microsoft

14,453 tracked vulnerabilities.

CVE-2026-46538 MEDIUM
Microsoft UFO accepts cross-device TASK_END messages by session_id only, allowing peer task-result injection
May 27, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-46416 MEDIUM
Microsoft UFO shared WebSocket handler state causes cross-client response hijacking
May 27, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-46414 HIGH
Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking
May 27, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-46402 HIGH
Microsoft UFO uses untrusted task_name in log paths, allowing authenticated path traversal and log file creation outside the logs directory
May 27, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-45322 HIGH
OS Command Injection in Microsoft UFO Shell Action Replay via Stored Session JSON
May 27, 2026
CVSS 7.8
EPSS 0.02
CVE-2026-47280 CRITICAL
Azure Resource Manager Elevation of Privilege Vulnerability
May 22, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-45659 HIGH KEV
Microsoft SharePoint Remote Code Execution Vulnerability
May 22, 2026
CVSS 8.8
EPSS 0.03
CVE-2026-42901 CRITICAL
Microsoft Entra ID Elevation of Privilege Vulnerability
May 22, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-42827 MEDIUM
M365 Copilot Information Disclosure Vulnerability
May 22, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-41104 CRITICAL
Microsoft Planetary Computer Pro Information Disclosure Vulnerability
May 22, 2026
CVSS 10.0
EPSS 0.01
CVE-2026-41090 CRITICAL
Microsoft Copilot Tampering Vulnerability
May 22, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-40412 CRITICAL
Azure Orbital Spatio Remote Code Execution Vulnerability
May 22, 2026
CVSS 10.0
EPSS 0.01
CVE-2026-40411 CRITICAL
Azure Virtual Network Gateway Remote Code Execution Vulnerability
May 22, 2026
CVSS 9.9
EPSS 0.01
CVE-2026-35430 HIGH
Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability
May 22, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33843 CRITICAL
Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability
May 22, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-26147 HIGH
Azure Stack HCI Information Disclosure Vulnerability
May 22, 2026
CVSS 7.7
EPSS 0.01
CVE-2026-23663 HIGH
Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability
May 22, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-23652 CRITICAL
Microsoft Power Pages Remote Code Execution Vulnerability
May 22, 2026
CVSS 10.0
EPSS 0.01
CVE-2026-45584 HIGH
Microsoft Defender Remote Code Execution Vulnerability
May 20, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-45498 MEDIUM KEV
Microsoft Defender Denial of Service Vulnerability
May 20, 2026
CVSS 4.0
EPSS 0.63
CVE-2026-42834 HIGH
Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
May 20, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-41091 HIGH KEV
Microsoft Defender Elevation of Privilege Vulnerability
May 20, 2026
CVSS 7.8
EPSS 0.08
CVE-2026-45585 MEDIUM
Microsoft Windows 11 Version 24H2 - Windows BitLocker Security Feature Bypass Vulnerability
May 20, 2026
CVSS 6.8
EPSS 0.01
CVE-2026-45495 HIGH
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
May 18, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-45494 MEDIUM
Microsoft Edge (Chromium-based) Spoofing Vulnerability
May 18, 2026
CVSS 5.4
EPSS 0.00