Lucene search
K
MscveMost viewed

22107 matches found

Microsoft CVE
Microsoft CVE
added 2021/03/09 8:0 a.m.42 views

Windows Overlay Filter Elevation of Privilege Vulnerability

...

7.8CVSS7.8AI score0.00731EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2021/03/09 8:0 a.m.42 views

Windows ActiveX Installer Service Information Disclosure Vulnerability

...

5.5CVSS6.5AI score0.00834EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2021/03/04 8:3 p.m.42 views

Chromium CVE-2021-21159: Heap buffer overflow in TabStrip

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.5AI score0.01726EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2021/02/09 8:0 a.m.42 views

Windows DirectX Information Disclosure Vulnerability

...

5.5CVSS5.8AI score0.00888EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/12/08 8:0 a.m.42 views

Windows Backup Engine Elevation of Privilege Vulnerability

...

7.8CVSS7.7AI score0.01164EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/11/10 8:0 a.m.42 views

Microsoft SharePoint Server Spoofing Vulnerability

...

5.8CVSS7AI score0.01724EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/11/10 8:0 a.m.42 views

Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

7.8CVSS7.7AI score0.00864EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/11/10 8:0 a.m.42 views

Windows Network File System Information Disclosure Vulnerability

...

5.5CVSS6.5AI score0.01286EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/10/13 7:0 a.m.42 views

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

7.8CVSS2.6AI score0.04469EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/10/13 7:0 a.m.42 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

7.8CVSS3.5AI score0.00984EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/11 7:0 a.m.42 views

Windows Speech Runtime Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The...

7.8CVSS4.6AI score0.01003EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/11 7:0 a.m.42 views

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.6AI score0.04205EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/11 7:0 a.m.42 views

Windows Spoofing Vulnerability

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent...

7.8CVSS2.5AI score0.41131EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2020/07/14 7:0 a.m.42 views

Microsoft Graphics Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data...

9.3CVSS7.2AI score0.05662EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/07/14 7:0 a.m.42 views

Windows Lockscreen Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ea...

6.8CVSS4AI score0.01165EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/07/14 7:0 a.m.42 views

Microsoft Office Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...

5.5CVSS1.1AI score0.06119EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/05/12 7:0 a.m.42 views

.NET Framework Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by...

7.8CVSS4.9AI score0.02309EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/05/12 7:0 a.m.42 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

7.8CVSS3.5AI score0.52778EPSS
Exploits5
Microsoft CVE
Microsoft CVE
added 2020/05/12 7:0 a.m.42 views

Visual Studio Code Python Extension Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.9AI score0.11737EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2020/04/14 7:0 a.m.42 views

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the...

8.8CVSS3.6AI score0.0861EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/03/10 7:0 a.m.42 views

Microsoft Word Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...

9.3CVSS1.7AI score0.1168EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/02/11 8:0 a.m.42 views

Remote Desktop Client Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs;...

7.6CVSS2.3AI score0.1022EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/11/12 8:0 a.m.42 views

Microsoft Office Excel Security Feature Bypass

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. The security feature bypass by itself does not allow arbitrary code execution. To successfully exploit the vulnerability, an attacker would have to embed a control in ...

7.8CVSS2.8AI score0.03264EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/11/12 8:0 a.m.42 views

Visual Studio Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files. An attacker who successfully exploited this vulnerability could overwrite arbitrary files in the security context of the local system. To exploit this...

6.5CVSS6.6AI score0.03116EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/10/08 7:0 a.m.42 views

Windows 10 Mobile Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen. An attacker who successfully exploited this vulnerability could access the photo library of an affected phone and modify or delete photos without...

6.8CVSS3.6AI score0.00864EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/10/08 7:0 a.m.42 views

Windows 10 Update Assistant Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; vie...

7.8CVSS2.8AI score0.01223EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.42 views

HTTP/2 Server Denial of Service Vulnerability

A denial of service vulnerability exists in the HTTP/2 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. ...

7.8CVSS2.3AI score0.25448EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/07/09 7:0 a.m.42 views

Remote Desktop Protocol Client Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would...

6.5CVSS3.4AI score0.10713EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2019/07/09 7:0 a.m.42 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...

7.6CVSS7.6AI score0.07794EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/05/14 7:0 a.m.42 views

Windows OLE Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file or a...

9.3CVSS4.3AI score0.14351EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/12/11 8:0 a.m.42 views

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...

7.8CVSS3.3AI score0.04161EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/09/11 7:0 a.m.42 views

Windows SMB Denial of Service Vulnerability

A denial of service vulnerability exists in the Microsoft Server Block Message SMB when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to se...

7.8CVSS1.8AI score0.08997EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/09/11 7:0 a.m.42 views

Windows Hyper-V Denial of Service Vulnerability

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the...

6.8CVSS3.3AI score0.07165EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/05/08 7:0 a.m.42 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

7.2CVSS2.9AI score0.73721EPSS
Exploits18
Microsoft CVE
Microsoft CVE
added 2018/03/13 7:0 a.m.42 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization ASLR bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a...

4.7CVSS4.9AI score0.02866EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2018/02/13 8:0 a.m.42 views

Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

5.4CVSS1.2AI score0.02615EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/12/12 8:0 a.m.42 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS1.5AI score0.62646EPSS
Exploits3
Microsoft CVE
Microsoft CVE
added 2017/12/12 8:0 a.m.42 views

Microsoft Exchange Spoofing Vulnerability

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App OWA fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive...

8.1CVSS1.2AI score0.05884EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/11/14 8:0 a.m.43 views

ASP.NET Core Elevation Of Privilege Vulnerability

An open redirect vulnerability exists in ASP.NET Core that could lead to elevation of privilege. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link. When an authenticated user clicks the link, the authenticated...

8.8CVSS2.5AI score0.09398EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/11/14 8:0 a.m.42 views

Microsoft Project Server Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Project when Microsoft Project Server does not properly manage user sessions. For this Cross-site Request ForgeryCSRF/XSRF vulnerability to be exploited, the victim must be authenticated to logged on the target site. In a web-based attac...

8.8CVSS7.7AI score0.02474EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.42 views

Win32k Graphics Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete dat...

9.3CVSS6.9AI score0.19023EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.42 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

6.5CVSS3.1AI score0.14265EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.42 views

Microsoft Outlook Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or...

9.3CVSS2.6AI score0.19605EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.42 views

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory. To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. An attacker who successfully exploit...

7.3CVSS3.2AI score0.14265EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.42 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

7.8CVSS3.5AI score0.14265EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/05/09 7:0 a.m.42 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based...

7.6CVSS7.7AI score0.16992EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/04/11 7:0 a.m.42 views

Microsoft Outlook Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of file formats. The security feature bypass by itself does not allow arbitrary code execution. However, to successfully exploit the vulnerability, an attacker would have to use it ...

5.5CVSS4.1AI score0.19011EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/04/11 7:0 a.m.42 views

Microsoft Outlook Spoofing Vulnerability

A spoofing vulnerability exists in when Microsoft Outlook for Mac improperly validates HTML tag input. An attacker who successfully tricked the user could gain access to the user's authentication information or login credentials. In an email attack scenario an attacker could exploit the...

6.5CVSS0.9AI score0.10485EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/04/11 7:0 a.m.42 views

ADFS Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests. To exploit this vulnerability, an attacker could run a specially crafted application and attempt to brute-force an account password. An attacker who successfully...

4.3CVSS2.9AI score0.03648EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/03/14 7:0 a.m.42 views

Windows GDI Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete...

7.8CVSS3.2AI score0.03114EPSS
Exploits0
Total number of security vulnerabilities5000