Live Latest activity →

Microsoft Vulnerabilities

Track Microsoft vulnerabilities including Windows, Azure, Exchange, and Office. 50 CVE advisories sorted by CVSS score.

50
Total CVEs
38
Critical
12
High

CVE Advisories

critical 10
2026-05-07

Azure DevOps leaks credentials (CVE-2026-42826)
critical 10
2026-04-23

Microsoft Bing unauthenticated RCE (CVE-2026-33819)
critical 10
2026-04-23

Entra ID SSRF allows spoofing (CVE-2026-35431)
critical 10
2026-04-03

Azure AI Foundry Privilege Escalation (CVE-2026-32213)
critical 10
2026-04-03

Azure Kubernetes Privilege Escalation (CVE-2026-33105)
critical 10
2026-04-03

Azure Databricks SSRF (CVE-2026-33107)
critical 10
2026-03-19

Software SSRF Flaw (CVE-2026-32169) - Patch Now
critical 10
2026-03-11

Microsoft Vulnerability (CVE-2026-31957)
critical 10
2026-02-20

Linux Vulnerability (CVE-2025-30411)
critical 10
2026-02-20

Linux Vulnerability (CVE-2025-30412)
critical 10
2026-02-20

Linux Vulnerability (CVE-2025-30416)
critical 10
2008-10-23

Windows Server service RCE exploited in wild (CVE-2008-4250) [PoC]
critical 9.9
2026-05-07

Azure Cassandra RCE, low-privilege (CVE-2026-33109)
critical 9.9
2026-04-24

Azure IoT Central elevates privileges (CVE-2026-21515)
critical 9.9
2026-02-19

Microsoft RCE Vulnerability (CVE-2026-26030)
critical 9.8
2026-04-14

Windows IKE Extension unauthenticated RCE (CVE-2026-33824)
critical 9.8
2026-03-19

Microsoft Command Injection (CVE-2026-32191)
critical 9.8
2026-03-19

Microsoft Command Injection (CVE-2026-32194)
critical 9.8
2026-03-05

Microsoft RCE Vulnerability (CVE-2026-21536)
critical 9.8
2026-03-05

Windows Vulnerability (CVE-2026-28391)
critical 9.8
2026-03-02

Windows RCE Vulnerability (CVE-2026-2999)
critical 9.8
2026-03-02

Windows RCE Vulnerability (CVE-2026-3000)
critical 9.6
2026-05-07

Microsoft Teams information disclosure (CVE-2026-33823)
critical 9.6
2026-05-07

Azure Cloud Shell network spoofing (CVE-2026-35428)
critical 9.6
2026-05-06

Google Chrome sandbox escape (CVE-2026-7908)
critical 9.6
2026-04-23

Partner Center privilege escalation (CVE-2026-24303)
critical 9.6
2026-04-23

Chrome Android GPU sandbox escape (CVE-2026-6920)
critical 9.6
2026-04-15

Chrome sandbox escape via heap overflow (CVE-2026-6296)
critical 9.6
2026-04-03

Azure Custom Locations SSRF (CVE-2026-26135)
critical 9.6
2026-03-11

Windows Vulnerability (CVE-2026-30903)
critical 9.3
2026-04-23

Dynamics 365 SSRF lets attackers spoof (CVE-2026-32210)
critical 9.3
2026-04-14

Adobe Connect reflected XSS, unauthenticated (CVE-2026-27243)
critical 9.3
2026-04-14

Adobe Connect reflected XSS, unauthenticated (CVE-2026-27245)
critical 9.3
2026-04-14

Adobe Connect DOM XSS, patch now (CVE-2026-27246)
critical 9.3
2010-03-10

Internet Explorer RCE exploited in the wild (CVE-2010-0806)
critical 9.3
2010-01-15

Internet Explorer RCE exploited in the wild (CVE-2010-0249)
critical 9.3
2009-05-29

DirectShow RCE actively exploited (CVE-2009-1537)
critical 9.1
2026-04-03

Azure MCP Server Auth Bypass (CVE-2026-32211)
high 8.8
2026-05-06

Chrome heap corruption via crafted page (CVE-2026-7896)
high 8.8
2026-05-06

Chrome V8 code execution in sandbox (CVE-2026-7899)
high 8.8
2026-04-15

Chrome use-after-free RCE via Prerender (CVE-2026-6299)
high 8.8
2026-04-15

Chrome sandbox escape via CSS use-after-free (CVE-2026-6300)
high 8.8
2026-04-15

Chrome sandbox escape via type confusion (CVE-2026-6301)
high 8.8
2026-04-15

Chrome sandbox escape via video code execution (CVE-2026-6302)
high 8.8
2026-03-13

Chrome Vulnerability (CVE-2026-3909) [PoC]
high 8.8
2026-03-13

Chrome Vulnerability (CVE-2026-3910)
high 8.8
2026-03-10

Windows Vulnerability (CVE-2026-23669)
high 8.8
2009-02-25

Excel arbitrary code execution exploited in the wild (CVE-2009-0238)
high 8.6
2026-04-23

Microsoft Purview SSRF elevates privileges (CVE-2026-26150)
high 8.3
2026-04-23

Chrome sandbox escape via video file (CVE-2026-6921)

Related News

critical
2026-04-12

Weekly Threat Roundup: APT28 DNS Hijacking (Apr 6-12
high
2026-04-07

APT28 Hijacks SOHO Routers - Microsoft 365 Credentials
high
2026-04-06

Storm-1175 Exploits Zero-Days to Deploy Medusa
medium
2026-03-30

Russian CTRL Toolkit Hijacks RDP via Malicious LNK
high
2026-03-27

Windows 11 KB5079391 update rolls out Smart App Control
medium
2026-03-25

Device Code Phishing Hits 340+ Microsoft 365 Orgs
medium
2026-03-23

North Korean Hackers Abuse VS Code Auto-Run Tasks to
critical
2026-03-19

CISA Warns of Zimbra, SharePoint Exploits; Cisco
medium
2026-03-16

GlassWorm Attack Uses Stolen GitHub Tokens to
medium
2026-03-13

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning
high
2026-03-10

Microsoft Patches 84 Flaws in March Patch Tuesday,
high
2026-03-05

China-Linked Hackers Use TernDoor, PeerTime, BruteEntry
critical
2026-03-02

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited
Browse all vendors

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.