NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-47646 | Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network. | 9.3 | 0.27% | 2026-07-08 | 2026-07-09 |
| CVE-2026-58525 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | 8.2 | 0.37% | 2026-07-08 | 2026-07-09 |
| CVE-2026-58295 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | 8.3 | 0.38% | 2026-07-03 | 2026-07-07 |
| CVE-2026-58293 | External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 8.1 | 0.44% | 2026-07-03 | 2026-07-07 |
| CVE-2026-58289 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 9.0 | 0.44% | 2026-07-03 | 2026-07-07 |
| CVE-2026-58288 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 8.3 | 0.45% | 2026-07-03 | 2026-07-07 |
| CVE-2026-58287 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 8.3 | 0.45% | 2026-07-03 | 2026-07-07 |
| CVE-2026-58286 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | 8.1 | 0.31% | 2026-07-03 | 2026-07-07 |
| CVE-2026-58285 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 8.3 | 0.45% | 2026-07-03 | 2026-07-07 |
| CVE-2026-58284 | Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 8.3 | 0.41% | 2026-07-03 | 2026-07-07 |
| CVE-2026-58283 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | 8.1 | 0.33% | 2026-07-03 | 2026-07-06 |
| CVE-2026-58282 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | 8.1 | 0.31% | 2026-07-03 | 2026-07-06 |
| CVE-2026-57983 | Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | 8.7 | 0.46% | 2026-07-03 | 2026-07-07 |
| CVE-2026-57981 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 8.8 | 0.57% | 2026-07-03 | 2026-07-07 |
| CVE-2026-57974 | Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 8.8 | 0.57% | 2026-07-03 | 2026-07-07 |
| CVE-2026-56645 | Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 8.8 | 0.57% | 2026-07-03 | 2026-07-07 |
| CVE-2026-57100 | Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network. | 9.9 | 0.64% | 2026-07-02 | 2026-07-08 |
| CVE-2026-54998 | Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. | 8.8 | 0.64% | 2026-07-02 | 2026-07-07 |
| CVE-2026-45499 | Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network. | 9.9 | 0.62% | 2026-07-02 | 2026-07-07 |
| CVE-2026-41106 | Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network. | 9.3 | 0.54% | 2026-07-02 | 2026-07-07 |