Filtered by vendor Microsoft
Subscriptions
Total
23034 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24304 | 1 Microsoft | 1 Azure Resource Manager | 2026-01-23 | 9.9 Critical |
| Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-21264 | 1 Microsoft | 1 Micrososft Account | 2026-01-23 | 9.3 Critical |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-21521 | 1 Microsoft | 1 365 Word Copilot | 2026-01-23 | 7.4 High |
| Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-21227 | 1 Microsoft | 1 Azure Logic Apps | 2026-01-23 | 8.2 High |
| Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-24307 | 1 Microsoft | 1 365 Copilot | 2026-01-23 | 9.3 Critical |
| Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-24305 | 1 Microsoft | 1 Microsoft Entra Id | 2026-01-23 | 9.3 Critical |
| Azure Entra ID Elevation of Privilege Vulnerability | ||||
| CVE-2026-21524 | 1 Microsoft | 1 Azure Data Explorer | 2026-01-23 | 7.4 High |
| Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-24306 | 1 Microsoft | 1 Azure Front Door | 2026-01-23 | 9.8 Critical |
| Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-21520 | 1 Microsoft | 1 Copilot Studio | 2026-01-23 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector | ||||
| CVE-2026-21223 | 1 Microsoft | 1 Edge Chromium | 2026-01-23 | 5.1 Medium |
| Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged update commands as LocalSystem. This allows a non‑administrator to enable or disable Windows Virtualization‑Based Security (VBS) by modifying protected system registry keys under HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard. Disabling VBS weakens critical platform protections such as Credential Guard, Hypervisor‑protected Code Integrity (HVCI), and the Secure Kernel, resulting in a security feature bypass. | ||||
| CVE-2026-21226 | 1 Microsoft | 2 Azure Core Shared Client Library For Python, Azure Sdk For Python | 2026-01-23 | 7.5 High |
| Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-20941 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 2 more | 2026-01-23 | 7.8 High |
| Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20958 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-01-23 | 5.4 Medium |
| Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-20957 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-01-23 | 7.8 High |
| Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-20952 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-01-23 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-20950 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-01-23 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-20949 | 1 Microsoft | 6 365 Apps, Office 2021, Office 2024 and 3 more | 2026-01-23 | 7.8 High |
| Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-20948 | 1 Microsoft | 13 365 Apps, Office, Office 2019 and 10 more | 2026-01-23 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-20939 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-01-23 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-20937 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-01-23 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | ||||