CVE Tracker
Track known exploited vulnerabilities, CISA KEV alerts, and linked threat intelligence.
2,234
Total CVEs
1,589
CISA KEV
41
Known Exploits
8.8
Avg CVSS Score
Showing 20 of 536 CVEs matching "Microsoft"
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server.
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.