Filtered by vendor Microsoft
Subscriptions
Total
23422 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24289 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-23 | 7.8 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24288 | 1 Microsoft | 4 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 1 more | 2026-03-23 | 6.8 Medium |
| Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack. | ||||
| CVE-2026-24287 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-03-23 | 7.8 High |
| External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24285 | 1 Microsoft | 30 Office, Office For Android, Windows 10 1607 and 27 more | 2026-03-23 | 7 High |
| Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24283 | 1 Microsoft | 11 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 8 more | 2026-03-23 | 8.8 High |
| Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24282 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-03-23 | 5.5 Medium |
| Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-23673 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-23 | 7.8 High |
| Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23672 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-23 | 7.8 High |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | ||||
| CVE-2026-23671 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-03-23 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23668 | 1 Microsoft | 22 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 19 more | 2026-03-23 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23667 | 1 Microsoft | 14 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 11 more | 2026-03-23 | 7 High |
| Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23664 | 1 Microsoft | 1 Azure Iot Explorer | 2026-03-23 | 7.5 High |
| Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-23660 | 1 Microsoft | 3 Azure Portal Windows Admin Center, Windows Admin Center, Windows Admin Center In Azure Portal | 2026-03-23 | 7.8 High |
| Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21262 | 1 Microsoft | 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more | 2026-03-23 | 8.8 High |
| Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2013-10047 | 3 Microsoft, Miniweb2, Miniweb Http Server Project | 3 Windows, Miniweb, Miniweb Http Server | 2026-03-23 | N/A |
| An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32, followed by a .mof file in the WMI directory. This triggers execution of the payload with SYSTEM privileges via the Windows Management Instrumentation service. The exploit is only viable on Windows versions prior to Vista. | ||||
| CVE-2025-13460 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2026-03-23 | 5.3 Medium |
| IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy. | ||||
| CVE-2025-13459 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2026-03-23 | 2.7 Low |
| IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow. | ||||
| CVE-2025-13212 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2026-03-23 | 5.3 Medium |
| IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency. | ||||
| CVE-2026-3910 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-23 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-3925 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-20 | 4.3 Medium |
| Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||