ByteOS

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-3.25% / 87.39%

||

7 Day CHG~0.00%

Published-12 Mar, 2020 | 15:48

Updated-04 Aug, 2024 | 06:18

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-0970

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-38.32% / 97.32%

||

7 Day CHG~0.00%

Published-15 Apr, 2020 | 15:13

Updated-04 Aug, 2024 | 06:18

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0968.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-0829

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-3.84% / 88.43%

||

7 Day CHG~0.00%

Published-12 Mar, 2020 | 15:48

Updated-04 Aug, 2024 | 06:18

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-0895

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-9.34% / 92.93%

||

7 Day CHG~0.00%

Published-15 Apr, 2020 | 15:12

Updated-04 Aug, 2024 | 06:18

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.

CVE-2023-29335

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.57% / 69.13%

||

7 Day CHG-0.02%

Published-09 May, 2023 | 17:03

Updated-19 May, 2026 | 18:38

Microsoft Word Security Feature Bypass Vulnerability

CWE ID-CWE-20

Improper Input Validation

CVE-2020-0812

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-3.43% / 87.71%

||

7 Day CHG~0.00%

Published-12 Mar, 2020 | 15:48

Updated-04 Aug, 2024 | 06:18

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0811.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-0831

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-3.84% / 88.43%

||

7 Day CHG~0.00%

Published-12 Mar, 2020 | 15:48

Updated-04 Aug, 2024 | 06:18

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-0832

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-3.25% / 87.39%

||

7 Day CHG~0.00%

Published-12 Mar, 2020 | 15:48

Updated-04 Aug, 2024 | 06:18

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848.

Product-internet_explorer windows_server_2016 windows_server_2012 windows_8.1 windows_rt_8.1 windows_7 windows_10 windows_server_2019 windows_server_2008 Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems Internet Explorer 11 Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems Internet Explorer 9 Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems Internet Explorer 11 on Windows Server 2012 Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-0811

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-3.43% / 87.71%

||

7 Day CHG~0.00%

Published-12 Mar, 2020 | 15:48

Updated-04 Aug, 2024 | 06:18

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0812.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-0828

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-3.84% / 88.43%

||

7 Day CHG~0.00%

Published-12 Mar, 2020 | 15:48

Updated-04 Aug, 2024 | 06:18

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-1058

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-5.13% / 90.06%

||

7 Day CHG~0.00%

Published-21 May, 2020 | 22:52

Updated-04 Aug, 2024 | 06:25

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1060, CVE-2020-1093.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-29325

Matching Score-8

Matching Score-8

CVSS Score-8.1||HIGH

EPSS-25.39% / 96.33%

||

7 Day CHG~0.00%

Published-09 May, 2023 | 17:03

Updated-10 Jul, 2025 | 16:39

Windows OLE Remote Code Execution Vulnerability

Product-windows_10_21h2 windows_10_1809 windows_server_2016 windows_server_2012 windows_server_2008 windows_10_1507 windows_11_21h2 windows_10_22h2 windows_server_2022 windows_10_20h2 windows_11_22h2 windows_10_1607 Windows Server 2022 Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2 Windows Server 2008 Service Pack 2 Windows Server 2008 R2 Service Pack 1 Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809 Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019 Windows Server 2016 Windows Server 2012 (Server Core installation)Windows 11 version 22H2 Windows 10 Version 20H2 Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 Windows 11 version 21H2 Windows 10 Version 22H2 Windows 10 Version 1507 Windows Server 2012 Windows 10 Version 1607 Windows 10 Version 21H2

CWE ID-CWE-416

Use After Free

CVE-2020-0969

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-38.32% / 97.32%

||

7 Day CHG~0.00%

Published-15 Apr, 2020 | 15:13

Updated-04 Aug, 2024 | 06:18

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-1037

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-3.84% / 88.43%

||

7 Day CHG~0.00%

Published-21 May, 2020 | 22:52

Updated-04 Aug, 2024 | 06:25

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-0823

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-3.84% / 88.43%

||

7 Day CHG~0.00%

Published-12 Mar, 2020 | 15:48

Updated-04 Aug, 2024 | 06:18

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-0968

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-43.67% / 97.60%

||

7 Day CHG~0.00%

Published-15 Apr, 2020 | 15:13

Updated-29 Oct, 2025 | 14:26

Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-0847

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-7.99% / 92.26%

||

7 Day CHG~0.00%

Published-12 Mar, 2020 | 15:48

Updated-04 Aug, 2024 | 06:18

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.

