Lucene search
K
MscveMost viewed

21727 matches found

Microsoft CVE
Microsoft CVE
•added 2020/11/10 8:0 a.m.•35 views

Win32k Elevation of Privilege Vulnerability

...

7.8CVSS7.7AI score0.01521EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/11/10 8:0 a.m.•35 views

Windows USO Core Worker Elevation of Privilege Vulnerability

...

7.8CVSS8.3AI score0.00717EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/10/13 7:0 a.m.•35 views

Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability

A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...

5.4CVSS1.1AI score0.01326EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/10/13 7:0 a.m.•35 views

Windows Event System Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges...

7.8CVSS4.4AI score0.007EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/10/13 7:0 a.m.•35 views

Windows Application Compatibility Client Library Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need cod...

7.8CVSS4.3AI score0.00908EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/10/13 7:0 a.m.•35 views

Azure Functions Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way Azure Functions validate access keys. An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization. This security update addresses the vulnerability by correctly...

9.8CVSS2.4AI score0.03123EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/09/08 7:0 a.m.•35 views

Microsoft SharePoint Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint...

8.6CVSS2.9AI score0.01915EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2020/09/08 7:0 a.m.•35 views

Microsoft COM for Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, a user would have to open a specially...

7.9CVSS3.4AI score0.02747EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/09/08 7:0 a.m.•35 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

9.3CVSS2.5AI score0.02062EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/09/08 7:0 a.m.•35 views

Windows Hyper-V Denial of Service Vulnerability

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a...

6.5CVSS2.3AI score0.01235EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/09/08 7:0 a.m.•35 views

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially...

7.8CVSS3.2AI score0.00978EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/09/08 7:0 a.m.•35 views

Microsoft Office SharePoint XSS Vulnerability

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

6.3CVSS0.9AI score0.01991EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/09/08 7:0 a.m.•35 views

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially...

7.8CVSS3.4AI score0.04322EPSS
Exploits2
Microsoft CVE
Microsoft CVE
•added 2020/09/08 7:0 a.m.•35 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on ...

5.5CVSS1.7AI score0.01129EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/08/12 7:0 a.m.•35 views

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations on-premises version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An authenticated attacke...

8CVSS4.8AI score0.02765EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/08/11 7:0 a.m.•35 views

Windows Image Acquisition Service Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows Image Acquisition WIA Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an...

7.8CVSS3AI score0.01477EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/08/11 7:0 a.m.•35 views

Media Foundation Memory Corruption Vulnerability

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an...

7.8CVSS2.5AI score0.03463EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/08/11 7:0 a.m.•35 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

9.3CVSS1.5AI score0.0451EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/08/11 7:0 a.m.•35 views

Windows CDP User Components Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The...

7.8CVSS4.6AI score0.00976EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/08/11 7:0 a.m.•35 views

Windows Backup Engine Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The securi...

7.8CVSS4.3AI score0.00795EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/07/14 7:0 a.m.•35 views

Windows WalletService Information Disclosure Vulnerability

An information disclosure vulnerability exists in the way that the WalletService handles memory. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerabilit...

5.5CVSS3.8AI score0.01225EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/07/14 7:0 a.m.•35 views

Windows Diagnostics Hub Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An...

7.8CVSS3.8AI score0.01019EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/07/14 7:0 a.m.•35 views

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially...

7.8CVSS3.4AI score0.00919EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/06/09 7:0 a.m.•35 views

Windows OLE Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or ...

8.8CVSS3.5AI score0.14487EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/06/09 7:0 a.m.•35 views

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially...

7.8CVSS3.4AI score0.03158EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/05/12 7:0 a.m.•35 views

Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability

A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...

5.4CVSS1.1AI score0.01414EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/04/14 7:0 a.m.•35 views

Microsoft Office SharePoint XSS Vulnerability

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

5.4CVSS0.9AI score0.01515EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/04/14 7:0 a.m.•35 views

Microsoft Graphics Components Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafte...

9.3CVSS3.9AI score0.11685EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/04/14 7:0 a.m.•35 views

Jet Database Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...

9.3CVSS4.4AI score0.11685EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/03/10 7:0 a.m.•35 views

Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a speciall...

7.8CVSS3.3AI score0.0098EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/03/10 7:0 a.m.•35 views

Microsoft Word Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...

9.3CVSS1.8AI score0.11548EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/02/11 8:0 a.m.•35 views

Windows Data Sharing Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafte...

7.8CVSS3.6AI score0.00849EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/02/11 8:0 a.m.•35 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

7.8CVSS3.5AI score0.00962EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/01/14 8:0 a.m.•35 views

Microsoft Office Online Spoofing Vulnerability

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly. An attacker could exploit the vulnerability by sending a specially crafted request to an affected site. The attacker who successfully exploited the vulnerability could then perfor...

5.8CVSS3.4AI score0.00917EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2020/01/14 8:0 a.m.•35 views

Remote Desktop Web Access Information Disclosure Vulnerability

An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information. An attacker who successfully exploited this vulnerability could obtain legitimate users' credentials. To exploit this vulnerability, an attacker would need access to a vulnerab...

6.5CVSS2.5AI score0.05027EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2019/12/17 8:0 a.m.•35 views

Microsoft SharePoint Server Information Disclosure Vulnerability

An information disclosure vulnerability exists in SharePoint Server. An attacker who exploited this vulnerability could read arbitrary files on the server. To exploit the vulnerability, an attacker would need to send a specially crafted request to a susceptible SharePoint Server instance. The...

1.9AI score
Exploits0
Microsoft CVE
Microsoft CVE
•added 2019/12/10 8:0 a.m.•35 views

Skype for Business Server Spoofing Vulnerability

A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected server. The attacker who successfully exploited this vulnerabili...

5.4CVSS1.2AI score0.01432EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2019/11/12 8:0 a.m.•35 views

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.6AI score0.28178EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2019/11/12 8:0 a.m.•35 views

VBScript Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili...

7.6CVSS8.6AI score0.06435EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2019/11/12 8:0 a.m.•35 views

Microsoft SharePoint Information Disclosure Vulnerability

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes. The...

6.5CVSS1AI score0.0537EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2019/10/08 7:0 a.m.•35 views

Microsoft Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on...

7.8CVSS4AI score0.19205EPSS
Exploits25
Microsoft CVE
Microsoft CVE
•added 2019/09/10 7:0 a.m.•35 views

Remote Desktop Client Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs;...

9.3CVSS2.3AI score0.11672EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2019/09/10 7:0 a.m.•35 views

Jet Database Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...

9.3CVSS4.4AI score0.11155EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2019/09/10 7:0 a.m.•35 views

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS1.4AI score0.08107EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2019/09/10 7:0 a.m.•35 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

7.8CVSS2.9AI score0.01008EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2019/09/10 7:0 a.m.•35 views

Remote Desktop Client Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs;...

9.3CVSS2.3AI score0.11672EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2019/08/13 7:0 a.m.•35 views

Microsoft Graphics Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data...

9.3CVSS9.3AI score0.13904EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2019/08/13 7:0 a.m.•35 views

Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability

A denial of service vulnerability exists in Remote Desktop Protocol RDP when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To...

7.5CVSS2.8AI score0.05224EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2019/08/13 7:0 a.m.•35 views

Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability

An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially...

7.8CVSS3.8AI score0.00967EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2019/08/13 7:0 a.m.•35 views

Jet Database Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...

9.3CVSS4.4AI score0.04477EPSS
Exploits0
Total number of security vulnerabilities5000