{"query":"Microsoft","total_kev_entries":1617,"matches_found":436,"results":[{"cveID":"CVE-2026-11645","vendorProject":"Google","product":"Chromium V8","vulnerabilityName":"Google Chromium V8 Out-of-Bounds Read and Write Vulnerability","dateAdded":"2026-06-09","shortDescription":"Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-06-23","knownRansomwareCampaignUse":"Unknown","notes":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html ; https://issues.chromium.org/issues/506689381 ; https://nvd.nist.gov/vuln/detail/CVE-2026-11645","cwes":["CWE-787","CWE-125"]},{"cveID":"CVE-2008-4250","vendorProject":"Microsoft","product":"Windows","vulnerabilityName":"Microsoft Windows Buffer Overflow Vulnerability","dateAdded":"2026-05-20","shortDescription":"Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-06-03","knownRansomwareCampaignUse":"Unknown","notes":"https://learn.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 ; https://nvd.nist.gov/vuln/detail/CVE-2008-4250","cwes":["CWE-94"]},{"cveID":"CVE-2009-1537","vendorProject":"Microsoft","product":"DirectX","vulnerabilityName":"Microsoft DirectX NULL Byte Overwrite Vulnerability","dateAdded":"2026-05-20","shortDescription":"Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-06-03","knownRansomwareCampaignUse":"Unknown","notes":"https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028 ; https://nvd.nist.gov/vuln/detail/CVE-2009-1537","cwes":[]},{"cveID":"CVE-2010-0249","vendorProject":"Microsoft","product":"Internet Explorer","vulnerabilityName":"Microsoft Internet Explorer Use-After-Free Vulnerability","dateAdded":"2026-05-20","shortDescription":"Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-06-03","knownRansomwareCampaignUse":"Unknown","notes":"https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/979352 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0249","cwes":["CWE-416"]},{"cveID":"CVE-2010-0806","vendorProject":"Microsoft","product":"Internet Explorer","vulnerabilityName":"Microsoft Internet Explorer Use-After-Free Vulnerability","dateAdded":"2026-05-20","shortDescription":"Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-06-03","knownRansomwareCampaignUse":"Unknown","notes":"https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806","cwes":["CWE-399"]},{"cveID":"CVE-2026-41091","vendorProject":"Microsoft","product":"Defender","vulnerabilityName":"Microsoft Defender Link Following Vulnerability","dateAdded":"2026-05-20","shortDescription":"Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-06-03","knownRansomwareCampaignUse":"Unknown","notes":"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41091","cwes":["CWE-59"]},{"cveID":"CVE-2026-45498","vendorProject":"Microsoft","product":"Defender","vulnerabilityName":"Microsoft Defender Denial of Service Vulnerability","dateAdded":"2026-05-20","shortDescription":"Microsoft Defender contains an unspecified vulnerability that allows for denial of service.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-06-03","knownRansomwareCampaignUse":"Unknown","notes":"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498 ; https://nvd.nist.gov/vuln/detail/CVE-2026-45498","cwes":[]},{"cveID":"CVE-2026-42897","vendorProject":"Microsoft","product":"Microsoft","vulnerabilityName":"Microsoft Exchange Server Cross-Site Scripting Vulnerability","dateAdded":"2026-05-15","shortDescription":"Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-05-29","knownRansomwareCampaignUse":"Unknown","notes":"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897 ; https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-emergency-mitigation-service ; https://nvd.nist.gov/vuln/detail/CVE-2026-42897","cwes":["CWE-79"]},{"cveID":"CVE-2026-32202","vendorProject":"Microsoft","product":"Windows","vulnerabilityName":"Microsoft Windows Protection Mechanism Failure Vulnerability","dateAdded":"2026-04-28","shortDescription":"Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-05-12","knownRansomwareCampaignUse":"Unknown","notes":"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32202 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32202","cwes":["CWE-693"]},{"cveID":"CVE-2026-33825","vendorProject":"Microsoft","product":"Defender","vulnerabilityName":"Microsoft Defender Insufficient Granularity of Access Control Vulnerability","dateAdded":"2026-04-22","shortDescription":"Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-05-06","knownRansomwareCampaignUse":"Unknown","notes":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825 ; https://nvd.nist.gov/vuln/detail/CVE-2026-33825","cwes":["CWE-1220"]},{"cveID":"CVE-2009-0238","vendorProject":"Microsoft","product":"Office","vulnerabilityName":"Microsoft Office Remote Code Execution","dateAdded":"2026-04-14","shortDescription":"Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-04-28","knownRansomwareCampaignUse":"Unknown","notes":"https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0238","cwes":["CWE-94"]},{"cveID":"CVE-2026-32201","vendorProject":"Microsoft","product":"SharePoint Server","vulnerabilityName":"Microsoft SharePoint Server Improper Input Validation Vulnerability","dateAdded":"2026-04-14","shortDescription":"Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-04-28","knownRansomwareCampaignUse":"Unknown","notes":"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32201","cwes":["CWE-20"]},{"cveID":"CVE-2012-1854","vendorProject":"Microsoft","product":"Visual