Export limit exceeded: 24832 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24832 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0185 | 1 Microsoft | 3 Windows 7, Windows 8.1, Windows Vista | 2026-04-22 | 7.8 High |
| Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability." | ||||
| CVE-2016-0189 | 1 Microsoft | 11 Internet Explorer, Jscript, Vbscript and 8 more | 2026-04-22 | 7.5 High |
| The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187. | ||||
| CVE-2016-3235 | 1 Microsoft | 2 Visio, Visio Viewer | 2026-04-22 | 7.8 High |
| Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability." | ||||
| CVE-2016-3298 | 1 Microsoft | 10 Internet Explorer, Windows 10 1507, Windows 10 1511 and 7 more | 2026-04-22 | 6.5 Medium |
| Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | ||||
| CVE-2016-3309 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 6 more | 2026-04-22 | 7.8 High |
| The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311. | ||||
| CVE-2015-1671 | 1 Microsoft | 11 .net Framework, Live Meeting, Lync and 8 more | 2026-04-22 | 7.8 High |
| The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." | ||||
| CVE-2015-1701 | 1 Microsoft | 4 Windows 2003 Server, Windows 7, Windows Server 2008 and 1 more | 2026-04-22 | 7.8 High |
| Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| CVE-2015-1769 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2026-04-22 | 6.6 Medium |
| Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability." | ||||
| CVE-2015-2419 | 1 Microsoft | 8 Internet Explorer, Windows 7, Windows 8 and 5 more | 2026-04-22 | 8.8 High |
| JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability." | ||||
| CVE-2015-2424 | 1 Microsoft | 6 Excel Viewer, Office, Office Compatibility Pack and 3 more | 2026-04-22 | 8.8 High |
| Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| CVE-2015-2425 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows 8.1 and 3 more | 2026-04-22 | 8.8 High |
| Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2384. | ||||
| CVE-2015-1641 | 1 Microsoft | 6 Office, Office Compatibility Pack, Office Web Apps and 3 more | 2026-04-22 | 7.8 High |
| Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| CVE-2015-1642 | 1 Microsoft | 1 Office | 2026-04-22 | 7.8 High |
| Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| CVE-2015-2546 | 1 Microsoft | 9 Windows 10 1507, Windows 7, Windows 8 and 6 more | 2026-04-22 | 8.2 High |
| The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518. | ||||
| CVE-2015-1770 | 1 Microsoft | 1 Office | 2026-04-22 | 8.8 High |
| Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability." | ||||
| CVE-2012-1854 | 1 Microsoft | 3 Office, Visual Basic For Applications, Visual Basic For Applications Sdk | 2026-04-22 | 7.8 High |
| Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012. | ||||
| CVE-2016-7201 | 1 Microsoft | 5 Edge, Windows 10 1507, Windows 10 1511 and 2 more | 2026-04-22 | 8.8 High |
| The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | ||||
| CVE-2016-7255 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 7 more | 2026-04-22 | 7.8 High |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| CVE-2016-7256 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 7 more | 2026-04-22 | 8.8 High |
| atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability." | ||||
| CVE-2016-7262 | 1 Microsoft | 3 Excel, Excel Viewer, Office Compatibility Pack | 2026-04-22 | 7.8 High |
| Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability." | ||||