threat
engine
.sh
Back
·
··:··
Home
/
Product
/
microsoft
Product
microsoft
60 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-45498
Defender
Microsoft Defender Denial of Service Vulnerability
CVE-2026-41091
Defender
Microsoft Defender Link Following Vulnerability
CVE-2010-0806
Internet Explorer
Microsoft Internet Explorer Use-After-Free Vulnerability
CVE-2010-0249
Internet Explorer
Microsoft Internet Explorer Use-After-Free Vulnerability
HIGH
CVE-2009-1537
DirectX
Microsoft DirectX NULL Byte Overwrite Vulnerability
CVE-2008-4250
Windows
Microsoft Windows Buffer Overflow Vulnerability
CVE-2026-42897
Microsoft
Microsoft Exchange Server Cross-Site Scripting Vulnerability
HIGH
CVE-2026-32202
Windows
Microsoft Windows Protection Mechanism Failure Vulnerability
MEDIUM
CVE-2026-33825
Defender
Microsoft Defender Insufficient Granularity of Access Control Vulnerability
HIGH
CVE-2026-32201
SharePoint Server
Microsoft SharePoint Server Improper Input Validation Vulnerability
MEDIUM
CVE-2009-0238
Office
Microsoft Office Remote Code Execution
HIGH
CVE-2023-36424
Windows
Microsoft Windows Out-of-Bounds Read Vulnerability
HIGH
CVE-2023-21529
Exchange Server
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
HIGH
CVE-2025-60710
Windows
Microsoft Windows Link Following Vulnerability
HIGH
CVE-2012-1854
Visual Basic for Applications (VBA)
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
HIGH
CVE-2026-20963
SharePoint
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
CRITICAL
CVE-2008-0015
Windows
Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
HIGH
CVE-2024-43468
Configuration Manager
Microsoft Configuration Manager SQL Injection Vulnerability
CRITICAL
CVE-2026-21514
Office
Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
HIGH
CVE-2026-21519
Windows
Microsoft Windows Type Confusion Vulnerability
HIGH
CVE-2026-21533
Windows
Microsoft Windows Improper Privilege Management Vulnerability
HIGH
CVE-2026-21510
Windows
Microsoft Windows Shell Protection Mechanism Failure Vulnerability
HIGH
CVE-2026-21525
Windows
Microsoft Windows NULL Pointer Dereference Vulnerability
MEDIUM
CVE-2026-21513
Windows
Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
HIGH
CVE-2026-21509
Office
Microsoft Office Security Feature Bypass Vulnerability
HIGH
CVE-2026-20805
Windows
Microsoft Windows Information Disclosure Vulnerability
MEDIUM
CVE-2009-0556
Office
Microsoft Office PowerPoint Code Injection Vulnerability
HIGH
CVE-2025-62221
Windows
Microsoft Windows Use After Free Vulnerability
HIGH
CVE-2025-62215
Windows
Microsoft Windows Race Condition Vulnerability
HIGH
CVE-2025-59287
Windows
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
CRITICAL
CVE-2025-33073
Windows
Microsoft Windows SMB Client Improper Access Control Vulnerability
HIGH
CVE-2025-59230
Windows
Microsoft Windows Improper Access Control Vulnerability
HIGH
CVE-2025-24990
Windows
Microsoft Windows Untrusted Pointer Dereference Vulnerability
HIGH
CVE-2011-3402
Windows
Microsoft Windows Remote Code Execution Vulnerability
HIGH
CVE-2013-3918
Windows
Microsoft Windows Out-of-Bounds Write Vulnerability
HIGH
CVE-2021-43226
Windows
Microsoft Windows Privilege Escalation Vulnerability
HIGH
CVE-2010-3962
Internet Explorer
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
HIGH
CVE-2013-3893
Internet Explorer
Microsoft Internet Explorer Resource Management Errors Vulnerability
HIGH
CVE-2007-0671
Office
Microsoft Office Excel Remote Code Execution Vulnerability
HIGH
CVE-2025-49706
SharePoint
Microsoft SharePoint Improper Authentication Vulnerability
MEDIUM
CVE-2025-49704
SharePoint
Microsoft SharePoint Code Injection Vulnerability
HIGH
CVE-2025-53770
SharePoint
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
CRITICAL
CVE-2025-33053
Windows
Microsoft Windows External Control of File Name or Path Vulnerability
HIGH
CVE-2025-30400
Windows
Microsoft Windows DWM Core Library Use-After-Free Vulnerability
HIGH
CVE-2025-32701
Windows
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
HIGH
CVE-2025-32706
Windows
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
HIGH
CVE-2025-30397
Windows
Microsoft Windows Scripting Engine Type Confusion Vulnerability
HIGH
CVE-2025-32709
Windows
Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability
HIGH
CVE-2025-24054
Windows
Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
MEDIUM
CVE-2025-29824
Windows
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
HIGH
CVE-2025-26633
Windows
Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
HIGH
CVE-2025-24983
Windows
Microsoft Windows Win32k Use-After-Free Vulnerability
HIGH
CVE-2025-24984
Windows
Microsoft Windows NTFS Information Disclosure Vulnerability
MEDIUM
CVE-2025-24985
Windows
Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
HIGH
CVE-2025-24991
Windows
Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability
MEDIUM
CVE-2025-24993
Windows
Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
HIGH
CVE-2018-8639
Windows
Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
HIGH
CVE-2024-49035
Partner Center
Microsoft Partner Center Improper Access Control Vulnerability
HIGH
CVE-2025-24989
Power Pages
Microsoft Power Pages Improper Access Control Vulnerability
HIGH
CVE-2025-21391
Windows
Microsoft Windows Storage Link Following Vulnerability
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin