microsoft exchange_server の CVE（228 件）

CVE 件数: 228 CPE versions: View versions table

概要

本ページは microsoft exchange_server に影響する公開済み CVE（NVD の CPE 経由で関連付け）を列挙します。各行に深刻度指標・概要・公開日が含まれます。

CVE	概要	ソース	CVSS 最大値	EPSS（%）	公開	更新
CVE-2026-42897 KEV	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.	[email protected]	8.1	7.86%	2026-05-14	2026-05-15
CVE-2026-21527	User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.	[email protected]	6.5	0.06%	2026-02-10	2026-02-11
CVE-2025-64667	User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.	[email protected]	5.3	0.03%	2025-12-09	2026-01-02
CVE-2025-64666	Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.	[email protected]	7.5	0.04%	2025-12-09	2026-01-02
CVE-2025-59249	Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.	[email protected]	8.8	0.07%	2025-10-14	2025-10-28
CVE-2025-59248	Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.	[email protected]	7.5	0.17%	2025-10-14	2025-10-28
CVE-2025-53782	Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.	[email protected]	8.4	0.06%	2025-10-14	2025-10-27
CVE-2025-33051	Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.	[email protected]	7.5	2.09%	2025-08-12	2025-09-03
CVE-2025-25007	Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.	[email protected]	5.3	1.57%	2025-08-12	2025-09-03
CVE-2025-25006	Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.	[email protected]	5.3	1.51%	2025-08-12	2025-09-03
CVE-2025-25005	Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.	[email protected]	6.5	2.29%	2025-08-12	2025-08-21
CVE-2025-53786	On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by tak	[email protected]	8.0	0.54%	2025-08-06	2026-02-27
CVE-2024-49040	Microsoft Exchange Server Spoofing Vulnerability	[email protected]	7.5	5.39%	2024-11-12	2024-11-16
CVE-2024-26198	Microsoft Exchange Server Remote Code Execution Vulnerability	[email protected]	8.8	2.69%	2024-03-12	2024-12-06
CVE-2024-21410 KEV	Microsoft Exchange Server Elevation of Privilege Vulnerability	[email protected]	9.8	6.14%	2024-02-13	2025-10-28
CVE-2023-36439	Microsoft Exchange Server Remote Code Execution Vulnerability	[email protected]	8.0	0.63%	2023-11-14	2024-11-21
CVE-2023-36050	Microsoft Exchange Server Spoofing Vulnerability	[email protected]	8.0	4.09%	2023-11-14	2024-11-21
CVE-2023-36039	Microsoft Exchange Server Spoofing Vulnerability	[email protected]	8.0	4.09%	2023-11-14	2024-11-21
CVE-2023-36035	Microsoft Exchange Server Spoofing Vulnerability	[email protected]	8.0	4.09%	2023-11-14	2024-11-21
CVE-2023-36778	Microsoft Exchange Server Remote Code Execution Vulnerability	[email protected]	8.0	1.17%	2023-10-10	2024-11-21

cvelogic Threat Intelligence