Surface Pro CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-21194	1 Microsoft	54 Surface Go 2 1901, Surface Go 2 1901 Firmware, Surface Go 2 1926 and 51 more	2025-07-08	7.1 High
Microsoft Surface Security Feature Bypass Vulnerability
CVE-2021-42299	1 Microsoft	2 Surface Pro 3, Surface Pro 3 Firmware	2024-11-21	5.6 Medium
Microsoft Surface Pro 3 Security Feature Bypass Vulnerability
CVE-2018-3639	12 Arm, Canonical, Debian and 9 more	330 Cortex-a, Ubuntu Linux, Debian Linux and 327 more	2024-11-21	5.5 Medium
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Page 1 of 1.