2724 matches found
EUVD-2026-38090
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network...
CVE-2026-48582
This CVE affects Microsoft Exchange Online. Missing authorization could allow an attacker with low privileges and network access (no user interaction) to elevate privileges (impact: high confidentiality and integrity, no availability impact) per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N, base...
PT-2026-51033
Name of the Vulnerable Software and Affected Versions Microsoft Exchange Online affected versions not specified Description Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. There have been reports of elevated activities targeti...
Microsoft Exchange - Authentication Bypass
Microsoft Exchange Server Information Disclosure Vulnerability. This vulnerability enables an attacker to bypass authentication and gain access to the Exchange Server's internal. id: CVE-2021-33766 info: name: Microsoft Exchange - Authentication Bypass author: daffainfo severity: high description...
CVE-2026-45501
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-35506
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-35681
Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...
EUVD-2026-35679
Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...
CVE-2026-45503
Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...
CVE-2026-45502
Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...
CVE-2026-45501
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-47631 Microsoft Exchange Server Spoofing Vulnerability
...
CVE-2026-47631 Microsoft Exchange Server Spoofing Vulnerability
...
CVE-2026-47631
The CVE-2026-47631 entry concerns Microsoft Exchange Server with a vulnerability in the rendering of web pages, described as improper neutralization of input during web page generation (cross-site scripting). The underlying issue allows an unauthorized attacker to spoof users over the network. Th...
CVE-2026-45583 Microsoft Exchange Server Remote Code Execution Vulnerability
...
CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability
...
CVE-2026-45504
CVE-2026-45504 is an SSRF-based elevation of privilege in Microsoft Exchange Server . The entry notes an attacker who is authorized can elevate privileges over the network. CVSS v3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, and LOW privileges required, with NONE...
CVE-2026-45583 Microsoft Exchange Server Remote Code Execution Vulnerability
...
CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability
...
CVE-2026-45503 Microsoft Exchange Server Information Disclosure Vulnerability
...