ReportizFlow
Filtered by vendor Microsoft
Subscriptions
Total
23051 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0905 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | 9.8 Critical |
| Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium) | ||||
| CVE-2026-0904 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | 5.4 Medium |
| Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-0903 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | 5.4 Medium |
| Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium) | ||||
| CVE-2026-0902 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-0900 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-0899 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | 8.8 High |
| Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-24888 | 1 Microsoft | 1 Maker.js | 2026-01-29 | 6.5 Medium |
| Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the `makerjs.extendObject` function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks `hasOwnProperty()` checks and does not filter dangerous keys, allowing inherited properties and potentially malicious properties to be copied to target objects. A patch is available in commit 85e0f12bd868974b891601a141974f929dec36b8, which is expected to be part of version 0.19.2. | ||||
| CVE-2025-10214 | 2 Microsoft, Updf | 2 Windows, Updf | 2026-01-29 | 7.8 High |
| DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\<user>\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence. | ||||
| CVE-2025-10213 | 2 Microsoft, Updf | 2 Windows, Updf | 2026-01-29 | 7.8 High |
| DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\<user>\AppData\Local\Microsoft\WindowsApps\' directory, which could lead to arbitrary code execution and persistence. | ||||
| CVE-2025-14625 | 3 Altera, Intel, Microsoft | 4 Quartus Prime Lite, Quartus Prime Standard, Quartus Prime and 1 more | 2026-01-29 | 6.7 Medium |
| Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1. | ||||
| CVE-2025-64677 | 1 Microsoft | 2 Office Out-of-box Experience, Office Out Of-box Experience | 2026-01-28 | 8.2 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-64675 | 1 Microsoft | 2 Azure Cosmos Db, Cosmos Db | 2026-01-28 | 8.3 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-64676 | 1 Microsoft | 2 Office Purview, Purview | 2026-01-28 | 7.2 High |
| '.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-65037 | 1 Microsoft | 1 Azure Container Apps | 2026-01-28 | 10 Critical |
| Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-65041 | 1 Microsoft | 1 Partner Center | 2026-01-28 | 10 Critical |
| Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-64663 | 1 Microsoft | 2 Azure Cognitive Service For Language, Azure Language | 2026-01-28 | 9.9 Critical |
| Custom Question Answering Elevation of Privilege Vulnerability | ||||
| CVE-2025-64679 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-01-28 | 7.8 High |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64678 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-01-28 | 8.8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-64672 | 1 Microsoft | 1 Sharepoint Server | 2026-01-28 | 8.8 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2025-62553 | 1 Microsoft | 10 365 Apps, Excel, Excel 2016 and 7 more | 2026-01-28 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||