CVE Tracker
Track known exploited vulnerabilities, CISA KEV alerts, and linked threat intelligence.
Showing 20 of 418 CVEs matching "Microsoft" · HIGH
A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.
A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server.
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.
A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.