CVE Tracker
Track known exploited vulnerabilities, CISA KEV alerts, and linked threat intelligence.
2,234
Total CVEs
1,589
CISA KEV
41
Known Exploits
8.8
Avg CVSS Score
Showing 20 of 428 CVEs matching "Microsoft" · CISA KEV
An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer.
The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website.
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory.
The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application.
A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information.
Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site.
Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory.
Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.
A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server.
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.
A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.