Filtered by vendor Microsoft
Subscriptions
Total
23025 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53951 | 2 Fortinet, Microsoft | 3 Fortidlp, Fortidlp Agent, Windows | 2026-01-14 | 4.9 Medium |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to LocalService via sending a crafted request to a local listening port. | ||||
| CVE-2025-46752 | 2 Fortinet, Microsoft | 3 Fortidlp, Fortidlp Agent, Windows | 2026-01-14 | 4.2 Medium |
| A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code. | ||||
| CVE-2022-37969 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2026-01-13 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2025-64740 | 2 Microsoft, Zoom | 6 Windows, Workplace, Workplace App and 3 more | 2026-01-13 | 7.5 High |
| Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2025-62482 | 2 Microsoft, Zoom | 6 Windows, Meeting Software Development Kit, Workplace and 3 more | 2026-01-13 | 4.3 Medium |
| Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access. | ||||
| CVE-2026-0747 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2026-01-13 | 3.3 Low |
| Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing. | ||||
| CVE-2025-67825 | 2 Gonitro, Microsoft | 2 Nitro Pdf Pro, Windows | 2026-01-13 | 9.8 Critical |
| An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updated to ensure signer information consistently reflects the verified certificate identity. | ||||
| CVE-2026-21860 | 2 Microsoft, Palletsprojects | 2 Windows, Werkzeug | 2026-01-13 | N/A |
| Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safe_join function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. Windows still accepts them with any file extension, such as CON.txt, or trailing spaces such as CON. This issue has been patched in version 3.1.5. | ||||
| CVE-2006-3730 | 1 Microsoft | 3 Ie, Internet Explorer, Windows Xp | 2026-01-13 | N/A |
| Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. | ||||
| CVE-2022-44698 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2026-01-12 | 5.4 Medium |
| Windows SmartScreen Security Feature Bypass Vulnerability | ||||
| CVE-2022-41033 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-01-12 | 7.8 High |
| Windows COM+ Event System Service Elevation of Privilege Vulnerability | ||||
| CVE-2021-31956 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2026-01-12 | 7.8 High |
| Windows NTFS Elevation of Privilege Vulnerability | ||||
| CVE-2020-0618 | 1 Microsoft | 1 Sql Server | 2026-01-12 | 9.8 Critical |
| A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. | ||||
| CVE-2023-32049 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-01-12 | 8.8 High |
| Windows SmartScreen Security Feature Bypass Vulnerability | ||||
| CVE-2023-32046 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-01-12 | 7.8 High |
| Windows MSHTML Platform Elevation of Privilege Vulnerability | ||||
| CVE-2023-36584 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-01-12 | 5.4 Medium |
| Windows Mark of the Web Security Feature Bypass Vulnerability | ||||
| CVE-2022-38028 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-01-12 | 7.8 High |
| Windows Print Spooler Elevation of Privilege Vulnerability | ||||
| CVE-2021-31196 | 1 Microsoft | 1 Exchange Server | 2026-01-12 | 7.2 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2013-0648 | 7 Adobe, Apple, Linux and 4 more | 12 Flash Player, Mac Os X, Linux Kernel and 9 more | 2026-01-12 | 8.8 High |
| Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. | ||||
| CVE-2007-0671 | 1 Microsoft | 14 Access, Excel, Excel Viewer and 11 more | 2026-01-12 | 8.8 High |
| Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | ||||