Lucene search
K
MscveMost viewed

22103 matches found

Microsoft CVE
Microsoft CVE
added 2018/05/08 7:0 a.m.38 views

.NET and .NET Core Denial of Service Vulnerability

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing...

7.5CVSS3.4AI score0.077EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/05/08 7:0 a.m.38 views

Windows Image Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a...

7CVSS3.5AI score0.00963EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/03/13 7:0 a.m.38 views

Microsoft Exchange Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access OWA fails to properly sanitize links presented to users. An attacker who successfully exploited this vulnerability could override the OWA interface with a fake login page and attempt to trick the user into...

6.5CVSS1.6AI score0.0757EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/02/13 8:0 a.m.38 views

Microsoft Office Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on wit...

9.3CVSS2.6AI score0.19536EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/02/13 8:0 a.m.38 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS1.5AI score0.15711EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/01/19 8:0 a.m.38 views

Microsoft Office Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS7.8AI score0.18641EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/01/09 8:0 a.m.38 views

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Offiice parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or crea...

9.3CVSS4.1AI score0.2057EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/01/09 8:0 a.m.38 views

Microsoft Office Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS8.3AI score0.24398EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/01/09 8:0 a.m.38 views

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.6AI score0.23257EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/01/09 8:0 a.m.38 views

Microsoft Access Tampering Vulnerability

A cross-site-scripting XSS vulnerability exists when Microsoft Access does not properly sanitize inputs to image fields edited within Design view. An attacker could exploit the vulnerability by sending a specially crafted file to a victim, or by hosting the file on a web server. The attacker who...

6.1CVSS1.5AI score0.03631EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/01/03 8:0 a.m.38 views

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability,...

7.1CVSS2.9AI score0.0276EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2017/12/12 8:0 a.m.38 views

Microsoft Office Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...

5.5CVSS1.1AI score0.12588EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/11/14 8:0 a.m.38 views

Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a...

4.3CVSS1.5AI score0.07046EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/10/10 7:0 a.m.38 views

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.6AI score0.81627EPSS
Exploits3
Microsoft CVE
Microsoft CVE
added 2017/09/12 7:0 a.m.38 views

Windows Uniscribe Remote Code Execution Vulnerability

A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accoun...

9.3CVSS7.3AI score0.16911EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/09/12 7:0 a.m.38 views

Windows GDI+ Information Disclosure Vulnerability

A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would...

5.5CVSS1.7AI score0.03044EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2017/08/08 7:0 a.m.38 views

Win32k Information Disclosure Vulnerability

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log ...

7CVSS1.4AI score0.02322EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/08/08 7:0 a.m.38 views

Microsoft Browser Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

7.6CVSS3.9AI score0.09181EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/08/08 7:0 a.m.38 views

Windows Subsystem for Linux Denial of Service Vulnerability

A denial of service vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause a denial of service against the local system. A attacker could exploit this vulnerability by running a specially...

4.7CVSS3.3AI score0.01565EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/07/11 7:0 a.m.38 views

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, th...

9.3CVSS1.9AI score0.21469EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/07/11 7:0 a.m.38 views

Windows System Information Console Information Disclosure Vulnerability

An information disclosure vulnerability exists in the Microsoft Common Console Document .msc when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity XXE...

5.5CVSS4.5AI score0.01541EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/06/19 7:0 a.m.38 views

Microsoft Graphics Component Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this...

6.5CVSS2.5AI score0.14265EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.38 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have t...

6.5CVSS2.7AI score0.14265EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.38 views

CVE-2017-8555

A vulnerability exists in Microsoft Edge when the Edge Content Security Policy CSP fails to properly validate certain specially crafted documents. An attacker could use this vulnerability to trick a user into loading a web page with malicious content. To exploit the vulnerability, an attacker mus...

6.5CVSS2AI score0.14265EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.38 views

Windows Uniscribe Information Disclosure Vulnerability

An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the...

6.5CVSS2.1AI score0.14265EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.38 views

Microsoft Edge Information Disclosure Vulnerability

An information disclosure vulnerability exists in Microsoft Edge that allows JavaScript XML DOM objects to detect installed browser extensions. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a malicious website in an attempt to make a user visit it. However, ...

