Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-57981

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-03 Jul, 2026 | 20:35
Updated At-03 Jul, 2026 | 21:26
Rejected At-
Credits

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:03 Jul, 2026 | 20:35
Updated At:03 Jul, 2026 | 21:26
Rejected At:
â–¼CVE Numbering Authority (CNA)
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Edge (Chromium-based)
Versions
Affected
  • From 1.0.0.0 before 150.0.4078.48 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416: Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416: Use After Free
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57981
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57981
Resource:
vendor-advisory
patch
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:03 Jul, 2026 | 21:17
Updated At:03 Jul, 2026 | 21:17

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-416Primarysecure@microsoft.com
CWE ID: CWE-416
Type: Primary
Source: secure@microsoft.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57981secure@microsoft.com
N/A
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57981
Source: secure@microsoft.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2319Records found

CVE-2025-21286
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.22% / 65.02%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21305
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.36% / 68.44%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21413
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.07% / 60.69%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2022_23h2windows_server_2008windows_server_2016windows_server_2019windows_server_2022windows_10_1607windows_10_1809windows_11_22h2windows_10_22h2windows_server_2025windows_11_23h2windows_server_2012windows_10_21h2windows_10_1507Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21407
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.84% / 76.44%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2008windows_server_2025windows_10_1507windows_10_21h2windows_server_2022windows_10_1809windows_11_22h2windows_server_2016windows_server_2012windows_10_1607windows_server_2019windows_10_22h2windows_11_23h2windows_11_24h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21332
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.42% / 69.60%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MapUrlToZone Security Feature Bypass Vulnerability

MapUrlToZone Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_server_2025windows_11_24h2windows_10_22h2windows_server_2022windows_server_2008windows_server_2019windows_10_1507windows_10_1809windows_server_2012windows_server_2022_23h2windows_10_1607windows_server_2016windows_11_23h2windows_10_21h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-41
Improper Resolution of Path Equivalence
CVE-2025-21302
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.36% / 68.44%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21282
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.22% / 65.02%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2022_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21371
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.47% / 82.53%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-26 Feb, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_10_21h2windows_server_2008windows_server_2022windows_server_2022_23h2windows_11_24h2windows_server_2025windows_10_1809windows_10_22h2windows_server_2016windows_server_2019windows_11_23h2windows_server_2012windows_10_1607windows_11_22h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21291
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.34% / 67.99%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Direct Show Remote Code Execution Vulnerability

Windows Direct Show Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_11_22h2windows_server_2022windows_server_2022_23h2windows_10_21h2windows_server_2019windows_10_22h2windows_11_23h2Windows 11 Version 23H2Windows 11 version 22H3Windows Server 2022Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-415
Double Free
CVE-2025-21306
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.36% / 68.44%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21342
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.15% / 63.00%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 22:41
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2013-3900
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-44.65% / 98.62%
||
7 Day CHG~0.00%
Published-11 Dec, 2013 | 00:00
Updated-22 Apr, 2026 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-10||Apply updates per vendor instructions.
WinVerifyTrust Signature Validation Vulnerability