CVE-2020-0848

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-3.81% / 88.35%

||

7 Day CHG~0.00%

Published-12 Mar, 2020 | 15:48

Updated-04 Aug, 2024 | 06:18

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-0611

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-8.10% / 92.32%

||

7 Day CHG~0.00%

Published-14 Jan, 2020 | 23:11

Updated-04 Aug, 2024 | 06:11

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

Product-windows_server_2016 windows_server_2012 windows_8.1 windows_rt_8.1 windows_7 windows_10 windows_server_2019 windows_server_2008 Windows Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1903 for x64-based Systems Windows Server Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit Systems Windows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems

CVE-2020-0640

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-3.43% / 87.71%

||

7 Day CHG~0.00%

Published-14 Jan, 2020 | 23:11

Updated-04 Aug, 2024 | 06:11

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-0673

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-3.02% / 86.88%

||

7 Day CHG~0.00%

Published-11 Feb, 2020 | 21:22

Updated-04 Aug, 2024 | 06:11

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.

Product-internet_explorer windows_server_2016 windows_server_2012 windows_8.1 windows_rt_8.1 windows_7 windows_10 windows_server_2019 windows_server_2008 Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems Internet Explorer 11 Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems Internet Explorer 9 Internet Explorer 10 Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems Internet Explorer 11 on Windows Server 2012 Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-28232

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.45% / 63.92%

||

7 Day CHG~0.00%

Published-11 Apr, 2023 | 19:13

Updated-23 Jan, 2025 | 01:04

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Product-windows_10_21h2 windows_10_1809 windows_server_2016 windows_server_2012 windows_server_2008 windows_10_1507 windows_11_21h2 windows_10_22h2 windows_server_2022 windows_10_20h2 windows_11_22h2 windows_server_2019 windows_10_1607 Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2 Windows Server 2016 Windows 10 Version 20H2 Windows Server 2012 (Server Core installation)Windows 10 Version 21H2 Windows Server 2012 R2 Windows Server 2008 Service Pack 2 Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607 Windows 11 version 22H2 Windows Server 2022 Windows 11 version 21H2 Windows 10 Version 1507 Windows Server 2012 Windows Server 2016 (Server Core installation)Windows 10 Version 1809 Windows Server 2019 Windows Server 2008 Service Pack 2 Windows Server 2008 R2 Service Pack 1 Windows Server 2019 (Server Core installation)

CWE ID-CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE-2020-0710

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-5.21% / 90.13%

||

7 Day CHG~0.00%

Published-11 Feb, 2020 | 21:23

Updated-04 Aug, 2024 | 06:11

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2026-9909

Matching Score-8

Assigner-Chrome

Matching Score-8

Assigner-Chrome

CVSS Score-7.5||HIGH

EPSS-0.10% / 27.53%

||

7 Day CHG+0.01%

Published-28 May, 2026 | 22:25

Updated-30 May, 2026 | 03:56

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor-Microsoft Corporation Linux Kernel Organization, Inc Apple Inc.Google LLC

CWE ID-CWE-472

External Control of Assumed-Immutable Web Parameter

CVE-2026-9960

Matching Score-8

Assigner-Chrome

Matching Score-8

Assigner-Chrome

CVSS Score-7.5||HIGH

EPSS-0.10% / 27.53%

||

7 Day CHG+0.01%

Published-28 May, 2026 | 22:25

Updated-30 May, 2026 | 03:55

Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted font file. (Chromium security severity: High)

Vendor-Microsoft Corporation Linux Kernel Organization, Inc Apple Inc.Google LLC

CWE ID-CWE-472

External Control of Assumed-Immutable Web Parameter

CVE-2020-0681

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-6.19% / 91.04%

||

7 Day CHG~0.00%

Published-11 Feb, 2020 | 21:22

Updated-04 Aug, 2024 | 06:11

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0734.

