Filtered by vendor Microsoft
Subscriptions
Total
23437 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21397 | 1 Microsoft | 4 365 Apps, Office 2021, Office 2024 and 1 more | 2026-02-26 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2025-24042 | 1 Microsoft | 2 Visual Studio Code, Vscode-js-debug | 2026-02-26 | 7.3 High |
| Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | ||||
| CVE-2025-21384 | 1 Microsoft | 1 Azure Health Bot | 2026-02-26 | 8.3 High |
| An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. | ||||
| CVE-2025-30391 | 1 Microsoft | 1 Dynamics 365 Customer Service | 2026-02-26 | 8.1 High |
| Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-30389 | 1 Microsoft | 1 Azure Ai Bot Service | 2026-02-26 | 8.7 High |
| Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-33074 | 1 Microsoft | 1 Azure Functions | 2026-02-26 | 7.5 High |
| Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-30390 | 1 Microsoft | 1 Azure Machine Learning | 2026-02-26 | 9.9 Critical |
| Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-30392 | 1 Microsoft | 1 Azure Ai Bot Service | 2026-02-26 | 9.8 Critical |
| Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-21416 | 1 Microsoft | 1 Azure Virtual Desktop | 2026-02-26 | 8.5 High |
| Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2024-25051 | 3 Ibm, Linux, Microsoft | 3 Jazz Reporting Service, Linux Kernel, Windows | 2026-02-26 | 6.6 Medium |
| IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system. | ||||
| CVE-2025-25000 | 1 Microsoft | 1 Edge Chromium | 2026-02-26 | 8.8 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-29815 | 1 Microsoft | 1 Edge Chromium | 2026-02-26 | 7.6 High |
| Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-29972 | 1 Microsoft | 2 Azure Storage Resouce Provider, Azure Storage Resource Provider | 2026-02-26 | 9.9 Critical |
| Server-side request forgery (ssrf) in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2025-29813 | 1 Microsoft | 2 Azure Devops, Azure Devops Server | 2026-02-26 | 10 Critical |
| Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-47732 | 1 Microsoft | 1 Dataverse | 2026-02-26 | 8.7 High |
| Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-1095 | 4 Apple, Ibm, Linux and 1 more | 4 Macos, Personal Communications, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029. | ||||
| CVE-2025-27183 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-26 | 7.8 High |
| After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-27182 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2026-02-26 | 7.8 High |
| After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-27194 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2026-02-26 | 7.8 High |
| Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-27195 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2026-02-26 | 7.8 High |
| Media Encoder versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||