Filtered by vendor Microsoft
Subscriptions
Total
23371 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23654 | 1 Microsoft | 3 Gihub Repo Zero Shot Scfoundation, Gihub Repo Zero Shot Scfoundation, Zero-shot-scfoundation | 2026-03-20 | 8.8 High |
| Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-23661 | 1 Microsoft | 1 Azure Iot Explorer | 2026-03-20 | 7.5 High |
| Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-23662 | 1 Microsoft | 1 Azure Iot Explorer | 2026-03-20 | 7.5 High |
| Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-23665 | 2 Microsof, Microsoft | 2 Linux Diagnostic Extension, Azure Linux Virtual Machines Azure Diagnostics | 2026-03-20 | 7.8 High |
| Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26106 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-03-20 | 8.8 High |
| Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-26107 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-03-20 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26108 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-03-20 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26109 | 1 Microsoft | 13 365 Apps, Excel, Excel 2016 and 10 more | 2026-03-20 | 8.4 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26110 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-03-20 | 8.4 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26117 | 1 Microsoft | 1 Arc Enabled Servers Azure Connected Machine Agent | 2026-03-20 | 7.8 High |
| Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26118 | 1 Microsoft | 2 Azure Mcp Server, Azure Mcp Server Tools | 2026-03-20 | 8.8 High |
| Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26130 | 2 Microsoft, Redhat | 2 Asp.net Core, Enterprise Linux | 2026-03-20 | 7.5 High |
| Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-26141 | 1 Microsoft | 1 Azure Automation Hybrid Worker Windows Extension | 2026-03-20 | 7.8 High |
| Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26144 | 1 Microsoft | 1 365 Apps | 2026-03-20 | 7.5 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-26123 | 1 Microsoft | 3 Authenticator, Authenticator For Android, Authenticator For Ios | 2026-03-20 | 5.5 Medium |
| Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-68623 | 1 Microsoft | 1 Directx End-user Runtime Web Installer | 2026-03-20 | 8.8 High |
| In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and DLLs to the %TEMP% folder - writable by standard users. Subsequently, the installer executes the downloaded executable with HIGH integrity to complete the application installation. However, an attacker can replace the downloaded executable with a malicious, user-controlled executable. When the installer executes this replaced file, it runs the attacker's code with HIGH integrity. Since code running at HIGH integrity can escalate to SYSTEM level by registering and executing a service, this creates a complete privilege escalation chain from standard user to SYSTEM. NOTE: The Supplier disputes this record stating that they have determined this to be the behavior as designed. | ||||
| CVE-2026-21262 | 1 Microsoft | 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more | 2026-03-20 | 8.8 High |
| Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-23660 | 1 Microsoft | 3 Azure Portal Windows Admin Center, Windows Admin Center, Windows Admin Center In Azure Portal | 2026-03-20 | 7.8 High |
| Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23664 | 1 Microsoft | 1 Azure Iot Explorer | 2026-03-20 | 7.5 High |
| Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-23667 | 1 Microsoft | 14 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 11 more | 2026-03-20 | 7 High |
| Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. | ||||