microsoft

Product: sharepoint_server

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network....

Published: Apr 14, 2026

Product: edge

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network....

Published: Apr 10, 2026

Product: edge_chromium

Microsoft Edge (Chromium-based) Spoofing Vulnerability...

Published: Apr 10, 2026

Product: bing

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network....

Published: Apr 3, 2026

Product: azure_databricks

Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network....

Published: Apr 3, 2026

Product: azure_kubernetes_service

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network....

Published: Apr 3, 2026

Product: azure_ai_foundry

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network....

Published: Apr 3, 2026

Product: azure_web_apps

Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network....

Published: Apr 3, 2026

Product: azure_sre_agent

Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network....

Published: Apr 3, 2026

Product: azure_custom_locations_resource_provider

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network....

Published: Apr 3, 2026

Product: bing_images

Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network....

Published: Mar 19, 2026

Product: bing_images

Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network....

Published: Mar 19, 2026

Product: azure_cloud_shell

Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network....

Published: Mar 19, 2026

Product: purview

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network....

Published: Mar 19, 2026

Product: purview

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network....

Published: Mar 19, 2026

Product: 365_copilot_chat

Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network....

Published: Mar 19, 2026

Product: copilot

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network....

Published: Mar 19, 2026

Product: bing

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network....

Published: Mar 19, 2026

Product: 365_copilot

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network....

Published: Mar 19, 2026

Product: azure_data_factory

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network....

Published: Mar 19, 2026

Product: azure_devops

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network....

Published: Mar 19, 2026

Product: .net

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrec...

Published: Mar 19, 2026

Product: edge

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network....

Published: Mar 16, 2026

Product: excel

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network....

Published: Mar 16, 2026

Product: onenote

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network....

Published: Mar 16, 2026

Product: outlook

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network....

Published: Mar 16, 2026

Product: power_bi

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network....

Published: Mar 16, 2026

Product: teams

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network....

Published: Mar 16, 2026

Product: word

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network....

Published: Mar 16, 2026

Product: edge_chromium

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability...

Published: Mar 16, 2026

Product: authenticator

Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally....

Published: Mar 10, 2026

Product: 365_apps

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network....

Published: Mar 10, 2026

Product: office

Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_10_21h2

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_10_22h2

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_11_23h2

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_11_24h2

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_11_25h2

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_server_2022

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_server_2022_23h2

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_server_2025

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: asp.net_core

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network....

Published: Mar 10, 2026

Product: windows_10_1607

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_10_1809

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_10_21h2

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_10_22h2

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_11_23h2

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_11_24h2

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_11_25h2

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026

Product: windows_server_2012

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally....

Published: Mar 10, 2026