Known Vulnerabilities for products from Microsoft

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Microsoft".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Additional devices specifications by Microsoft can be found at device.report : Microsoft

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2026-49139 json		Not Provided	2026-06-01	2026-06-01
CVE-2026-47294 json		Not Provided	2026-06-01	2026-06-01
CVE-2026-47280 json	Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.	Not Provided	2026-05-22	2026-05-27
CVE-2026-46544 json		Not Provided	2026-05-27	2026-05-28
CVE-2026-46538 json		Not Provided	2026-05-27	2026-05-28
CVE-2026-46416 json		Not Provided	2026-05-27	2026-05-28
CVE-2026-46414 json		Not Provided	2026-05-27	2026-05-27
CVE-2026-46402 json		Not Provided	2026-05-27	2026-05-30
CVE-2026-46383 json		Not Provided	2026-05-15	2026-05-15
CVE-2026-46139 json		Not Provided	2026-05-28	2026-05-28
CVE-2026-45659 json	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...	Not Provided	2026-05-22	2026-05-27
CVE-2026-45585 json	Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The p...	Not Provided	2026-05-20	2026-05-20
CVE-2026-45584 json	Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.	Not Provided	2026-05-20	2026-05-20
CVE-2026-45498 json	Microsoft Defender Denial of Service Vulnerability	Not Provided	2026-05-20	2026-05-28
CVE-2026-45495 json	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	Not Provided	2026-05-18	2026-05-26
CVE-2026-45494 json	Microsoft Edge (Chromium-based) Spoofing Vulnerability	Not Provided	2026-05-18	2026-05-19
CVE-2026-45492 json	Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature ove...	Not Provided	2026-05-18	2026-05-19
CVE-2026-42901 json	Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.	Not Provided	2026-05-22	2026-05-27
CVE-2026-42899 json	Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a...	Not Provided	2026-05-12	2026-05-13
CVE-2026-42898 json	Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attack...	Not Provided	2026-05-12	2026-05-14

Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Microsoft

Type	Vendor	Product	Version
Application	Microsoft	.net Core	1.0
Application	Microsoft	.net Framework	-
Application	Microsoft	.net Windows Server	-
Application	Microsoft	365 Apps	-
Application	Microsoft	3d Viewer	-
Application	Microsoft	Access	-
Application	Microsoft	Access Multilingual User Interface Pack	2007
Application	Microsoft	Activesync	-
Application	Microsoft	Activex	-
Application	Microsoft	Active Directory	-
Application	Microsoft	Active Directory Application Mode	-
Application	Microsoft	Active Directory Federation Services	1.0
Application	Microsoft	Active Directory Lightweight Directory Service	-
Application	Microsoft	Active Directory Services	-
Application	Microsoft	Ampx	-
Application	Microsoft	Antigen	-
Application	Microsoft	Antispyware	-
Application	Microsoft	Applicationinspector	1.0.1
Application	Microsoft	Application Inspector	1.0.23
Application	Microsoft	Asp.net	-

Results limited to 20 most recent known configurations