microsoft

14,170 tracked vulnerabilities.

CVE-2025-27488 MEDIUM
Windows Hardware Lab Kit - Privilege Escalation
May 13, 2025
CVSS 6.7
EPSS 0.01
CVE-2025-27468 HIGH
Windows Secure Kernel Mode - Privilege Escalation
May 13, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-26685 MEDIUM
Microsoft Defender for Identity - Improper Authentication
May 13, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-26684 MEDIUM
Microsoft Defender for Endpoint - Privilege Escalation
May 13, 2025
CVSS 6.7
EPSS 0.01
CVE-2025-26677 HIGH
Windows Server 2016/2019/2022/2025 < 10.0.26100.4061 - Remote Desktop Gateway DoS
May 13, 2025
CVSS 7.5
EPSS 0.36
CVE-2025-24063 HIGH
Windows 10 1507-22H2 and Windows 11 22H2 - Authenticated Privilege Escalation via Heap-based Buffer Overflow
May 13, 2025
CVSS 7.8
EPSS 0.01
CVE-2025-21264 HIGH
Visual Studio Code - Info Disclosure
May 13, 2025
CVSS 7.1
EPSS 0.01
CVE-2025-47733 CRITICAL
Microsoft Power Apps - Server-Side Request Forgery
May 08, 2025
CVSS 9.1
EPSS 0.04
CVE-2025-47732 HIGH
Microsoft Dataverse - Remote Code Execution via Untrusted Data Deserialization
May 08, 2025
CVSS 8.7
EPSS 0.02
CVE-2025-33072 HIGH
msagsfeedback.azurewebsites.net - Unauthenticated Information Disclosure
May 08, 2025
CVSS 8.1
EPSS 0.03
CVE-2025-29972 CRITICAL
Azure Storage Resource Provider - SSRF
May 08, 2025
CVSS 9.9
EPSS 0.06
CVE-2025-29827 CRITICAL
Azure Automation - Privilege Escalation via Improper Authorization
May 08, 2025
CVSS 9.9
EPSS 0.01
CVE-2025-29813 CRITICAL
Azure DevOps - Authentication Bypass via Assumed-Immutable Data
May 08, 2025
CVSS 10.0
EPSS 0.03
CVE-2025-29825 MEDIUM
Microsoft Edge Chromium < 136.0.3240.50 - User Interface Misrepresentation of Critical Information
May 02, 2025
CVSS 6.5
EPSS 0.03
CVE-2025-33074 HIGH
Microsoft Azure Functions - Code Injection
Apr 30, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-30392 CRITICAL
Azure Bot Framework SDK - Privilege Escalation
Apr 30, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-30391 HIGH
Microsoft Dynamics - Info Disclosure
Apr 30, 2025
CVSS 8.1
EPSS 0.01
CVE-2025-30390 CRITICAL
Azure Machine Learning - Improper Authorization
Apr 30, 2025
CVSS 9.9
EPSS 0.01
CVE-2025-30389 HIGH
Azure Bot Framework SDK - Privilege Escalation
Apr 30, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-21416 HIGH
Azure Virtual Desktop - Missing Authorization
Apr 30, 2025
CVSS 8.5
EPSS 0.00
CVE-2025-29817 MEDIUM
Power Automate for Desktop < 2.51.349.24355 - Authenticated Information Disclosure via Uncontrolled Search Path Element
Apr 15, 2025
CVSS 5.7
EPSS 0.00
CVE-2025-32726 MEDIUM
Visual Studio Code < 1.99.1 - Authenticated Privilege Escalation
Apr 12, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-29834 HIGH
Microsoft Edge (Chromium-based) - RCE
Apr 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-29803 HIGH
SQL Server Management Studio < 20.2.1 - Privilege Escalation via Uncontrolled Search Path
Apr 12, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-29824 HIGH KEV
Windows Common Log File System Driver - Use-After-Free
Apr 08, 2025
CVSS 7.8
EPSS 0.01
Products
windows_server_2016 4,606 windows_server_2019 4,345 windows_server_2012 3,825 windows_server_2008 3,554 windows_10 2,974 windows_server_2022 2,699 windows_7 2,368 windows_8.1 2,216 windows_rt_8.1 2,020 windows_10_1809 1,935 windows_10_21h2 1,934 windows_10_22h2 1,932 windows_server_2022_23h2 1,666 windows_10_1607 1,658 windows_11_22h2 1,651 internet_explorer 1,635 windows_11_23h2 1,548 windows_11_24h2 1,234 windows_10_1507 1,230 windows_server_2025 1,195 office 1,032 windows_11_21h2 1,001 windows_vista 828 edge 756 windows_xp 739 windows_11 573 windows_2000 515 windows_11_25h2 502 sharepoint_server 477 365_apps 472
Quick Filters
Critical CVEs With Exploits In CISA KEV