Basic for Applications (VBA)","vulnerabilityName":"Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability","dateAdded":"2026-04-13","shortDescription":"Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-04-27","knownRansomwareCampaignUse":"Unknown","notes":"https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854","cwes":["CWE-426"]},{"cveID":"CVE-2025-60710","vendorProject":"Microsoft","product":"Windows","vulnerabilityName":"Microsoft Windows Link Following Vulnerability","dateAdded":"2026-04-13","shortDescription":"Microsoft Windows contains a link following vulnerability that allows for privilege escalation","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-04-27","knownRansomwareCampaignUse":"Unknown","notes":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710","cwes":["CWE-59"]},{"cveID":"CVE-2023-21529","vendorProject":"Microsoft","product":"Exchange Server","vulnerabilityName":"Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability","dateAdded":"2026-04-13","shortDescription":"Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-04-27","knownRansomwareCampaignUse":"Known","notes":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529","cwes":["CWE-502"]},{"cveID":"CVE-2023-36424","vendorProject":"Microsoft","product":"Windows","vulnerabilityName":"Microsoft Windows Out-of-Bounds Read Vulnerability","dateAdded":"2026-04-13","shortDescription":"Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-04-27","knownRansomwareCampaignUse":"Unknown","notes":"https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424","cwes":["CWE-125"]},{"cveID":"CVE-2026-5281","vendorProject":"Google","product":"Dawn","vulnerabilityName":"Google Dawn Use-After-Free Vulnerability","dateAdded":"2026-04-01","shortDescription":"Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-04-15","knownRansomwareCampaignUse":"Unknown","notes":"This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-5281 ","cwes":["CWE-416"]},{"cveID":"CVE-2026-20963","vendorProject":"Microsoft","product":"SharePoint","vulnerabilityName":"Microsoft SharePoint Deserialization of Untrusted Data Vulnerability","dateAdded":"2026-03-18","shortDescription":"Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-03-21","knownRansomwareCampaignUse":"Unknown","notes":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20963","cwes":["CWE-502"]},{"cveID":"CVE-2026-3910","vendorProject":"Google","product":"Chromium V8","vulnerabilityName":"Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability","dateAdded":"2026-03-13","shortDescription":"Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-03-27","knownRansomwareCampaignUse":"Unknown","notes":"https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910","cwes":["CWE-119"]},{"cveID":"CVE-2008-0015","vendorProject":"Microsoft","product":"Windows","vulnerabilityName":" Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability","dateAdded":"2026-02-17","shortDescription":"Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-03-10","knownRansomwareCampaignUse":"Unknown","notes":"https://web.archive.org/web/20110305211119/https://www.microsoft.com/technet/security/bulletin/ms09-032.mspx ; https://nvd.nist.gov/vuln/detail/CVE-2008-0015","cwes":[]},{"cveID":"CVE-2026-2441","vendorProject":"Google","product":"Chromium","vulnerabilityName":"Google Chromium CSS Use-After-Free Vulnerability","dateAdded":"2026-02-17","shortDescription":"Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-03-10","knownRansomwareCampaignUse":"Unknown","notes":"https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-2441","cwes":["CWE-416"]},{"cveID":"CVE-2024-43468","vendorProject":"Microsoft","product":"Configuration Manager","vulnerabilityName":"Microsoft Configuration Manager SQL Injection Vulnerability","dateAdded":"2026-02-12","shortDescription":"Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-03-05","knownRansomwareCampaignUse":"Unknown","notes":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468","cwes":["CWE-89"]},{"cveID":"CVE-2026-21513","vendorProject":"Microsoft","product":"Windows","vulnerabilityName":"Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability","dateAdded":"2026-02-10","shortDescription":"Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-03-03","knownRansomwareCampaignUse":"Unknown","notes":"https://msrc.microsoft.com/update-guide/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513","cwes":["CWE-693"]},{"cveID":"CVE-2026-21525","vendorProject":"Microsoft","product":"Windows","vulnerabilityName":"Microsoft Windows NULL Pointer Dereference Vulnerability","dateAdded":"2026-02-10","shortDescription":"Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-03-03","knownRansomwareCampaignUse":"Unknown","notes":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525","cwes":["CWE-476"]},{"cveID":"CVE-2026-21510","vendorProject":"Microsoft","product":"Windows","vulnerabilityName":"Microsoft Windows Shell Protection Mechanism Failure Vulnerability","dateAdded":"2026-02-10","shortDescription":"Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. ","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-03-03","knownRansomwareCampaignUse":"Unknown","notes":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510 ","cwes":["CWE-693"]}],"note":"Showing first 25 of 436 results"}