Vulnerabilities > Microsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-02-19 CVE-2025-21355 Missing Authentication for Critical Function vulnerability in Microsoft Bing
Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network
network
low complexity
microsoft CWE-306
critical
 9.8
9.8
2025-02-19 CVE-2025-24989 Unspecified vulnerability in Microsoft Power Pages
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified.
network
low complexity
microsoft
critical
 9.8
9.8
2025-01-14 CVE-2025-21311 Unspecified vulnerability in Microsoft products
Windows NTLM V1 Elevation of Privilege Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8
2024-12-12 CVE-2024-49147 Deserialization of Untrusted Data vulnerability in Microsoft Update Catalog
Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
network
low complexity
microsoft CWE-502
critical
 9.8
9.8
2024-11-26 CVE-2024-49035 Unspecified vulnerability in Microsoft Partner Center
An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.
network
low complexity
microsoft
critical
 9.8
9.8
2024-11-26 CVE-2024-49038 Unspecified vulnerability in Microsoft Copilot Studio
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.
network
low complexity
microsoft
critical
 9.6
9.6
2024-11-26 CVE-2024-49052 Unspecified vulnerability in Microsoft Azure Functions
Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network.
network
low complexity
microsoft
critical
 9.8
9.8
2024-11-12 CVE-2024-43498 Unspecified vulnerability in Microsoft .Net and Visual Studio 2022
.NET and Visual Studio Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8
2024-11-12 CVE-2024-43602 Unspecified vulnerability in Microsoft Azure Cyclecloud
Azure CycleCloud Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
 9.9
9.9
2024-11-12 CVE-2024-43639 Unspecified vulnerability in Microsoft products
Windows KDC Proxy Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8