microsoft

14,170 tracked vulnerabilities.

CVE-2026-21231 HIGH
Windows Kernel - Privilege Escalation
Feb 10, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-21229 HIGH
Power BI Report Server < 15.0.1120.113 - Authenticated Remote Code Execution
Feb 10, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-21228 HIGH
Azure Local < 2510.0.3002 - Unauthenticated Remote Code Execution via Improper Certificate Validation
Feb 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-21222 MEDIUM
Windows 10/11 Kernel Log File Information Disclosure
Feb 10, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-21218 HIGH
.NET 8.0.0-8.0.23, 9.0.0-9.0.12, 10.0.0-10.0.2 - Spoofing via Missing Special Element Handling
Feb 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-20846 HIGH
Windows 10/11 GDI+ Buffer Over-read Denial of Service
Feb 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-20841 HIGH
Windows Notepad App - Command Injection
Feb 10, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-24302 HIGH
Azure Arc - Unauthenticated Privilege Escalation via Improper Access Control
Feb 05, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-24300 CRITICAL
Azure Front Door - Privilege Escalation
Feb 05, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-21532 HIGH
Azure Functions - Exposure of Sensitive Information to an Unauthorized Actor
Feb 05, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-0391 MEDIUM
Microsoft Edge for Android - Info Disclosure
Feb 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-24888 MEDIUM
maker.js <= 0.19.1 - Prototype Pollution via makerjs.extendObject
Jan 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-21509 HIGH KEV
Microsoft 365 Apps and Office - Security Feature Bypass via Untrusted Input
Jan 26, 2026
CVSS 7.8
EPSS 0.11
CVE-2026-24304 CRITICAL
Azure Resource Manager - Privilege Escalation
Jan 23, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-24307 CRITICAL
Microsoft 365 Copilot - Unauthenticated Information Disclosure via Improper Input Validation
Jan 22, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-24306 CRITICAL
Azure Front Door - Privilege Escalation
Jan 22, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-24305 CRITICAL
Azure Entra ID < - Privilege Escalation
Jan 22, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-21524 HIGH
Azure Data Explorer - Exposure of Sensitive Information to an Unauthorized Actor
Jan 22, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-21521 HIGH
Microsoft 365 Word Copilot - Information Disclosure via Improper Neutralization of Escape Sequences
Jan 22, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-21520 HIGH
Microsoft Copilot Studio - Unauthenticated Exposure of Sensitive Information
Jan 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-21264 CRITICAL
Microsoft Account - Cross-Site Scripting
Jan 22, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-21227 HIGH
Azure Logic Apps - Unauthenticated Path Traversal
Jan 22, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-21223 HIGH
Microsoft Edge - Privilege Escalation
Jan 16, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-20960 HIGH
Microsoft Power Apps - Code Injection
Jan 16, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-21226 HIGH
Azure Core Shared Client Library for Python < 1.38.0 - Remote Code Execution via Untrusted Data Deserialization
Jan 13, 2026
CVSS 7.5
EPSS 0.03
Products
windows_server_2016 4,606 windows_server_2019 4,345 windows_server_2012 3,825 windows_server_2008 3,554 windows_10 2,974 windows_server_2022 2,699 windows_7 2,368 windows_8.1 2,216 windows_rt_8.1 2,020 windows_10_1809 1,935 windows_10_21h2 1,934 windows_10_22h2 1,932 windows_server_2022_23h2 1,666 windows_10_1607 1,658 windows_11_22h2 1,651 internet_explorer 1,635 windows_11_23h2 1,548 windows_11_24h2 1,234 windows_10_1507 1,230 windows_server_2025 1,195 office 1,032 windows_11_21h2 1,001 windows_vista 828 edge 756 windows_xp 739 windows_11 573 windows_2000 515 windows_11_25h2 502 sharepoint_server 477 365_apps 472
Quick Filters
Critical CVEs With Exploits In CISA KEV