Product-windows_server_2016 windows_server_2012 windows_8.1 windows_rt_8.1 windows_7 windows_10 windows_server_2019 windows_server_2008 Windows Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1903 for x64-based Systems Windows Server Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit Systems Windows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems

CVE-2020-0767

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-42.19% / 97.53%

||

7 Day CHG~0.00%

Published-11 Feb, 2020 | 21:23

Updated-04 Aug, 2024 | 06:11

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2026-9954

Matching Score-8

Assigner-Chrome

Matching Score-8

Assigner-Chrome

CVSS Score-7.5||HIGH

EPSS-0.12% / 30.15%

||

7 Day CHG+0.01%

Published-28 May, 2026 | 22:25

Updated-01 Jun, 2026 | 18:29

Use after free in TabStrip in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor-Microsoft Corporation Linux Kernel Organization, Inc Apple Inc.Google LLC

CWE ID-CWE-416

Use After Free

CVE-2020-0711

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-5.21% / 90.13%

||

7 Day CHG~0.00%

Published-11 Feb, 2020 | 21:23

Updated-04 Aug, 2024 | 06:11

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-0768

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-6.25% / 91.09%

||

7 Day CHG~0.00%

Published-12 Mar, 2020 | 15:48

Updated-04 Aug, 2024 | 06:11

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-0674

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-93.64% / 99.85%

||

7 Day CHG-0.14%

Published-11 Feb, 2020 | 21:22

Updated-29 Oct, 2025 | 14:27

Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.

CWE ID-CWE-416

Use After Free

CVE-2020-0713

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-5.21% / 90.13%

||

7 Day CHG~0.00%

Published-11 Feb, 2020 | 21:23

Updated-04 Aug, 2024 | 06:11

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0767.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-36004

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-0.18% / 38.96%

||

7 Day CHG~0.00%

Published-12 Dec, 2023 | 18:10

Updated-01 Jan, 2025 | 02:18

Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability

Product-windows_10_21h2 windows_10_1809 windows_server_2016 windows_server_2012 windows_server_2008 windows_10_1507 windows_11_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_server_2019 windows_10_1607 windows_11_23h2 Windows Server 2022 Windows 10 Version 1607 Windows 11 version 22H3 Windows 11 version 22H2 Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2 Windows 10 Version 1809 Windows Server 2016 (Server Core installation)Windows 11 version 21H2 Windows Server 2012 (Server Core installation)Windows Server 2016 Windows 10 Version 1507 Windows 10 Version 21H2 Windows Server 2008 R2 Service Pack 1 Windows 11 Version 23H2 Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 Windows Server 2019 Windows Server 2012 Windows Server 2008 Service Pack 2 Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2

CWE ID-CWE-287

Improper Authentication

CVE-2026-7976

Matching Score-8

Assigner-Chrome

Matching Score-8

Assigner-Chrome

CVSS Score-7.5||HIGH

EPSS-0.02% / 6.04%

||

7 Day CHG~0.00%

Published-06 May, 2026 | 18:12

Updated-07 May, 2026 | 03:56

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

Vendor-Apple Inc.Microsoft Corporation Google LLC Linux Kernel Organization, Inc

CWE ID-CWE-416

Use After Free

CVE-2006-3660

Matching Score-8

Assigner-MITRE Corporation

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-7.6||HIGH

EPSS-59.60% / 98.29%

||

7 Day CHG~0.00%

Published-17 Jul, 2006 | 19:00

Updated-16 Apr, 2026 | 00:27

Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.

