ReportizFlow
Filtered by vendor Microsoft
Subscriptions
Total
23465 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14915 | 4 Apple, Ibm, Linux and 1 more | 8 Macos, Aix, I and 5 more | 2026-03-30 | 6.5 Medium |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server. | ||||
| CVE-2025-14917 | 4 Apple, Ibm, Linux and 1 more | 8 Macos, Aix, I and 5 more | 2026-03-30 | 6.7 Medium |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings. | ||||
| CVE-2026-21513 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-30 | 8.8 High |
| Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-21525 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-30 | 6.2 Medium |
| Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. | ||||
| CVE-2026-21533 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-30 | 7.8 High |
| Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26137 | 1 Microsoft | 3 365 Copilot Business Chat, 365 Copilot Chat, Exchange Online | 2026-03-29 | 9.9 Critical |
| Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-23667 | 1 Microsoft | 14 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 11 more | 2026-03-29 | 7 High |
| Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23669 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-29 | 8.8 High |
| Use after free in RPC Runtime allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-23671 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-03-29 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23672 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-29 | 7.8 High |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | ||||
| CVE-2026-23673 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-29 | 7.8 High |
| Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24282 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-03-29 | 5.5 Medium |
| Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-24283 | 1 Microsoft | 11 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 8 more | 2026-03-29 | 8.8 High |
| Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24287 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-03-29 | 7.8 High |
| External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24289 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-29 | 7.8 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24290 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-03-29 | 7.8 High |
| Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24291 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-29 | 7.8 High |
| Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24292 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-03-29 | 7.8 High |
| Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24293 | 1 Microsoft | 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more | 2026-03-29 | 7.8 High |
| Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24294 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-29 | 7.8 High |
| Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. | ||||