microsoft dynamics_365 CVE Vulnerabilities (96)

CVEs: 96 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting microsoft dynamics_365 (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2026-42898	Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.	[email protected]	9.9	0.07%	2026-05-12	2026-05-14
CVE-2026-42833	Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.	[email protected]	9.1	0.07%	2026-05-12	2026-06-01
CVE-2026-32210	Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.	[email protected]	9.3	0.03%	2026-04-23	2026-05-05
CVE-2025-62211	Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.	[email protected]	8.7	0.04%	2025-11-11	2025-11-17
CVE-2025-62210	Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.	[email protected]	8.7	0.04%	2025-11-11	2025-11-17
CVE-2025-62206	Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.	[email protected]	6.5	0.07%	2025-11-11	2025-11-17
CVE-2025-55238	Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability	[email protected]	7.5	0.97%	2025-09-04	2025-09-10
CVE-2025-53728	Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.	[email protected]	6.5	1.27%	2025-08-12	2025-08-15
CVE-2025-49745	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.	[email protected]	5.4	0.50%	2025-08-12	2025-08-15
CVE-2025-49715	Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network.	[email protected]	7.5	6.25%	2025-06-20	2025-07-17
CVE-2024-43476	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	[email protected]	7.6	0.50%	2024-09-10	2024-09-13
CVE-2024-38211	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	[email protected]	8.2	0.31%	2024-08-13	2024-08-15
CVE-2024-38182	Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.	[email protected]	9.0	2.01%	2024-07-31	2025-11-14
CVE-2024-30061	Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability	[email protected]	7.3	5.03%	2024-07-09	2024-11-21
CVE-2024-35263	Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability	[email protected]	5.7	5.56%	2024-06-11	2024-11-21
CVE-2024-21419	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	[email protected]	7.6	0.37%	2024-03-12	2024-11-29
CVE-2024-21396	Dynamics 365 Sales Spoofing Vulnerability	[email protected]	7.6	0.21%	2024-02-13	2024-11-21
CVE-2024-21395	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	[email protected]	8.2	0.20%	2024-02-13	2024-11-21
CVE-2024-21394	Dynamics 365 Field Service Spoofing Vulnerability	[email protected]	7.6	0.21%	2024-02-13	2024-11-21
CVE-2024-21393	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	[email protected]	7.6	0.19%	2024-02-13	2024-11-21

cvelogic Threat Intelligence