6.5CVSS0.5AI score0.14265EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/05/08 7:0 a.m.38 views

Microsoft Malware Protection Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSyste...

9.3CVSS2.2AI score0.77207EPSS
Exploits5
Microsoft CVE
Microsoft CVE
added 2017/04/11 7:0 a.m.38 views

Windows OLE Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Windows OLE when it fails an integrity-level check. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. The...

5.5CVSS4.9AI score0.13975EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2017/03/14 7:0 a.m.38 views

Windows COM Session Elevation of Privilege Vulnerability

An elevation of privilege exists in Windows when a DCOM object in Helppane.exe, configured to run as the interactive user, fails to properly authenticate the client. An attacker who successfully exploited the vulnerability could run arbitrary code in another user's session. To exploit the...

7.8CVSS5.1AI score0.04957EPSS
Exploits3
Microsoft CVE
Microsoft CVE
added 2017/03/14 7:0 a.m.38 views

iSNS Server Memory Corruption Vulnerability

A remote code execution vulnerability exists in Windows when the iSNS Server service fails to properly validate input from the client, leading to an integer overflow. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SYSTEM account. An attacke...

9.3CVSS4.6AI score0.13823EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/03/14 7:0 a.m.38 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...

7.6CVSS7.8AI score0.1523EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/03/14 7:0 a.m.38 views

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack...

4.3CVSS1.9AI score0.36998EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/12/13 8:0 a.m.38 views

Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could explo...

6.7CVSS1.8AI score0.225EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/12/13 8:0 a.m.38 views

Microsoft Office Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the...

7.1CVSS2.2AI score0.25082EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/11/08 8:0 a.m.38 views

Secure Boot Component Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot policy that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded on...

7.5CVSS7.8AI score0.06199EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/11/08 8:0 a.m.38 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

7.8CVSS3.5AI score0.03019EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/10/11 7:0 a.m.38 views

Microsoft Office Memory Corruption Vulnerability

An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on...

9.3CVSS2.3AI score0.57705EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/10/11 7:0 a.m.38 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

10CVSS3.5AI score0.06614EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/09/13 7:0 a.m.38 views

GDI+ Information Disclosure Vulnerability

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory, allowing an attacker to retrieve information from a targeted system. An attacker who successfully exploited this vulnerability could use the retrieved information to...

4.3CVSS3AI score0.14198EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/09/13 7:0 a.m.38 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

7.8CVSS3.5AI score0.0142EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/09/13 7:0 a.m.38 views

Microsoft Office Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Outlook fails to enforce copy/paste permissions on DRM-protected emails. An attacker who successfully exploited the vulnerability could potentially extract plaintext content from DRM-protected draft emails. The attacker would have to u...

6.5CVSS2.3AI score0.04897EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/08/09 7:0 a.m.38 views

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack...

5.3CVSS1.9AI score0.15846EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/07/18 7:0 a.m.38 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle certain page fault system calls. An authenticated attacker who successfully exploited this vulnerability could disclose information from one process to another. To exploit the...

3.1CVSS1.7AI score0.43284EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/07/12 7:0 a.m.38 views

Internet Explorer Memory Corruption Vulnerability

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit...

7.6CVSS1.5AI score0.13848EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/05/10 7:0 a.m.38 views

March 2016 Adobe Flash Security Update

This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin APSB16-15: CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-110...

10CVSS8.3AI score0.94354EPSS
Exploits14
Microsoft CVE
Microsoft CVE
added 2016/05/10 7:0 a.m.38 views

Windows Shell Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system. An attacker could then install programs; view, change, or delete...

9.3CVSS3.3AI score0.24194EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/05/10 7:0 a.m.38 views

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions. An...

7.8CVSS4.6AI score0.01486EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/04/12 7:0 a.m.38 views

Microsoft Edge Memory Corruption Vulnerability

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

7.6CVSS1.6AI score0.19173EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2 days ago37 views

Chromium: CVE-2026-13874 Inappropriate implementation in DataTransfer

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

5.3CVSS5.9AI score0.00198EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/03/31 7:0 a.m.37 views

Azure Playwright Elevation of Privilege Vulnerability

Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network...

9.8CVSS6.9AI score0.00638EPSS
Exploits0
Total number of security vulnerabilities5000