Vendor-n/a Microsoft Corporation

Product-powerpoint n/a

CVE-2026-8007

Matching Score-8

Assigner-Chrome

Matching Score-8

Assigner-Chrome

CVSS Score-7.5||HIGH

EPSS-0.14% / 33.31%

||

7 Day CHG+0.01%

Published-06 May, 2026 | 18:13

Updated-07 May, 2026 | 15:17

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

Vendor-Apple Inc.Microsoft Corporation Google LLC Linux Kernel Organization, Inc

CWE ID-CWE-20

Improper Input Validation

CVE-2026-7343

Matching Score-8

Assigner-Chrome

Matching Score-8

Assigner-Chrome

CVSS Score-7.5||HIGH

EPSS-0.21% / 43.73%

||

7 Day CHG~0.00%

Published-28 Apr, 2026 | 22:35

Updated-30 Apr, 2026 | 16:36

Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor-Apple Inc.Microsoft Corporation Google LLC Linux Kernel Organization, Inc

CWE ID-CWE-416

Use After Free

CVE-2026-7929

Matching Score-8

Assigner-Chrome

Matching Score-8

Assigner-Chrome

CVSS Score-7.5||HIGH

EPSS-0.09% / 25.06%

||

7 Day CHG+0.01%

Published-06 May, 2026 | 18:12

Updated-07 May, 2026 | 03:56

Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor-Apple Inc.Microsoft Corporation Google LLC Linux Kernel Organization, Inc

CWE ID-CWE-416

Use After Free

CVE-2025-21171

Matching Score-8

Matching Score-8

Product-windows visual_studio_2022 linux_kernel powershell macos .net .NET 9.0 Microsoft Visual Studio 2022 version 17.6 Microsoft Visual Studio 2022 version 17.12 Microsoft Visual Studio 2022 version 17.8 Microsoft Visual Studio 2022 version 17.10 PowerShell 7.5

CVSS Score-7.5||HIGH

EPSS-0.82% / 74.77%

||

7 Day CHG+0.23%

Published-14 Jan, 2025 | 18:03

Updated-09 Jun, 2026 | 18:28

.NET Remote Code Execution Vulnerability

Vendor-Microsoft Corporation Linux Kernel Organization, Inc Apple Inc.

CWE ID-CWE-122

Heap-based Buffer Overflow

CVE-2013-3900

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-75.82% / 98.93%

||

7 Day CHG-0.34%

Published-11 Dec, 2013 | 00:00

Updated-22 Apr, 2026 | 16:46

Known KEV||Action Due Date - 2022-07-10||Apply updates per vendor instructions.

WinVerifyTrust Signature Validation Vulnerability

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, except for clarifications about how to configure the EnableCertPaddingCheck registry value, the information herein remains unchanged from the original text published on December 10, 2013, Microsoft does not plan to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. This behavior remains available as an opt-in feature via reg key setting, and is available on supported editions of Windows released since December 10, 2013. This includes all currently supported versions of Windows 10 and Windows 11. The supporting code for this reg key was incorporated at the time of release for Windows 10 and Windows 11, so no security update is required; however, the reg key must be set. See the Security Updates table for the list of affected software. Vulnerability Description A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable (PE) files. An anonymous attacker could exploit the vulnerability by modifying an existing signed executable file to leverage unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of this vulnerability requires that a user or application run or install a specially crafted, signed PE file. An attacker could modify an... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900

CWE ID-CWE-347

Improper Verification of Cryptographic Signature

CVE-2025-21172

Matching Score-8

Matching Score-8

Product-linux_kernel visual_studio_2022 macos visual_studio_2017 visual_studio_2019 .net windows .NET 9.0 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2022 version 17.6 Microsoft Visual Studio 2015 Update 3 .NET 8.0 Microsoft Visual Studio 2022 version 17.12 Microsoft Visual Studio 2022 version 17.8 Microsoft Visual Studio 2022 version 17.10 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)

CVSS Score-7.5||HIGH

EPSS-0.59% / 69.50%

||

7 Day CHG+0.15%

Published-14 Jan, 2025 | 18:04

Updated-09 Jun, 2026 | 18:29

.NET and Visual Studio Remote Code Execution Vulnerability

Vendor-Microsoft Corporation Linux Kernel Organization, Inc Apple Inc.