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, except for clarifications about how to configure the EnableCertPaddingCheck registry value, the information herein remains unchanged from the original text published on December 10, 2013, Microsoft does not plan to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. This behavior remains available as an opt-in feature via reg key setting, and is available on supported editions of Windows released since December 10, 2013. This includes all currently supported versions of Windows 10 and Windows 11. The supporting code for this reg key was incorporated at the time of release for Windows 10 and Windows 11, so no security update is required; however, the reg key must be set. See the Security Updates table for the list of affected software. Vulnerability Description A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable (PE) files. An anonymous attacker could exploit the vulnerability by modifying an existing signed executable file to leverage unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of this vulnerability requires that a user or application run or install a specially crafted, signed PE file. An attacker could modify an... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_21h2windows_10_20h2windows_8.1windows_7windows_11_22h2windows_11_23h2windows_10_1909windows_server_2012windows_10_21h1windows_10_22h2windows_server_2022windows_server_2025windows_10_1809windows_server_2008windows_10_1607windows_server_2019windows_11_24h2windows_server_2022_23h2windows_10_1507windows_server_2016windows_rt_8.1Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 21H2Windows 11 Version 24H2Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows Server 2025Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2019Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows 10 Version 1809Windows 11 version 22H2Windows 11 version 22H3Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2016WinVerifyTrust function
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-21339
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.07% / 60.69%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_server_2025windows_11_24h2windows_10_22h2windows_server_2022windows_server_2008windows_server_2019windows_10_1507windows_10_1809windows_server_2012windows_server_2022_23h2windows_10_1607windows_server_2016windows_11_23h2windows_10_21h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21408
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.23% / 65.17%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 22:41
Updated-13 Feb, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-21410
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.84% / 76.44%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2008windows_server_2025windows_server_2022windows_server_2016windows_server_2012windows_server_2019Windows Server 2019 (Server Core installation)Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022Windows Server 2025Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21266
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.22% / 65.02%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2022_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21233
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.62% / 73.22%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21244
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.62% / 73.22%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-21178
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.52% / 71.57%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2017visual_studio_2022visual_studio_2019Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2015 Update 3Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21241
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.44% / 69.87%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_11_24h2windows_11_22h2windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows 11 Version 24H2Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows 10 Version 22H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21238
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.62% / 73.22%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21250
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.62% / 73.22%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21222
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.21% / 64.62%
||
7 Day CHG+0.04%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_10_22h2windows_11_24h2windows_10_1507windows_10_1607windows_server_2012windows_server_2025windows_server_2019windows_11_23h2windows_server_2008windows_10_1809windows_server_2016windows_10_21h2windows_server_2022Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21190
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.84% / 76.36%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-26 Feb, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1809windows_10_22h2windows_10_21h2windows_server_2022_23h2windows_11_22h2windows_11_23h2windows_10_1607windows_11_24h2windows_server_2025windows_server_2022windows_10_1507windows_server_2019windows_server_2008windows_server_2016Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21246
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.62% / 73.22%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21237
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.62% / 73.22%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2022windows_server_2025windows_10_1607windows_10_22h2windows_10_21h2windows_server_2016windows_server_2019windows_11_24h2windows_10_1809windows_server_2022_23h2windows_server_2008windows_server_2012windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21239
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.44% / 69.87%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_11_24h2windows_11_22h2windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows 11 Version 24H2Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows 10 Version 22H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21208
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.85% / 76.56%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2022_23h2windows_server_2025windows_server_2022windows_server_2019windows_server_2008windows_server_2016Windows Server 2019 (Server Core installation)Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022Windows Server 2025Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21176
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.26% / 80.86%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.
Product-windows_11_24h2windows_server_2022_23h2macoswindows_10_22h2windows_server_2019.netwindows_10_21h2windowswindows_server_2012linux_kernelwindows_10_1809windows_server_2016visual_studio_2017windows_10_1607windows_11_23h2windows_server_2008windows_10_1507windows_11_22h2.net_frameworkwindows_server_2022.NET 9.0Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5 AND 4.7.2Microsoft Visual Studio 2022 version 17.6Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft Visual Studio 2015 Update 3Microsoft Visual Studio 2022 version 17.12Microsoft .NET Framework 4.6/4.6.2Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.10Microsoft .NET Framework 4.6.2Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft .NET Framework 4.8Microsoft .NET Framework 3.5 AND 4.8.1.NET 8.0Microsoft .NET Framework 3.5 AND 4.8
CWE ID-CWE-126
Buffer Over-read
CVE-2025-21236
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.62% / 73.22%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21252
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.36% / 68.44%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21248
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.44% / 69.87%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_11_24h2windows_11_22h2windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows 11 Version 24H2Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows 10 Version 22H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21221
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.21% / 64.62%
||
7 Day CHG+0.04%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21243
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.62% / 73.22%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-21205
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.21% / 64.62%
||
7 Day CHG+0.04%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21245
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.62% / 73.22%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21223
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.56% / 72.25%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2022_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21201
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.84% / 76.36%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-26 Feb, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Server Remote Code Execution Vulnerability

