Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-17095

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-09 Dec, 2020 | 23:36
Updated At-09 Jun, 2026 | 18:07
Rejected At-
Credits

Windows Hyper-V Remote Code Execution Vulnerability

Windows Hyper-V Remote Code Execution Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:09 Dec, 2020 | 23:36
Updated At:09 Jun, 2026 | 18:07
Rejected At:
â–¼CVE Numbering Authority (CNA)
Windows Hyper-V Remote Code Execution Vulnerability

Windows Hyper-V Remote Code Execution Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1607
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1803
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1809
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1903 for x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1909
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 2004
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server version 2004
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server version 20H2
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server, version 1903 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server, version 1909 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Problem Types
TypeCWE IDDescription
ImpactN/ARemote Code Execution
Type: Impact
CWE ID: N/A
Description: Remote Code Execution
Metrics
VersionBase scoreBase severityVector
3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17095
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17095
Resource:
vendor-advisory
patch
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17095
x_refsource_MISC
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17095
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:10 Dec, 2020 | 00:15
Updated At:28 Aug, 2025 | 23:15

Windows Hyper-V Remote Code Execution Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Secondary3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Secondary
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches

Microsoft Corporation
microsoft
>>windows_10>>20h2
cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10>>1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10>>1803
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10>>1809
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10>>1903
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10>>1909
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10>>2004
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>20h2
cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>1903
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>1909
cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>2004
cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17095secure@microsoft.com
N/A
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17095af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17095
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17095
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

158Records found

CVE-2019-1384
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-6.11% / 92.56%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-23259
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.78% / 84.61%
||
7 Day CHG+0.08%
Published-15 Apr, 2022 | 19:02
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics 365 (on-premises) version 9.0Microsoft Dynamics 365 (on-premises) version 9.1
CVE-2024-38194
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-1.28% / 66.50%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Web Apps Elevation of Privilege Vulnerability

An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_web_appsAzure Web Apps
CWE ID-CWE-20
Improper Input Validation
CVE-2022-22951
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.1||CRITICAL
EPSS-21.93% / 97.35%
||
7 Day CHG~0.00%
Published-23 Mar, 2022 | 19:46
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may be able to execute commands on the server due to improper input validation leading to remote code execution.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Microsoft Corporation
Product-carbon_black_app_controlwindowsVMware Carbon Black App Control (AppC)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-38089
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.16% / 63.43%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-09 Dec, 2025 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for IoT Elevation of Privilege Vulnerability

Microsoft Defender for IoT Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_iotMicrosoft Defender for IoT
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-23272
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-2.55% / 83.12%
||
7 Day CHG+0.08%
Published-09 Feb, 2022 | 16:37
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics GP Elevation Of Privilege Vulnerability

Microsoft Dynamics GP Elevation Of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_gpMicrosoft Dynamics GP
CVE-2022-23171
Matching Score-8
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-8
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-5.9||MEDIUM
EPSS-0.61% / 44.82%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 14:23
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AtlasVPN - Privilege Escalation

AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows computer where the AtlasVPN client is installed.

Action-Not Available
Vendor-atlasvpnAtlasVPNMicrosoft Corporation
Product-windowsatlasvpnAtlasVPN
CVE-2008-5416
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-87.04% / 99.72%
||
7 Day CHG~0.00%
Published-10 Dec, 2008 | 13:33
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sql_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3538
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-3.58% / 87.98%
||
7 Day CHG~0.00%
Published-02 Sep, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the initial description of this CVE was inadvertently associated with libxml2, but it should be for HP Enterprise Discovery.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-windowsenterprise_discoveryn/a
CVE-2022-21920
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.77% / 84.55%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Elevation of Privilege Vulnerability

Windows Kerberos Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-21922
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.77% / 84.55%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Remote Code Execution Vulnerability

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-21837
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.3||HIGH
EPSS-3.02% / 85.83%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Server Subscription Edition
CVE-2022-26923
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-83.28% / 99.64%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:33
Updated-30 Oct, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-09-08||Apply updates per vendor instructions.
Active Directory Domain Services Elevation of Privilege Vulnerability

Active Directory Domain Services Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_21h2windows_10_1507windows_10_1909windows_server_2012windows_10_21h1windows_10_21h2windows_server_2022windows_10_1607windows_10_1809windows_server_2019windows_rt_8.1windows_8.1windows_10_20h2windows_server_2016Windows 11 version 21H2Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1909Windows Server 2022Windows Server 2019Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2012 R2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 20H2Windows Server 2016Windows Server version 20H2Active Directory
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-21857
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.50% / 82.74%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Directory Domain Services Elevation of Privilege Vulnerability