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-190

Integer Overflow or Wraparound

CVE-2026-48563

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-Not Assigned

Published-09 Jun, 2026 | 17:05

Updated-10 Jun, 2026 | 17:32

Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CWE ID-CWE-416

Use After Free

CWE ID-CWE-787

Out-of-bounds Write

CVE-2026-7357

Matching Score-8

Assigner-Chrome

Matching Score-8

Assigner-Chrome

CVSS Score-7.5||HIGH

EPSS-0.03% / 10.04%

||

7 Day CHG~0.00%

Published-28 Apr, 2026 | 22:35

Updated-30 Apr, 2026 | 16:37

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor-Apple Inc.Microsoft Corporation Google LLC Linux Kernel Organization, Inc

CWE ID-CWE-416

Use After Free

CVE-2026-7948

Matching Score-8

Assigner-Chrome

Matching Score-8

Assigner-Chrome

CVSS Score-7.5||HIGH

EPSS-0.02% / 6.67%

||

7 Day CHG~0.00%

Published-06 May, 2026 | 18:12

Updated-07 May, 2026 | 03:56

Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

Vendor-Microsoft Corporation Google LLC

Product-chrome windows Chrome

CWE ID-CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE-2018-8266

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-60.38% / 98.31%

||

7 Day CHG~0.00%

Published-15 Aug, 2018 | 17:00

Updated-05 Aug, 2024 | 06:46

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8380, CVE-2018-8381, CVE-2018-8384.

Product-edge windows_server_2016 chakracore windows_10 ChakraCore Microsoft Edge

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-24936

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-1.16% / 78.95%

||

7 Day CHG~0.00%

Published-14 Jun, 2023 | 14:52

Updated-01 Jan, 2025 | 01:43

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

CVE-2013-3186

Matching Score-8

Matching Score-8

CVSS Score-7.6||HIGH

EPSS-16.02% / 94.92%

||

7 Day CHG~0.00%

Published-14 Aug, 2013 | 10:00

Updated-29 Apr, 2026 | 01:13

The Protected Mode feature in Microsoft Internet Explorer 7 through 10 on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly implement the Integrity Access Level (aka IL) protection mechanism, which allows remote attackers to obtain medium-integrity privileges by leveraging access to a low-integrity process, aka "Process Integrity Level Assignment Vulnerability."

Vendor-n/a Microsoft Corporation

Product-internet_explorer windows_vista windows_7 windows_server_2008 n/a

CVE-2017-11870

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-80.40% / 99.15%

||

7 Day CHG~0.00%

Published-15 Nov, 2017 | 03:00

Updated-13 May, 2026 | 00:24

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11871, and CVE-2017-11873.

Product-windows_server chakracore windows_10 edge ChakraCore, Microsoft Edge

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2026-6308

Matching Score-8

Assigner-Chrome

Matching Score-8

Assigner-Chrome

CVSS Score-7.5||HIGH

EPSS-0.04% / 12.13%

||

7 Day CHG~0.00%

Published-15 Apr, 2026 | 19:04

Updated-26 May, 2026 | 19:16

Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor-Microsoft Corporation Linux Kernel Organization, Inc Google LLC Apple Inc.

CWE ID-CWE-125

Out-of-bounds Read

CVE-2017-11810

Matching Score-8

Matching Score-8

CVSS Score-7.5||HIGH

EPSS-62.69% / 98.40%

||

7 Day CHG~0.00%

Published-13 Oct, 2017 | 13:00

Updated-13 May, 2026 | 00:24

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.