Windows Telephony Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1809windows_10_22h2windows_10_21h2windows_server_2022_23h2windows_11_22h2windows_11_23h2windows_10_1607windows_11_24h2windows_server_2025windows_server_2022windows_10_1507windows_server_2019windows_server_2008windows_server_2016Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-415
Double Free
CVE-2020-17016
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8||HIGH
EPSS-2.96% / 85.55%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2010 Service Pack 2Microsoft SharePoint Enterprise Server 2013 Service Pack 1
CVE-2020-16873
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-4.01% / 89.30%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:08
Updated-23 Feb, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xamarin.Forms Spoofing Vulnerability

<p>A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.</p> <p>For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.</p> <p>The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.</p>

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromexamarin.formsxamarin.forms
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2020-16933
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-2.53% / 83.01%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:17
Updated-23 Feb, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Security Feature Bypass Vulnerability

<p>A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.</p> <p>To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Word handles these files.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_server_2008windows_10windows_8.1365_appswordwindows_7officewindows_server_2019Microsoft 365 Apps for EnterpriseMicrosoft Word 2016Microsoft Word 2010 Service Pack 2Microsoft Word 2013 Service Pack 1 Microsoft Office 2016 for MacMicrosoft Word 2013 Service Pack 1Microsoft Office 2019Microsoft Office 2019 for Mac
CVE-2020-1583
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-4.91% / 91.04%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 19:13
Updated-23 Feb, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Word functions handle objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_web_apps365_appssharepoint_enterprise_serverwordsharepoint_serveroffice_online_serverofficeMicrosoft Office Online ServerMicrosoft Office 2016 for MacMicrosoft SharePoint Enterprise Server 2016Microsoft Word 2013 Service Pack 1Microsoft Office 2019Microsoft Office Web Apps 2010 Service Pack 2Microsoft 365 Apps for EnterpriseMicrosoft Word 2016Microsoft Word 2010 Service Pack 2Microsoft SharePoint Server 2019Microsoft Office Web Apps 2013 Service Pack 1Microsoft SharePoint Server 2010 Service Pack 2Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft Office 2010 Service Pack 2Microsoft Word 2013 Service Pack 1 Microsoft Office 2019 for Mac
CVE-2020-1504
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-4.21% / 89.74%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 19:13
Updated-23 Feb, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-excelMicrosoft Excel 2010 Service Pack 2
CVE-2024-38121
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.54% / 71.80%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-38021
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-3.53% / 87.83%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-10 Feb, 2026 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook Remote Code Execution Vulnerability

Microsoft Outlook Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft Office 2019Microsoft Office LTSC 2021Microsoft Office 2016Microsoft 365 Apps for Enterprise
CWE ID-CWE-20
Improper Input Validation
CVE-2022-41047
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.44% / 69.89%
||
7 Day CHG-0.01%
Published-09 Nov, 2022 | 00:00
Updated-02 Jan, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft ODBC Driver Remote Code Execution Vulnerability

Microsoft ODBC Driver Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CVE-2020-1412
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-14.04% / 96.11%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-1494
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-4.21% / 89.76%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 19:13
Updated-23 Feb, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-excel365_appsofficeMicrosoft Excel 2016Microsoft 365 Apps for EnterpriseMicrosoft Excel 2013 Service Pack 1Microsoft Office 2016Microsoft Excel 2010 Service Pack 2Microsoft Office 2010 Service Pack 2Microsoft Office 2013 Service Pack 1Microsoft Office 2019
CVE-2020-1171
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-14.27% / 96.16%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:53
Updated-08 Jul, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192.

Action-Not Available
Vendor-Microsoft Corporation
Product-pythonVisual Studio Code
CVE-2022-37982
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.48% / 70.70%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 46
  • 47
  • Next
Details not found