Lucene search
K
MscveMost viewed

21727 matches found

Microsoft CVE
Microsoft CVE
added 2019/12/10 8:0 a.m.49 views

Microsoft SQL Server Reporting Services XSS Vulnerability

A cross-site scripting XSS vulnerability exists when Microsoft SQL Server Reporting Services SSRS does not properly sanitize a specially-crafted web request to an affected SSRS server. An attacker who successfully exploited the vulnerability could run scripts in the context of the targeted user...

6.1CVSS2.9AI score0.07226EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2019/06/11 7:0 a.m.49 views

Bluetooth Low Energy Advisory

Executive Summary Microsoft is aware of an issue that affects the Bluetooth Low Energy BLE version of FIDO Security Keys. Due to a misconfiguration in the Bluetooth pairing protocols, it is possible for an attacker who is physically close to a user at the moment he/she uses the security key to...

8.8CVSS7.5AI score0.00332EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/06/11 7:0 a.m.49 views

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows AppX Deployment Service AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To...

7.8CVSS3.4AI score0.06886EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2019/01/15 8:0 a.m.49 views

Skype for Business and Lync Spoofing Vulnerability

A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected server. The attacker who successfully exploited...

5.4CVSS1.3AI score0.01461EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/11/13 8:0 a.m.49 views

Windows Deployment Services TFTP Server Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an...

10CVSS3.2AI score0.63294EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/11/13 8:0 a.m.49 views

Windows Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data...

7.8CVSS3AI score0.03023EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/08/14 7:0 a.m.49 views

Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code...

5.3CVSS3.6AI score0.01412EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/06/13 7:0 a.m.50 views

Microsoft Guidance for Lazy FP State Restore

Executive summary On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities known as Spectre and Meltdown involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. On June 13...

5.6CVSS6.7AI score0.00611EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/03/13 7:0 a.m.49 views

Windows Remote Assistance Information Disclosure Vulnerability

An information disclosure vulnerability exists when Windows Remote Assistance incorrectly processes XML External Entities XXE. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this condition, an attacker would ne...

3.1CVSS1.1AI score0.21899EPSS
Exploits4
Microsoft CVE
Microsoft CVE
added 2017/11/14 8:0 a.m.49 views

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests. The vulnerability allows Microsoft Edge to bypass Cross-Origin Resource Sharing CORS redirect restrictions, and to follow redirect requests that should otherwise be ignored. An attacker who...

6.5CVSS1.4AI score0.07245EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/11/14 8:0 a.m.49 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS1.5AI score0.07979EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/09/12 7:0 a.m.49 views

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy CSP fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. To exploit the bypas...

4.2CVSS5.6AI score0.03455EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/09/12 7:0 a.m.49 views

Microsoft Browser Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

7.6CVSS3.9AI score0.09202EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/09/12 7:0 a.m.49 views

Microsoft Exchange Server Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access OWA fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive...

6.1CVSS1.6AI score0.03383EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/11/08 8:0 a.m.49 views

SQL RDBMS Engine Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft SQL Server when it improperly handles pointer casting. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database. An attacker who successfully exploited this vulnerability...

8.8CVSS3AI score0.11895EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/09/13 7:0 a.m.49 views

Oracle Outside In Vulnerabilities

This security update addresses the following vulnerabilities, which are described in Oracle Critical Patch Update Advisory – July 2016 Remote Code Execution: CVE-2016-3575, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3595, CVE-2016-3594, CVE-2015-6014, CVE-2016-3593, CVE-2016-3592,...

10CVSS7.4AI score0.08383EPSS
Exploits17
Microsoft CVE
Microsoft CVE
added 2016/05/10 7:0 a.m.49 views

Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. An...

7.8CVSS2.1AI score0.01497EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/04/03 5:47 p.m.48 views

Chromium: CVE-2025-3074 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

5.4CVSS6.9AI score0.00254EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/03/11 7:0 a.m.48 views

Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability

Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally...

6.7CVSS7.1AI score0.00418EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/10/08 7:0 a.m.48 views

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

...

8.8CVSS7.1AI score0.0138EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/10/08 7:0 a.m.48 views

Windows Hyper-V Security Feature Bypass Vulnerability

...