Active Directory Domain Services Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-22394
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-2.12% / 79.66%
||
7 Day CHG~0.00%
Published-21 Mar, 2022 | 16:20
Updated-16 Sep, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixspectrum_protectwindowslinux_kernelSpectrum Protect Server
CVE-2019-0630
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-17.84% / 96.81%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CWE ID-CWE-19
Not Available
CVE-2007-3039
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9||HIGH
EPSS-69.06% / 99.27%
||
7 Day CHG~0.00%
Published-12 Dec, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-message_queuingwindows_2000windows_xpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-1019
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-15.12% / 96.33%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue has been addressed by changing how NTLM validates network authentication messages.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_7windows_rt_8.1windows_server_2019windows_8.1windows_server_2008windows_10Windows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 8.1Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 1703Windows 7Windows 10 Version 1809
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-25693
Matching Score-8
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-8
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-9.9||CRITICAL
EPSS-1.26% / 66.15%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 17:54
Updated-08 Jan, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Portal for ArcGIS has a directory traversal vulnerability.

There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory. 

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")Microsoft CorporationLinux Kernel Organization, Inc
Product-windowsportal_for_arcgislinux_kernelPortal for ArcGIS portal_for_arcgis
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-25699
Matching Score-8
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-8
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-8.5||HIGH
EPSS-0.70% / 48.59%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 17:56
Updated-13 Feb, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Portal for ArcGIS has an invalid authentication vulnerability

There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and below on Kubernetes, which under unique circumstances could allow a remote, authenticated attacker with low‑privileged access to compromise the confidentiality, integrity, and availability of the software. Successful exploitation allows the attacker to cross an authentication and authorization boundary beyond their originally assigned access, resulting in a scope change.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationEnvironmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgisarcgis_enterprisewindowslinux_kernelPortal for ArcGIS
CWE ID-CWE-287
Improper Authentication
CVE-2019-0721
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-10.34% / 95.15%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows Server, version 1903 (Server Core installation)Windows ServerWindows 10 Version 1903 for x64-based Systems
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0722
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-4.72% / 90.73%
||
7 Day CHG-0.13%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_7windows_rt_8.1windows_server_2019windows_8.1windows_server_2008windows_10Windows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 8.1Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 1703Windows 10 Version 1809
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0633
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-13.04% / 95.87%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0630.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CWE ID-CWE-19
Not Available
CVE-2019-0719
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-10.68% / 95.27%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server, version 1903 (Server Core installation)Windows ServerWindows 10 Version 1903 for x64-based Systems
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8450
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-16.08% / 96.53%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 01:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-48584
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.50% / 39.15%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 20:27
Updated-01 Jul, 2026 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Azure Synapse Elevation of Privilege Vulnerability

Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_synapseAzure Synapse
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2006-4696
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9||HIGH
EPSS-43.24% / 98.56%
||
7 Day CHG~0.00%
Published-10 Oct, 2006 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2000windows_2003_serverwindows_xpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-5224
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-8.8||HIGH
EPSS-2.82% / 84.86%
||
7 Day CHG~0.00%
Published-29 Mar, 2018 | 13:00
Updated-16 Sep, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, or create a plan in Bamboo either globally or in a project using Bamboo Specs can can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system. All versions of Bamboo starting with 2.7.0 before 6.3.3 (the fixed version for 6.3.x) and from version 6.4.0 before 6.4.1 (the fixed version for 6.4.x) running on the Windows operating system are affected by this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationAtlassian
Product-windowsbambooBamboo
CWE ID-CWE-20
Improper Input Validation
CVE-2026-47647
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 34.29%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 21:42
Updated-01 Jul, 2026 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dynamics 365 Elevation of Privilege Vulnerability

Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics 365
CWE ID-CWE-284
Improper Access Control
CVE-2026-42823
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.60% / 44.43%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:59
Updated-19 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Logic Apps Elevation of Privilege Vulnerability

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_logic_appsAzure Logic Apps
CWE ID-CWE-284
Improper Access Control
CVE-2026-42898
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-1.19% / 64.27%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:59
Updated-19 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics 365 (on-premises) version 9.1
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-40411
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.53% / 40.62%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 22:03
Updated-19 Jun, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Virtual Network Gateway Remote Code Execution Vulnerability

Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_virtual_network_gatewayAzure Virtual Network Gateway
CWE ID-CWE-20
Improper Input Validation
CVE-2026-33821
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.7||HIGH
EPSS-0.66% / 47.01%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:59
Updated-19 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365_customer_insightsDynamics 365
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-33109
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.71% / 49.05%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 20:58
Updated-19 Jun, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_managed_instance_for_apache_cassandraAzure Managed Instance for Apache Cassandra
CWE ID-CWE-284
Improper Access Control
CVE-2021-41635
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.93% / 77.57%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 11:46
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.

Action-Not Available
Vendor-melagn/aMicrosoft Corporation
Product-ftp_serverwindowsn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-25921
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.5||HIGH
EPSS-1.10% / 61.71%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 00:36
Updated-13 Dec, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium Key Lifecycle Manager file upload

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixsecurity_guardium_key_lifecycle_managerwindowslinux_kernelSecurity Guardium Key Lifecycle Managersecurity_guardium_key_lifecycle_manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-25925
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.5||HIGH
EPSS-1.35% / 68.12%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 21:53
Updated-13 Dec, 2024 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium Key Lifecycle Manager command injection

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixsecurity_guardium_key_lifecycle_managerwindowslinux_kernelSecurity Guardium Key Lifecycle Managersecurity_guardium_key_lifecycle_manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-26030
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-2.91% / 85.31%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 16:00
Updated-03 Mar, 2026 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.

Action-Not Available
Vendor-Microsoft Corporation
Product-semantic_kernelsemantic-kernel
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-3006
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-10.82% / 95.31%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.

Action-Not Available
Vendor-n/aMicrosoft CorporationAdobe Inc.
Product-creative_cloudwindowsAdobe Thor 3.9.5.353 and earlier.
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2017-2290
Matching Score-8
Assigner-Perforce
ShareView Details
Matching Score-8
Assigner-Perforce
CVSS Score-8.8||HIGH
EPSS-1.23% / 65.18%
||
7 Day CHG~0.00%
Published-03 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1.

Action-Not Available
Vendor-Microsoft CorporationPerforce Software, Inc. ("Puppet")
Product-windowsmcollective-puppet-agentmcollective-puppet-agent plugin
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2026-24304
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.61% / 44.79%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 01:18
Updated-01 Apr, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Resource Manager Elevation of Privilege Vulnerability

Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_resource_managerAzure Resource Manager
CWE ID-CWE-284
Improper Access Control
CVE-2009-1135
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9||HIGH
EPSS-26.45% / 97.76%
||
7 Day CHG~0.00%
Published-15 Jul, 2009 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-isa_servern/a
CVE-1999-0886
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-21.57% / 97.32%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntn/a
CVE-2021-35213
Matching Score-8
Assigner-SolarWinds
ShareView Details
Matching Score-8
Assigner-SolarWinds
CVSS Score-8.9||HIGH
EPSS-3.37% / 87.28%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 15:58
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Orion User setting Improper Access Control Privilege Escalation Vulnerability

An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.Microsoft Corporation
Product-windowsorion_platformOrion Platform
CWE ID-CWE-284
Improper Access Control
CVE-2026-21515
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.70% / 48.67%
||
7 Day CHG~0.00%
Published-24 Apr, 2026 | 12:51
Updated-19 Jun, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure IoT Central Elevation of Privilege Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_iot_centralAzure IOT Central
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-1446
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9||HIGH
EPSS-46.27% / 98.67%
||
7 Day CHG~0.00%
Published-15 Oct, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003internet_information_serviceswindows_2000windows_xpn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-3345
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-32.46% / 98.13%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Authenticated Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_vistawindows_rt_8.1windows_server_2012n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3228
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-13.34% / 95.94%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka "Windows Netlogon Memory Corruption Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3368
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-18.33% / 96.87%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote authenticated users to execute arbitrary code by leveraging a domain account to make a crafted request, aka "Windows Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_vistawindows_rt_8.1windows_server_2012n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0178
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-16.71% / 96.64%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles free operations, which allows remote attackers to execute arbitrary code via malformed RPC requests, aka "RPC Network Data Representation Engine Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_vistawindows_rt_8.1windows_server_2012n/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found