Filtered by vendor Microsoft
Subscribe
Total
21853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53760 | 1 Microsoft | 1 Sharepoint Server | 2025-08-15 | N/A | 7.1 HIGH |
| Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2022-29376 | 2 Apachefriends, Microsoft | 2 Xampp, Windows | 2025-08-15 | 6.5 MEDIUM | 8.8 HIGH |
| Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2025-23227 | 3 Ibm, Linux, Microsoft | 4 Aix, Tivoli Application Dependency Discovery Manager, Linux Kernel and 1 more | 2025-08-15 | N/A | 6.4 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-4454 | 2 Microsoft, Withsecure | 5 Windows, Client Security, Elements Endpoint Protection and 2 more | 2025-08-14 | N/A | 7.8 HIGH |
| WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23035. | |||||
| CVE-2025-50162 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-08-14 | N/A | 8.0 HIGH |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-50163 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-08-14 | N/A | 8.8 HIGH |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-50164 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-08-14 | N/A | 8.0 HIGH |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-50166 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-14 | N/A | 6.5 MEDIUM |
| Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network. | |||||
| CVE-2025-50167 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-14 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53792 | 1 Microsoft | 1 Azure Portal | 2025-08-14 | N/A | 9.1 CRITICAL |
| Azure Portal Elevation of Privilege Vulnerability | |||||
| CVE-2025-53787 | 1 Microsoft | 1 365 Copilot Chat | 2025-08-14 | N/A | 8.2 HIGH |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | |||||
| CVE-2025-53774 | 1 Microsoft | 1 365 Copilot Chat | 2025-08-14 | N/A | 6.5 MEDIUM |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | |||||
| CVE-2025-53767 | 1 Microsoft | 1 Azure Openai | 2025-08-14 | N/A | 10.0 CRITICAL |
| Azure OpenAI Elevation of Privilege Vulnerability | |||||
| CVE-2025-53771 | 1 Microsoft | 1 Sharepoint Server | 2025-08-14 | N/A | 6.5 MEDIUM |
| Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-53762 | 1 Microsoft | 1 Purview | 2025-08-14 | N/A | 8.7 HIGH |
| Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-49747 | 1 Microsoft | 1 Azure Machine Learning | 2025-08-14 | N/A | 9.9 CRITICAL |
| Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-49746 | 1 Microsoft | 1 Azure Machine Learning | 2025-08-14 | N/A | 9.9 CRITICAL |
| Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-47995 | 1 Microsoft | 1 Azure Machine Learning | 2025-08-14 | N/A | 6.5 MEDIUM |
| Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-47158 | 1 Microsoft | 1 Azure Devops | 2025-08-14 | N/A | 9.0 CRITICAL |
| Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-50156 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-08-14 | N/A | 5.7 MEDIUM |
| Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | |||||