271 matches found
Microsoft Dynamics 365 (on-premises) < 9.1.45.11 Multiple RCE (May 2026)
The Microsoft Dynamics 365 on-premises is missing security updates. It is, therefore, affected by multiple remote code execution vulnerabilities: - Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a...
CVE-2026-42898
Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network...
CVE-2026-42833
Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network...
EUVD-2026-29713
Execution with unnecessary privileges in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network...
EUVD-2026-29718
Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network...
CVE-2026-42898
Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network...
CVE-2026-42898
Microsoft Dynamics 365 on-premises is affected by CVE-2026-42898 (code injection via improper control of generation of code), allowing an authenticated attacker to execute code over the network. The CVSS vector indicates Network, Low privileges, No user interaction, with high impact on confidenti...
PT-2026-40263
Name of the Vulnerable Software and Affected Versions Microsoft Dynamics 365 on-premises affected versions not specified Description Improper control of code generation in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network. This is a code injection...
Making opportunistic cyberattacks harder by design
This is part of a series of blogs and interviews conducted with our Microsoft Deputy CISOs , in which we surface a number of mission-critical security recommendations and best practices that businesses can enact right now and derive real meaningful benefits from. In this article, Ilya Grebnov,...
Microsoft Dynamics 365 (on-premises) < 9.1.44.15 Information Disclosure (April 2026)
The Microsoft Dynamics 365 on-premises is missing security updates. It is, therefore, affected by an information disclosure vulnerability: - Improper access control in Microsoft Dynamics 365 on-premises allows an authorized attacker to disclose information locally. CVE-2026-33103 Note that Nessus...
CVE-2025-58112
Microsoft Dynamics 365 Customer Engagement (on‑premises) 1612 (9.0.2.3034) is affected. A malicious .rdl uploaded for SQL Server Reporting Services can trigger execution of arbitrary SQL commands in the underlying database via a report generation flow; this can escalate to accessing linked server...
CVE-2026-0725
The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
EUVD-2026-3139
The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2025-62210
Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Field Service online allows an authorized attacker to perform spoofing over a network...
EUVD-2025-93399
Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Field Service online allows an authorized attacker to perform spoofing over a network...
EUVD-2025-93430
Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Field Service online allows an authorized attacker to perform spoofing over a network...
CVE-2025-62210 Dynamics 365 Field Service (online) Spoofing Vulnerability
...
Dynamics 365 Field Service (online) Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Field Service online allows an authorized attacker to perform spoofing over a network...
EUVD-2025-32421
The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.9. This is due to missing capability checks and nonce verification on functions hooked to 'init'. This makes it possible for unauthenticated attackers to deactivate t...
EUVD-2023-39991
Malicious code in bioql PyPI...