Known Vulnerabilities for products from Microsoft

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Microsoft".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Additional devices specifications by Microsoft can be found at device.report : Microsoft

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-43572 json Not Provided 2026-05-05 2026-05-05
CVE-2026-43475 json Not Provided 2026-05-08 2026-05-11
CVE-2026-43094 json Not Provided 2026-05-06 2026-05-06
CVE-2026-42898 json Not Provided 2026-05-12 2026-05-12
CVE-2026-42891 json Not Provided 2026-05-12 2026-05-12
CVE-2026-42838 json Not Provided 2026-05-12 2026-05-12
CVE-2026-42833 json Not Provided 2026-05-12 2026-05-12
CVE-2026-42832 json Not Provided 2026-05-12 2026-05-12
CVE-2026-42831 json Not Provided 2026-05-12 2026-05-12
CVE-2026-42826 json Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose inform... Not Provided 2026-05-07 2026-05-08
CVE-2026-42525 json Not Provided 2026-04-29 2026-04-29
CVE-2026-40951 json CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local co... Not Provided 2026-04-30 2026-05-04
CVE-2026-40949 json CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local c... Not Provided 2026-04-30 2026-05-05
CVE-2026-40372 json Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a... Not Provided 2026-04-21 2026-04-27
CVE-2026-39844 json NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward slashes (/) as path sepa... Not Provided 2026-04-08 2026-04-15
CVE-2026-35603 json Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default con... Not Provided 2026-04-17 2026-04-22
CVE-2026-35562 json Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a th... Not Provided 2026-04-03 2026-04-14
CVE-2026-35561 json Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver bef... Not Provided 2026-04-03 2026-04-14
CVE-2026-35560 json Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 mi... Not Provided 2026-04-03 2026-04-14
CVE-2026-35559 json Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor... Not Provided 2026-04-03 2026-04-14
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Microsoft

Type Vendor Product Version
ApplicationMicrosoft.net Core1.0
ApplicationMicrosoft.net Framework-
ApplicationMicrosoft.net Windows Server-
ApplicationMicrosoft365 Apps-
ApplicationMicrosoft3d Viewer-
ApplicationMicrosoftAccess-
ApplicationMicrosoftAccess Multilingual User Interface Pack2007
ApplicationMicrosoftActivesync-
ApplicationMicrosoftActivex-
ApplicationMicrosoftActive Directory-
ApplicationMicrosoftActive Directory Application Mode-
ApplicationMicrosoftActive Directory Federation Services1.0
ApplicationMicrosoftActive Directory Lightweight Directory Service-
ApplicationMicrosoftActive Directory Services-
ApplicationMicrosoftAmpx-
ApplicationMicrosoftAntigen-
ApplicationMicrosoftAntispyware-
ApplicationMicrosoftApplicationinspector1.0.1
ApplicationMicrosoftApplication Inspector1.0.23
ApplicationMicrosoftAsp.net-
Results limited to 20 most recent known configurations