21762 matches found
Windows Media Remote Code Execution Vulnerability
...
Visual Studio Code Remote Code Execution Vulnerability
...
Chromium: CVE-2021-30518 Heap buffer overflow in Reader Mode
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Remote Procedure Call Runtime Remote Code Execution Vulnerability
...
Windows App-V Overlay Filter Elevation of Privilege Vulnerability
...
Windows Update Service Elevation of Privilege Vulnerability
...
Microsoft Office Remote Code Execution Vulnerability
...
Windows Hyper-V Denial of Service Vulnerability
...
Windows (modem.sys) Information Disclosure Vulnerability
...
Windows Network Connections Service Elevation of Privilege Vulnerability
...
Microsoft SharePoint Server Spoofing Vulnerability
...
Microsoft Excel Remote Code Execution Vulnerability
...
HEVC Video Extensions Remote Code Execution Vulnerability
...
Windows Enterprise App Management Service Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could read arbitrary files. An attacker with unprivileged access to a vulnerable system could...
Windows State Repository Service Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An attacker could exploit this vulnerability b...
Microsoft SharePoint Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint...
Windows Defender Application Control Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...
Active Directory Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Active Directory integrated DNS ADIDNS mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To exploit the vulnerability, an...
Jet Database Engine Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...
Office Web Apps XSS Vulnerability
A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Office Web Apps server. The attacker who successfully exploited th...
Microsoft Bing Search Spoofing Vulnerability
A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website, when browsed using...
Hyper-V Denial of Service Vulnerability
A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...
Win32k Information Disclosure Vulnerability
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log ...
Windows GDI Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could...
Remote Desktop Services Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction...
DirectX Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with...
Microsoft Windows Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access...
Windows Hyper-V Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...
Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...
Microsoft Office SharePoint XSS Vulnerability
A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...
Visual Studio Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library DLL files. An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the current user. Use...
Microsoft Office Information Disclosure Vulnerability
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...
Jet Database Engine Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...
Windows DNS Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints. The update addresses the vulnerability by updating DNS Server Role record additions to not bypass the Global...
Microsoft Macro Assembler Tampering Vulnerability
A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code. An attacker could introduce code into an application, which modifies data in an unintended manner. The security updates addresses the vulnerability by ensuring that Microsoft Macro Assembler properly...
WordPad Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects. An attacker who successfully exploited the vulnerability could bypass content blocking. In a file-sharing attack scenario, an attacker could provide a specially crafted document file...
Microsoft Windows Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. To exploit the...
Skype for Business Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Skype for Business fails to properly handle specific authentication requests. An authenticated attacker who successfully exploited this vulnerability could steal an authentication hash that can be reused elsewhere. The attacker could then take a...
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...
Windows PDF Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Windows, Microsoft Word 2013 and Microsoft Word 2016 if a user opens a specially crafted PDF file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user. To exploi...
Windows Bowser.sys Information Disclosure Vulnerability
An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory to which they should not have access. ...
Windows Scripting Engine Memory Corruption Vulnerability
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data. To exploit the vulnerability, an attacker must know the memory address of where the...
Microsoft Office Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on wit...
Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft Windows when a USB disk mounted over Remote Desktop Protocol RDP via Microsoft RemoteFX is not correctly tied to the session of the mounting user. An attacker who successfully exploited this vulnerability could obtain access to file and...
Microsoft Office Graphics Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet...
Chromium: CVE-2026-13021 Inappropriate implementation in DeviceBoundSessionCredentials
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-4051 Insufficient data validation in DevTools
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Azure Command Line Integration CLI allows an unauthorized attacker to elevate privileges locally...
Chromium: CVE-2024-9603 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2024-7025 Integer overflow in Layout
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...