Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka "Windows Media Center. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 72.0%.
Microsoft Internet Explorer 9 through 11 improperly implements a cross-site scripting (XSS) protection mechanism, which allows remote attackers to bypass the Same Origin Policy via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 14.6% and no vendor patch available.
Microsoft Edge allows remote attackers to gain privileges via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 14.4% and no vendor patch available.
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 22.3% and no vendor patch available.
Microsoft Internet Explorer 8 through 11 and Microsoft Edge mishandle HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 21.3% and no vendor patch available.
Microsoft Internet Explorer 8 through 11 mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 19.8% and no vendor patch available.
Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 17.5% and no vendor patch available.
Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 17.5% and no vendor patch available.
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft Edge misparses HTTP responses, which allows remote attackers to redirect users to arbitrary web sites via unspecified vectors, aka "Microsoft Edge Spoofing Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.8% and no vendor patch available.
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.