Known Vulnerabilities for products from Microsoft
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Microsoft".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Microsoft can be found at device.report : Microsoft
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34506 | Not Provided | 2026-03-31 | 2026-03-31 | |
| CVE-2026-34397 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-32187 | Microsoft Edge (Chromium-based) Defense in Depth Vulnerability | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27309 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary... | Not Provided | 2026-03-27 | 2026-03-30 |
| CVE-2026-26136 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthoriz... | Not Provided | 2026-03-19 | 2026-04-01 |
| CVE-2026-26131 | Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. | Not Provided | 2026-03-10 | 2026-04-01 |
| CVE-2026-26127 | Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. | Not Provided | 2026-03-10 | 2026-04-01 |
| CVE-2026-26120 | Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network. | Not Provided | 2026-03-19 | 2026-04-01 |
| CVE-2026-23659 | Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose ... | Not Provided | 2026-03-19 | 2026-04-01 |
| CVE-2026-23658 | Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | Not Provided | 2026-03-19 | 2026-04-01 |
| CVE-2026-21533 | Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | Not Provided | 2026-02-10 | 2026-03-30 |
| CVE-2026-21525 | Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. | Not Provided | 2026-02-10 | 2026-03-30 |
| CVE-2026-21513 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. | Not Provided | 2026-02-10 | 2026-03-30 |
| CVE-2026-20963 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a netwo... | Not Provided | 2026-01-13 | 2026-04-01 |
| CVE-2026-5292 | Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bound... | Not Provided | 2026-04-01 | 2026-04-01 |
| CVE-2026-5291 | Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentiall... | Not Provided | 2026-04-01 | 2026-04-01 |
| CVE-2026-5290 | Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the rend... | Not Provided | 2026-04-01 | 2026-04-01 |
| CVE-2026-5289 | Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the rende... | Not Provided | 2026-04-01 | 2026-04-01 |
| CVE-2026-5288 | Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised t... | Not Provided | 2026-04-01 | 2026-04-01 |
| CVE-2026-5287 | Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a s... | Not Provided | 2026-04-01 | 2026-04-02 |
Known software with vulnerabilities from Microsoft
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Microsoft | .net Core | 1.0 |
| Application | Microsoft | .net Framework | - |
| Application | Microsoft | .net Windows Server | - |
| Application | Microsoft | 365 Apps | - |
| Application | Microsoft | 3d Viewer | - |
| Application | Microsoft | Access | - |
| Application | Microsoft | Access Multilingual User Interface Pack | 2007 |
| Application | Microsoft | Active Directory | - |
| Application | Microsoft | Active Directory Application Mode | - |
| Application | Microsoft | Active Directory Federation Services | 1.0 |
| Application | Microsoft | Active Directory Lightweight Directory Service | - |
| Application | Microsoft | Active Directory Services | - |
| Application | Microsoft | Activesync | - |
| Application | Microsoft | Activex | - |
| Application | Microsoft | Ampx | - |
| Application | Microsoft | Antigen | - |
| Application | Microsoft | Antispyware | - |
| Application | Microsoft | Application Inspector | 1.0.23 |
| Application | Microsoft | Applicationinspector | 1.0.1 |
| Application | Microsoft | Asp.net | - |