Microsoft vulnerabilities

Showing 151 - 200 of 2.2K CVEs

  1. CVE-2025-53771 Published Jul 20, 2025

    Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

  2. CVE-2025-53770 Published Jul 20, 2025

    Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

  3. CVE-2025-47964 Published Jul 11, 2025

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

  4. CVE-2025-47963 Published Jul 11, 2025

    No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

  5. CVE-2025-47182 Published Jul 11, 2025

    Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

  6. CVE-2025-49737 Published Jul 8, 2025

    Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.

  7. CVE-2025-49739 Published Jul 8, 2025

    Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

  8. CVE-2025-49731 Published Jul 8, 2025

    Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.

  9. CVE-2025-49711 Published Jul 8, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  10. CVE-2025-49706 Published Jul 8, 2025

    Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

  11. CVE-2025-49705 Published Jul 8, 2025

    Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

  12. CVE-2025-49701 Published Jul 8, 2025

    Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  13. CVE-2025-49703 Published Jul 8, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  14. CVE-2025-49704 Published Jul 8, 2025

    Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  15. CVE-2025-49702 Published Jul 8, 2025

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  16. CVE-2025-49700 Published Jul 8, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  17. CVE-2025-49699 Published Jul 8, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  18. CVE-2025-49698 Published Jul 8, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  19. CVE-2025-49697 Published Jul 8, 2025

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  20. CVE-2025-49696 Published Jul 8, 2025

    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

  21. CVE-2025-49695 Published Jul 8, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  22. CVE-2025-49689 Published Jul 8, 2025

    Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

  23. CVE-2025-48812 Published Jul 8, 2025

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

  24. CVE-2025-47994 Published Jul 8, 2025

    Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

  25. CVE-2025-49713 Published Jul 2, 2025

    Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

  26. CVE-2025-49741 Published Jul 1, 2025

    No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

  27. CVE-2025-3052 Published Jun 10, 2025

    An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

  28. CVE-2025-47953 Published Jun 10, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  29. CVE-2025-47175 Published Jun 10, 2025

    Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

  30. CVE-2025-47173 Published Jun 10, 2025

    Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.

  31. CVE-2025-47172 Published Jun 10, 2025

    Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  32. CVE-2025-47171 Published Jun 10, 2025

    Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

  33. CVE-2025-47169 Published Jun 10, 2025

    Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  34. CVE-2025-47168 Published Jun 10, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  35. CVE-2025-47167 Published Jun 10, 2025

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  36. CVE-2025-47166 Published Jun 10, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  37. CVE-2025-47165 Published Jun 10, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  38. CVE-2025-47164 Published Jun 10, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  39. CVE-2025-47163 Published Jun 10, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  40. CVE-2025-47162 Published Jun 10, 2025

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  41. CVE-2025-5419 Published Jun 3, 2025

    Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  42. CVE-2025-32704 Published May 13, 2025

    Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  43. CVE-2025-30388 Published May 13, 2025

    Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

  44. CVE-2025-30384 Published May 13, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

  45. CVE-2025-30386 Published May 13, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  46. CVE-2025-30377 Published May 13, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  47. CVE-2025-30382 Published May 13, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

  48. CVE-2025-30379 Published May 13, 2025

    Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  49. CVE-2025-30378 Published May 13, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

  50. CVE-2025-30376 Published May 13, 2025

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.