020-16958 | 1 Microsoft | 5 Windows 10, Windows 7, Windows Server 2008 and 2 more | 2025-08-28 | 7.2 HIGH | 7.8 HIGH |
|
Windows Backup Engine Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-41234 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-08-28 | N/A | 5.0 MEDIUM |
|
NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-42773 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-08-28 | N/A | 8.8 HIGH |
|
Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-45217 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-08-28 | N/A | 8.8 HIGH |
|
Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-45315 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-08-28 | N/A | 5.5 MEDIUM |
|
Improper initialization in some Intel(R) Power Gadget software for Windwos all versions may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-45736 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-08-28 | N/A | 6.7 MEDIUM |
|
Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-46691 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-08-28 | N/A | 7.9 HIGH |
|
Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-45673 | 3 Ibm, Linux, Microsoft | 5 Security Verify Bridge Directory Sync, Security Verify Gateway For Radius, Security Verify Gateway For Windows Login and 2 more | 2025-08-27 | N/A | 5.5 MEDIUM |
|
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user.
|
|||||
| CVE-2024-30039 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-27 | N/A | 5.5 MEDIUM |
|
Windows Remote Access Connection Manager Information Disclosure Vulnerability
|
|||||
| CVE-2024-30030 | 1 Microsoft | 1 Windows Server 2008 | 2025-08-27 | N/A | 7.8 HIGH |
|
Win32k Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-30025 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-27 | N/A | 7.8 HIGH |
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-30020 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-27 | N/A | 8.1 HIGH |
|
Windows Cryptographic Services Remote Code Execution Vulnerability
|
|||||
| CVE-2024-30018 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-08-27 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-30011 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more | 2025-08-27 | N/A | 6.5 MEDIUM |
|
Windows Hyper-V Denial of Service Vulnerability
|
|||||
| CVE-2022-34704 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-08-27 | N/A | 4.7 MEDIUM |
|
Windows Defender Credential Guard Information Disclosure Vulnerability
|
|||||
| CVE-2025-49385 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2025-08-26 | N/A | 7.8 HIGH |
|
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
|
|||||
| CVE-2025-49384 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2025-08-26 | N/A | 7.8 HIGH |
|
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
|
|||||
| CVE-2024-24912 | 2 Checkpoint, Microsoft | 2 Harmony Endpoint, Windows | 2025-08-26 | N/A | 6.7 MEDIUM |
|
A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.
|
|||||
| CVE-2025-52521 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2025-08-26 | N/A | 7.8 HIGH |
|
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
|
|||||
| CVE-2022-40732 | 1 Microsoft | 2 Windows 11 21h2, Windows Server 2022 | 2025-08-26 | N/A | 5.0 MEDIUM |
|
An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.
|
|||||
| CVE-2022-40733 | 1 Microsoft | 2 Windows 11 21h2, Windows Server 2022 | 2025-08-26 | N/A | 5.0 MEDIUM |
|
An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.
|
|||||
| CVE-2024-41138 | 1 Microsoft | 1 Teams | 2025-08-26 | N/A | 7.1 HIGH |
|
A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
|
|||||
| CVE-2024-42004 | 1 Microsoft | 1 Teams | 2025-08-26 | N/A | 7.1 HIGH |
|
A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
|
|||||
| CVE-2024-41145 | 1 Microsoft | 1 Teams | 2025-08-26 | N/A | 7.1 HIGH |
|
A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
|
|||||
| CVE-2025-4609 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-08-25 | N/A | 9.6 CRITICAL |
|
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
|
|||||
| CVE-1999-0468 | 1 Microsoft | 1 Internet Explorer | 2025-08-25 | 2.6 LOW | 8.2 HIGH |
|
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.
|
|||||
| CVE-2025-53763 | 1 Microsoft | 1 Purview Data Governance | 2025-08-25 | N/A | 9.8 CRITICAL |
|
Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
|
|||||
| CVE-2025-53795 | 1 Microsoft | 1 Pc Manager | 2025-08-25 | N/A | 9.1 CRITICAL |
|
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.
|
|||||
| CVE-2025-55231 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more | 2025-08-25 | N/A | 7.5 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2024-47810 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-25 | N/A | 8.8 HIGH |
|
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enab ...
Show More |
|||||
| CVE-2024-49576 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-25 | N/A | 8.8 HIGH |
|
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin exten ...
Show More |
|||||
| CVE-2024-38864 | 2 Checkmk, Microsoft | 2 Checkmk, Windows | 2025-08-25 | N/A | 3.3 LOW |
|
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.
|
|||||
| CVE-2024-41159 | 1 Microsoft | 1 Onenote | 2025-08-25 | N/A | 7.1 HIGH |
|
A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
|
|||||
| CVE-2024-39804 | 1 Microsoft | 1 Powerpoint | 2025-08-25 | N/A | 7.1 HIGH |
|
A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
|
|||||