Export limit exceeded: 24176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-41090 | 1 Microsoft | 2 365 Copilot Ios, 365 Copilot Ios | 2026-05-23 | 9.3 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network. | ||||
| CVE-2026-34336 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-05-22 | 7.8 High |
| Buffer over-read in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33117 | 1 Microsoft | 1 Azure Sdk For Java | 2026-05-22 | 9.1 Critical |
| The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may bypass integrity verification checks. Operations delegated to the Key Vault service are not affected. The issue is addressed in version 4.10.6. | ||||
| CVE-2026-23663 | 1 Microsoft | 1 Global Secure Access | 2026-05-22 | 7.5 High |
| Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-42901 | 1 Microsoft | 1 Microsoft Entra Id | 2026-05-22 | 10 Critical |
| Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-41104 | 1 Microsoft | 1 Planetary Computer Pro | 2026-05-22 | 10 Critical |
| Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-45659 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-05-22 | 8.8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-42822 | 1 Microsoft | 2 Azure Local, Azure Resource Manager | 2026-05-22 | 10 Critical |
| Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-45585 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-05-22 | 6.8 Medium |
| Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Mitigation FAQs Should I leverage the temporary mitigation? Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel. What impact to service availability/management could be caused by implementing the mitigations? Implementing these mitigations will not impact service availability or management operations. Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available? No. The security update will maintain the mitigation's behavior once the security update is installed. I am using TPM+PIN, am I at risk of this vulnerability being exploited No, if you are using TPM+PIN the vulnerability is not exploitable. | ||||
| CVE-2026-33843 | 1 Microsoft | 1 Microsoft Entra Id | 2026-05-22 | 9.1 Critical |
| Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26147 | 1 Microsoft | 1 Azure Stack Hci | 2026-05-22 | 7.7 High |
| Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-42827 | 1 Microsoft | 1 365 Copilot | 2026-05-22 | 6.5 Medium |
| Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-47280 | 1 Microsoft | 1 Azure Resource Manager | 2026-05-22 | 10 Critical |
| Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-40411 | 1 Microsoft | 1 Azure Virtual Network Gateway | 2026-05-22 | 9.9 Critical |
| Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-35430 | 1 Microsoft | 1 Azure Privileged Management | 2026-05-22 | 8.8 High |
| Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-23652 | 1 Microsoft | 1 Power Pages | 2026-05-22 | 10 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-40412 | 1 Microsoft | 1 Azure Orbital Spatio | 2026-05-22 | 10 Critical |
| Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-25667 | 1 Microsoft | 2 .net, Aspnetcore | 2026-05-22 | 7.5 High |
| ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing. | ||||
| CVE-2022-22709 | 1 Microsoft | 1 Vp9 Video Extensions | 2026-05-22 | 7.8 High |
| VP9 Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2022-23282 | 1 Microsoft | 1 Paint 3d | 2026-05-22 | 7.8 High |
| Paint 3D Remote Code Execution Vulnerability | ||||