Filtered by vendor Microsoft
Subscriptions
Total
22295 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7577 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-09-01 | 4.4 Medium |
| IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product. | ||||
| CVE-2024-55895 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-09-01 | 2.7 Low |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2024-49808 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2025-09-01 | 6.3 Medium |
| IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions. | ||||
| CVE-2024-45651 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2025-09-01 | 6.3 Medium |
| IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2025-27907 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-09-01 | 4.1 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2024-22351 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-09-01 | 6.3 Medium |
| IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2024-6769 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-08-29 | 6.7 Medium |
| A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt. | ||||
| CVE-2025-9578 | 2 Acronis, Microsoft | 2 Cyber Protect Cloud Agent, Windows | 2025-08-29 | N/A |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734. | ||||
| CVE-2025-30038 | 1 Microsoft | 1 Windows | 2025-08-29 | N/A |
| The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream (ADS) for all files downloaded from potentially untrusted sources. | ||||
| CVE-2020-17144 | 1 Microsoft | 1 Exchange Server | 2025-08-29 | 8.4 High |
| Microsoft Exchange Remote Code Execution Vulnerability | ||||
| CVE-2020-17158 | 1 Microsoft | 1 Dynamics 365 | 2025-08-28 | 8.8 High |
| Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | ||||
| CVE-2020-17156 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2025-08-28 | 7.8 High |
| Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2020-17153 | 1 Microsoft | 1 Edge | 2025-08-28 | 4.3 Medium |
| Microsoft Edge for Android Spoofing Vulnerability | ||||
| CVE-2020-17152 | 1 Microsoft | 1 Dynamics 365 | 2025-08-28 | 8.8 High |
| Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | ||||
| CVE-2020-17150 | 1 Microsoft | 1 Tslint | 2025-08-28 | 7.8 High |
| Visual Studio Code Remote Code Execution Vulnerability | ||||
| CVE-2020-17148 | 1 Microsoft | 1 Visual Studio Code | 2025-08-28 | 7.8 High |
| Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | ||||
| CVE-2020-17147 | 1 Microsoft | 1 Dynamics 365 | 2025-08-28 | 8.7 High |
| Dynamics CRM Webclient Cross-site Scripting Vulnerability | ||||
| CVE-2020-17145 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2025-08-28 | 5.4 Medium |
| Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | ||||
| CVE-2020-17143 | 1 Microsoft | 1 Exchange Server | 2025-08-28 | 8.8 High |
| Microsoft Exchange Server Information Disclosure Vulnerability | ||||
| CVE-2020-17142 | 1 Microsoft | 1 Exchange Server | 2025-08-28 | 9.1 Critical |
| Microsoft Exchange Remote Code Execution Vulnerability | ||||