7.1CVSS7.1AI score0.00902EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/08/13 7:0 a.m.48 views

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

...

9.8CVSS9.6AI score0.0381EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/04/04 4:11 p.m.48 views

Chromium: CVE-2024-3159 Out of bounds memory access in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.7AI score0.01599EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/03/12 7:0 a.m.48 views

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

...

5.5CVSS7.1AI score0.11368EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/02/29 8:4 p.m.48 views

Chromium: CVE-2024-1939 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS9AI score0.02557EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2024/01/25 8:0 a.m.48 views

Chromium: CVE-2024-0806 Use after free in Passwords

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS9AI score0.00448EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/01/11 8:0 a.m.48 views

Adobe Systems Incorporated: CVE-2024-20721 Improper Input Validation Denial of Service Vulnerability

...

5.5CVSS7AI score0.0072EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/01/09 8:0 a.m.48 views

Microsoft Office Remote Code Execution Vulnerability

A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have acces...

7.8CVSS7.9AI score0.0326EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/01/05 5:8 p.m.48 views

Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.5AI score0.10114EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/11/14 8:0 a.m.48 views

ASP.NET Security Feature Bypass Vulnerability

...

8.8CVSS7.3AI score0.02652EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/11/14 8:0 a.m.48 views

Windows Authentication Denial of Service Vulnerability

...

7.1CVSS7.3AI score0.00686EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/11/10 8:0 a.m.48 views

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

...

7.1CVSS7.3AI score0.01121EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/11/02 7:0 a.m.48 views

Chromium: CVE-2023-5480 Inappropriate implementation in Payments

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.1CVSS7.1AI score0.011EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/10/10 7:0 a.m.48 views

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

...

7.3CVSS7.7AI score0.00967EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/10/10 7:0 a.m.48 views

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

...

8.1CVSS7.1AI score0.01256EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/08/08 7:0 a.m.48 views

Microsoft Office Remote Code Execution Vulnerability

...

7.8CVSS8.3AI score0.01084EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/07/21 7:0 a.m.48 views

Chromium: CVE-2023-3732 Out of bounds memory access in Mojo

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.4AI score0.01002EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/07/11 7:0 a.m.48 views

Windows Image Acquisition Elevation of Privilege Vulnerability

...

7.8CVSS8.7AI score0.00488EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/05/09 7:0 a.m.48 views

Win32k Elevation of Privilege Vulnerability

...

7.8CVSS8.7AI score0.40919EPSS
Exploits3
Microsoft CVE
Microsoft CVE
added 2023/05/09 7:0 a.m.48 views

Microsoft SharePoint Server Remote Code Execution Vulnerability

...

7.2CVSS7.2AI score0.85395EPSS
Exploits7
Microsoft CVE
Microsoft CVE
added 2023/04/11 7:0 a.m.48 views

Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability

...

8.8CVSS8.6AI score0.0166EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/04/11 7:0 a.m.48 views

Windows Lock Screen Security Feature Bypass Vulnerability

...

6.8CVSS7.6AI score0.00544EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/03/14 7:0 a.m.48 views

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

...

5.4CVSS6.3AI score0.00609EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/03/14 7:0 a.m.48 views

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

...

8.8CVSS9AI score0.01289EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/03/14 7:0 a.m.48 views

Windows HTTP.sys Elevation of Privilege Vulnerability

...

7.8CVSS8.7AI score0.0795EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/03/14 7:0 a.m.48 views

Remote Procedure Call Runtime Remote Code Execution Vulnerability

...

8.1CVSS8.9AI score0.01002EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/02/14 8:0 a.m.48 views

MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a...

3.1CVSS6.5AI score0.07709EPSS
Exploits7
Microsoft CVE
Microsoft CVE
added 2023/02/09 8:57 p.m.48 views

Chromium: CVE-2023-0702 Type Confusion in Data Transfer

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.4AI score0.00715EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2022/12/13 8:0 a.m.48 views

Microsoft Outlook for Mac Spoofing Vulnerability

...

7.5CVSS8.2AI score0.01488EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2022/12/05 8:0 a.m.48 views

Chromium: CVE-2022-4190 Insufficient data validation in Directory

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.4AI score0.00662EPSS
Exploits0
Total number of security vulnerabilities5000