Microsoft Corporation

6 exploits Active since Jun 2020
CVE-2020-1206 NOMISEC HIGH WORKING POC
Windows 10 and Windows Server 2016 - Information Disclosure via SMBv3 Uninitialized Memory Read
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.
147 stars
CVSS 7.5
CVE-2022-41040 NOMISEC HIGH WORKING POC
Microsoft Exchange ProxyNotShell RCE
Microsoft Exchange Server Elevation of Privilege Vulnerability
5 stars
CVSS 8.8
CVE-2024-20666 NOMISEC MEDIUM WORKING POC
Windows 10 1507-22H2 and Windows 11 21H2-23H2 - BitLocker Security Feature Bypass
BitLocker Security Feature Bypass Vulnerability
4 stars
CVSS 6.6
CVE-2022-41040 NOMISEC HIGH WORKING POC
Microsoft Exchange ProxyNotShell RCE
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS 8.8
CVE-2022-41099 NOMISEC MEDIUM WORKING POC
Microsoft Windows BitLocker - Security Feature Bypass
BitLocker Security Feature Bypass Vulnerability
CVSS 4.6
CVE-2025-66389 WRITEUP HIGH WRITEUP
GitHub Copilot 1.372.0 - Unauthenticated Filesystem Access via File-Handler URI Parameter
GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.
CVSS 7.5