Filtered by vendor Microsoft
Subscribe
Total
22863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30025 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-27 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-30020 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-27 | N/A | 8.1 HIGH |
| Windows Cryptographic Services Remote Code Execution Vulnerability | |||||
| CVE-2024-30018 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-08-27 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-30011 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more | 2025-08-27 | N/A | 6.5 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2022-34704 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-08-27 | N/A | 4.7 MEDIUM |
| Windows Defender Credential Guard Information Disclosure Vulnerability | |||||
| CVE-2025-49385 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2025-08-26 | N/A | 7.8 HIGH |
| Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | |||||
| CVE-2025-49384 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2025-08-26 | N/A | 7.8 HIGH |
| Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | |||||
| CVE-2024-24912 | 2 Checkpoint, Microsoft | 2 Harmony Endpoint, Windows | 2025-08-26 | N/A | 6.7 MEDIUM |
| A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system. | |||||
| CVE-2025-52521 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2025-08-26 | N/A | 7.8 HIGH |
| Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | |||||
| CVE-2022-40732 | 1 Microsoft | 2 Windows 11 21h2, Windows Server 2022 | 2025-08-26 | N/A | 5.0 MEDIUM |
| An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. | |||||
| CVE-2022-40733 | 1 Microsoft | 2 Windows 11 21h2, Windows Server 2022 | 2025-08-26 | N/A | 5.0 MEDIUM |
| An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. | |||||
| CVE-2024-41138 | 1 Microsoft | 1 Teams | 2025-08-26 | N/A | 7.1 HIGH |
| A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | |||||
| CVE-2024-42004 | 1 Microsoft | 1 Teams | 2025-08-26 | N/A | 7.1 HIGH |
| A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | |||||
| CVE-2024-41145 | 1 Microsoft | 1 Teams | 2025-08-26 | N/A | 7.1 HIGH |
| A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | |||||
| CVE-2025-4609 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-08-25 | N/A | 9.6 CRITICAL |
| Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | |||||
| CVE-1999-0468 | 1 Microsoft | 1 Internet Explorer | 2025-08-25 | 2.6 LOW | 8.2 HIGH |
| Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. | |||||
| CVE-2025-53763 | 1 Microsoft | 1 Purview Data Governance | 2025-08-25 | N/A | 9.8 CRITICAL |
| Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-53795 | 1 Microsoft | 1 Pc Manager | 2025-08-25 | N/A | 9.1 CRITICAL |
| Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-55231 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more | 2025-08-25 | N/A | 7.5 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2024-47810 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-25 | N/A | 8.8 HIGH |
| A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||