{"@context":{"@vocab":"https://schema.org/","dcterms":"http://purl.org/dc/terms/","prov":"http://www.w3.org/ns/prov#"},"@type":"Dataset","@id":"https://api.ai-analytics.org/api/v1/cisa/kev/by-vendor/Microsoft","_source":{"data_provider":"AI Analytics","data_provider_url":"https://api.ai-analytics.org","license":"https://creativecommons.org/publicdomain/zero/1.0/","dcterms:license":"https://creativecommons.org/publicdomain/zero/1.0/","generated_at":"2026-05-16T06:16:51.341Z","primary_source":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog"},"vendor":"Microsoft","summary":{"cve_count":371,"ransomware_count":103,"earliest_kev":"2021-11-03","latest_kev":"2026-05-15"},"by_product":[{"product":"Windows","n":169},{"product":"Internet Explorer","n":34},{"product":"Office","n":29},{"product":"Win32k","n":25},{"product":"Exchange Server","n":17},{"product":"SharePoint","n":6},{"product":"Word","n":4},{"product":"Open Management Infrastructure (OMI)","n":4},{"product":"Silverlight","n":3},{"product":"SharePoint Server","n":3},{"product":"Excel","n":3},{"product":"Defender","n":3},{"product":"Active Directory","n":3},{"product":".NET Framework","n":3},{"product":"XML Core Services","n":2}],"recent_cves":[{"cve_id":"CVE-2026-42897","product":"Microsoft","vulnerability_name":"Microsoft Exchange Server Cross-Site Scripting Vulnerability","date_added":"2026-05-15","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42897"},{"cve_id":"CVE-2026-32202","product":"Windows","vulnerability_name":"Microsoft Windows Protection Mechanism Failure Vulnerability","date_added":"2026-04-28","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32202"},{"cve_id":"CVE-2026-33825","product":"Defender","vulnerability_name":"Microsoft Defender Insufficient Granularity of Access Control Vulnerability","date_added":"2026-04-22","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33825"},{"cve_id":"CVE-2026-32201","product":"SharePoint Server","vulnerability_name":"Microsoft SharePoint Server Improper Input Validation Vulnerability","date_added":"2026-04-14","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32201"},{"cve_id":"CVE-2009-0238","product":"Office","vulnerability_name":"Microsoft Office Remote Code Execution","date_added":"2026-04-14","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0238"},{"cve_id":"CVE-2023-36424","product":"Windows","vulnerability_name":"Microsoft Windows Out-of-Bounds Read Vulnerability","date_added":"2026-04-13","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36424"},{"cve_id":"CVE-2023-21529","product":"Exchange Server","vulnerability_name":"Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability","date_added":"2026-04-13","known_ransomware_use":"Known","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-21529"},{"cve_id":"CVE-2025-60710","product":"Windows","vulnerability_name":"Microsoft Windows Link Following Vulnerability","date_added":"2026-04-13","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-60710"},{"cve_id":"CVE-2012-1854","product":"Visual Basic for Applications (VBA)","vulnerability_name":"Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability","date_added":"2026-04-13","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1854"},{"cve_id":"CVE-2026-20963","product":"SharePoint","vulnerability_name":"Microsoft SharePoint Deserialization of Untrusted Data Vulnerability","date_added":"2026-03-18","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20963"},{"cve_id":"CVE-2008-0015","product":"Windows","vulnerability_name":" Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability","date_added":"2026-02-17","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-0015"},{"cve_id":"CVE-2024-43468","product":"Configuration Manager","vulnerability_name":"Microsoft Configuration Manager SQL Injection Vulnerability","date_added":"2026-02-12","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43468"},{"cve_id":"CVE-2026-21514","product":"Office","vulnerability_name":"Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability","date_added":"2026-02-10","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21514"},{"cve_id":"CVE-2026-21519","product":"Windows","vulnerability_name":"Microsoft Windows Type Confusion Vulnerability","date_added":"2026-02-10","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21519"},{"cve_id":"CVE-2026-21533","product":"Windows","vulnerability_name":"Microsoft Windows Improper Privilege Management Vulnerability","date_added":"2026-02-10","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21533"},{"cve_id":"CVE-2026-21510","product":"Windows","vulnerability_name":"Microsoft Windows Shell Protection Mechanism Failure Vulnerability","date_added":"2026-02-10","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21510"},{"cve_id":"CVE-2026-21525","product":"Windows","vulnerability_name":"Microsoft Windows NULL Pointer Dereference Vulnerability","date_added":"2026-02-10","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21525"},{"cve_id":"CVE-2026-21513","product":"Windows","vulnerability_name":"Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability","date_added":"2026-02-10","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21513"},{"cve_id":"CVE-2026-21509","product":"Office","vulnerability_name":"Microsoft Office Security Feature Bypass Vulnerability","date_added":"2026-01-26","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21509"},{"cve_id":"CVE-2026-20805","product":"Windows","vulnerability_name":"Microsoft Windows Information Disclosure Vulnerability","date_added":"2026-01-13","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20805"},{"cve_id":"CVE-2009-0556","product":"Office","vulnerability_name":"Microsoft Office PowerPoint Code Injection Vulnerability","date_added":"2026-01-07","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0556"},{"cve_id":"CVE-2025-62221","product":"Windows","vulnerability_name":"Microsoft Windows Use After Free Vulnerability","date_added":"2025-12-09","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62221"},{"cve_id":"CVE-2025-62215","product":"Windows","vulnerability_name":"Microsoft Windows Race Condition Vulnerability","date_added":"2025-11-12","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62215"},{"cve_id":"CVE-2025-59287","product":"Windows","vulnerability_name":"Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability","date_added":"2025-10-24","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59287"},{"cve_id":"CVE-2025-33073","product":"Windows","vulnerability_name":"Microsoft Windows SMB Client Improper Access Control Vulnerability","date_added":"2025-10-20","known_ransomware_use":"Unknown","nvd_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-33073"}]}