Filtered by vendor Microsoft
Subscriptions
Total
23025 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62224 | 1 Microsoft | 1 Edge | 2026-01-08 | 5.5 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2025-57836 | 2 Microsoft, Samsung | 2 Windows, Magician | 2026-01-08 | 7.8 High |
| An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges. | ||||
| CVE-2025-11235 | 2 Microsoft, Progress | 2 Windows, Moveit Transfer | 2026-01-08 | 3.7 Low |
| Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10. | ||||
| CVE-2026-20893 | 2 Fujitsu, Microsoft | 2 Security Solution Authconductor Client Basic V2, Windows | 2026-01-08 | N/A |
| Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/or modify the registry value. | ||||
| CVE-2025-9611 | 1 Microsoft | 1 Playwright | 2026-01-08 | N/A |
| Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended invocation of MCP tool endpoints. | ||||
| CVE-2009-0556 | 1 Microsoft | 2 Office Powerpoint, Powerpoint | 2026-01-08 | 8.8 High |
| Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability." | ||||
| CVE-2025-4056 | 3 Gnome, Microsoft, Redhat | 3 Glib, Windows, Enterprise Linux | 2026-01-08 | 7.5 High |
| A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines. | ||||
| CVE-2025-62221 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-01-07 | 7.8 High |
| Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54100 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-01-07 | 7.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-64680 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-01-07 | 7.8 High |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64671 | 1 Microsoft | 2 Gihub Copilot Plugin For Jetbrains Ides, Github Copilot | 2026-01-07 | 8.4 High |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-64661 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-01-07 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62565 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-01-07 | 7.3 High |
| Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62570 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 2 more | 2026-01-07 | 7.1 High |
| Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-62569 | 1 Microsoft | 7 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 4 more | 2026-01-07 | 7 High |
| Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62567 | 1 Microsoft | 20 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 17 more | 2026-01-07 | 5.3 Medium |
| Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-62560 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-01-07 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-62559 | 1 Microsoft | 13 365 Apps, Office, Office 2019 and 10 more | 2026-01-07 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-62558 | 1 Microsoft | 13 365 Apps, Office, Office 2019 and 10 more | 2026-01-07 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-62557 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-01-07 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||