Filtered by vendor Microsoft
Subscribe
Total
22283 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24916 | 2 Checkpoint, Microsoft | 2 Smartconsole, Windows | 2025-09-04 | N/A | 6.5 MEDIUM |
| Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin). | |||||
| CVE-2024-51736 | 2 Microsoft, Sensiolabs | 2 Windows, Symfony | 2025-09-04 | N/A | N/A |
| Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-9491 | 1 Microsoft | 1 Windows 11 23h2 | 2025-09-03 | N/A | 7.8 HIGH |
| Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373. | |||||
| CVE-2024-24915 | 2 Checkpoint, Microsoft | 2 Smartconsole, Windows | 2025-09-03 | N/A | 6.1 MEDIUM |
| Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them. | |||||
| CVE-2025-25007 | 1 Microsoft | 1 Exchange Server | 2025-09-03 | N/A | 5.3 MEDIUM |
| Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-25006 | 1 Microsoft | 1 Exchange Server | 2025-09-03 | N/A | 5.3 MEDIUM |
| Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-53783 | 1 Microsoft | 5 Dynamics 365 Guides, Dynamics 365 Remote Assist, Teams and 2 more | 2025-09-03 | N/A | 7.5 HIGH |
| Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-33051 | 1 Microsoft | 1 Exchange Server | 2025-09-03 | N/A | 7.5 HIGH |
| Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-9478 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-09-02 | N/A | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2023-38581 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-09-02 | N/A | 8.8 HIGH |
| Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-28952 | 2 Intel, Microsoft | 3 Integrated Performance Primitives, Oneapi Base Toolkit, Windows | 2025-09-02 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-17158 | 1 Microsoft | 1 Dynamics 365 | 2025-08-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | |||||
| CVE-2020-17156 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2025-08-28 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2020-17153 | 1 Microsoft | 1 Edge | 2025-08-28 | 5.8 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge for Android Spoofing Vulnerability | |||||
| CVE-2020-17152 | 1 Microsoft | 1 Dynamics 365 | 2025-08-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | |||||
| CVE-2020-17150 | 1 Microsoft | 1 Tslint | 2025-08-28 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2020-17148 | 1 Microsoft | 1 Visual Studio Code | 2025-08-28 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | |||||
| CVE-2020-17147 | 1 Microsoft | 1 Dynamics 365 | 2025-08-28 | 3.5 LOW | 8.7 HIGH |
| Dynamics CRM Webclient Cross-site Scripting Vulnerability | |||||
| CVE-2020-17145 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2025-08-28 | 4.9 MEDIUM | 5.4 MEDIUM |
| Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | |||||
| CVE-2020-17143 | 1 Microsoft | 1 Exchange Server | 2025-08-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Exchange Server Information Disclosure Vulnerability | |||||