Lucene search
K
MicrosoftExchange Server Subscription Edition

19 matches found

CVE
CVE
added 2025/12/09 5:55 p.m.633 views

CVE-2025-64667

CVE-2025-64667 is a Microsoft Exchange Server Spoofing Vulnerability caused by UI misrepresentation of critical information that could allow an unauthenticated attacker to spoof over the network. The issue is addressed by December 9, 2025 security updates on Exchange Server products (KB5071873 fo...

5.3CVSS6.1AI score0.00836EPSS
CVE
CVE
added 2025/12/09 5:55 p.m.179 views

CVE-2025-64666

CVE-2025-64666 affects Microsoft Exchange Server and is caused by improper input validation that permits an authenticated, network-accessing attacker to elevate privileges. The vulnerability is categorized with a high impact (C/H, I/H, A/H) and requires low privileges with no user interaction. Pu...

7.5CVSS6.4AI score0.01021EPSS
CVE
CVE
added 2025/08/06 4:2 p.m.162 views

CVE-2025-53786

CVE-2025-53786 is a high-severity issue affecting on-premises Microsoft Exchange Server in hybrid deployments. The connected documents confirm a privilege-escalation path tied to Exchange Hybrid configurations that can impact Exchange Online identity integrity. Remediation/mitigation relies on in...

8CVSS6.4AI score0.07448EPSS
In wild
CVE
CVE
added 2026/05/14 5:0 p.m.160 views

CVE-2026-42897

CVE-2026-42897 affects on-prem Microsoft Exchange Server (2016, 2019, SE) with an XSS flaw in Outlook Web Access caused by improper neutralization of input during web page generation. An attacker could send a crafted email to trigger arbitrary JavaScript execution in the victim’s browser, enablin...

8.1CVSS5.8AI score0.0564EPSS
In wildWeb
CVE
CVE
added 2026/06/09 5:4 p.m.154 views

CVE-2026-45583

CVE-2026-45583 involves Microsoft Exchange Server and is described as an improper control of generation of code (code injection) that enables an unauthenticated attacker to execute code over the network. The CVSS 3.1 base score is 7.5 (HIGH) with NETWORK attack vector, HIGH impact on confidential...

8.1CVSS5.7AI score0.00475EPSS
CVE
CVE
added 2026/02/10 5:51 p.m.151 views

CVE-2026-21527

CVE-2026-21527 affects Microsoft Exchange Server. The issue is a UI misrepresentation of critical information that enables a network-based spoofing attack without user interaction or privileges. The CVSS v3.1 base metrics indicate an external attack vector with low impact on confidentiality and i...

6.5CVSS5.5AI score0.08619EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.129 views

CVE-2026-45504

CVE-2026-45504 is an SSRF-based elevation of privilege in Microsoft Exchange Server . The entry notes an attacker who is authorized can elevate privileges over the network. CVSS v3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, and LOW privileges required, with NONE...

8.8CVSS5.4AI score0.00465EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.89 views

CVE-2026-45501

CVE-2026-45501 concerns Microsoft Exchange Server. The issue is improper neutralization of input during web page generation, i.e., a cross-site scripting vulnerability that can allow an unauthorized attacker to perform spoofing over a network. CVSS 3.1 base score 6.5 (Medium): attack vector Netwo...

6.5CVSS6.6AI score0.00308EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.84 views

CVE-2026-45502

CVE-2026-45502 is a server-side request forgery in Microsoft Exchange Server. An authenticated attacker can disclose information over the network (confidentiality impact partial) without user interaction, with network access and low attack complexity, under a changed scope. The entry provides a C...

5CVSS5.4AI score0.00464EPSS
CVE
CVE
added 2025/10/14 5:0 p.m.81 views

CVE-2025-59249

CVE-2025-59249 is a Microsoft Exchange Server elevation-of-privilege vulnerability described as caused by weak authentication. The CVE is discussed across multiple sources (CNVD, EUVD, NCSC, MSRC and CVE listings) with details indicating that an attacker who is already authenticated can escalate ...

8.8CVSS6.6AI score0.00747EPSS
CVE
CVE
added 2025/08/12 5:9 p.m.62 views

CVE-2025-25005

Technical details about CVE-2025-25005 are not publicly provided in the connected documents. Monitor updates from Microsoft MSRC and advisories for affected versions, impact, and fixes.

6.5CVSS7AI score0.01267EPSS
CVE
CVE
added 2025/10/14 5:0 p.m.56 views

CVE-2025-53782

CVE-2025-53782 refers to an elevation-of-privilege vulnerability in Microsoft Exchange Server caused by an incorrect implementation of the authentication algorithm, enabling an unauthorized, local attacker to escalate privileges. Across connected sources, the vulnerability is associated with mult...

8.4CVSS6.6AI score0.00323EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.55 views

CVE-2026-47631

The CVE-2026-47631 entry concerns Microsoft Exchange Server with a vulnerability in the rendering of web pages, described as improper neutralization of input during web page generation (cross-site scripting). The underlying issue allows an unauthorized attacker to spoof users over the network. Th...

8.1CVSS5.4AI score0.00353EPSS
CVE
CVE
added 2025/08/12 5:9 p.m.53 views

CVE-2025-33051

CVE-2025-33051 is an information-disclosure vulnerability in Microsoft Exchange Server. The issue stems from improper input validation and handling of certain elements, enabling an unauthenticated attacker to disclose sensitive data over the network. The CVSSv3.1 base score is 7.5 (HIGH) with net...

7.5CVSS6.5AI score0.01133EPSS
CVE
CVE
added 2025/08/12 5:9 p.m.45 views

CVE-2025-25006

CVE-2025-25006 affects Microsoft Exchange Server. The connected MSKB/ advisories confirm a spoofing vulnerability arising from improper handling of an additional special element, exploitable over the network with no privileges or user interaction required. Microsoft released fixes: KB5063224 (Exc...

5.3CVSS6.9AI score0.00787EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.44 views

CVE-2026-45500

CVE-2026-45500: A cross-site scripting issue in Microsoft Exchange Server arises from improper neutralization of input during web page generation. This vulnerability could enable an unauthorized attacker to perform spoofing over the network. Documents identify Microsoft Exchange Server as affecte...

6.1CVSS5.4AI score0.00375EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.41 views

CVE-2026-45503

CVE-2026-45503 is an SSRF vulnerability in Microsoft Exchange Server that could allow an authorized attacker to disclose information over a network. The provided documents cite CVSSv3.1 base metrics: 8.1 (High), with NETWORK attack vector, LOW attack complexity, Privileges Required: LOW, no user ...

8.1CVSS7.1AI score0.00454EPSS
CVE
CVE
added 2025/08/12 5:9 p.m.38 views

CVE-2025-25007

CVE-2025-25007 affects Microsoft Exchange Server. The issue arises from improper validation of input syntax, allowing an unauthenticated network attacker to spoof communications. The vulnerability is reported with CVSS v3.1 base score 5.3 (Medium) and is network-exploitable with no user interacti...

5.3CVSS6.9AI score0.00796EPSS
CVE
CVE
added 2025/10/14 5:1 p.m.35 views

CVE-2025-59248

CVE-2025-59248 maps to a Microsoft Exchange Server spoofing vulnerability caused by improper input validation, enabling an unauthenticated attacker to leverage network spoofing. Connected sources (CNVD/EUVD and MSRC/MSKB entries) confirm this spoofing flaw and its association with Exchange Server...

7.5CVSS6.3AI score0.00922EPSS