Filtered by vendor Microsoft
Subscriptions
Total
23432 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62221 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-26 | 7.8 High |
| Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64785 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2026-02-26 | 7.8 High |
| Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-64899 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2026-02-26 | 7.8 High |
| Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-67460 | 2 Microsoft, Zoom | 3 Windows, Rooms, Zoom | 2026-02-26 | 7.8 High |
| Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2025-64669 | 1 Microsoft | 1 Windows Admin Center | 2026-02-26 | 7.8 High |
| Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-11001 | 2 7-zip, Microsoft | 2 7-zip, Windows | 2026-02-26 | 7.8 High |
| 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753. | ||||
| CVE-2025-64655 | 1 Microsoft | 1 Dynamics Omnichannel Sdk Storage Containers | 2026-02-26 | 8.8 High |
| Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59245 | 1 Microsoft | 1 Sharepoint Online | 2026-02-26 | 9.8 Critical |
| Microsoft SharePoint Online Elevation of Privilege Vulnerability | ||||
| CVE-2025-49752 | 1 Microsoft | 1 Azure Bastion Developer | 2026-02-26 | 10 Critical |
| Azure Bastion Elevation of Privilege Vulnerability | ||||
| CVE-2025-62207 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Control Service | 2026-02-26 | 8.6 High |
| Azure Monitor Elevation of Privilege Vulnerability | ||||
| CVE-2025-14174 | 4 Apple, Google, Linux and 1 more | 11 Ipados, Iphone Os, Macos and 8 more | 2026-02-26 | 8.8 High |
| Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-64660 | 1 Microsoft | 1 Visual Studio Code | 2026-02-26 | 8 High |
| Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-62459 | 1 Microsoft | 1 365 Defender Portal | 2026-02-26 | 8.3 High |
| Microsoft Defender Portal Spoofing Vulnerability | ||||
| CVE-2025-14765 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-14766 | 4 Apple, Google, Linux and 1 more | 5 Macos, Chrome, V8 and 2 more | 2026-02-26 | 8.8 High |
| Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-64656 | 1 Microsoft | 2 Azure App Gateway, Azure Application Gateway | 2026-02-26 | 9.4 Critical |
| Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-64657 | 1 Microsoft | 2 Azure App Gateway, Azure Application Gateway | 2026-02-26 | 9.8 Critical |
| Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-64663 | 1 Microsoft | 2 Azure Cognitive Service For Language, Azure Language | 2026-02-26 | 9.9 Critical |
| Custom Question Answering Elevation of Privilege Vulnerability | ||||
| CVE-2025-65041 | 1 Microsoft | 1 Partner Center | 2026-02-26 | 10 Critical |
| Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-65037 | 1 Microsoft | 1 Azure Container Apps | 2026-02-26 | 10 Critical |
| Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network. | ||||