microsoft exchange_server_subscription_edition CVE Vulnerabilities (19)

CVEs: 19 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting microsoft exchange_server_subscription_edition (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 119 of 19 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-47631 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. [email protected] 8.1 0.35% 2026-06-09 2026-06-17
CVE-2026-45583 Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network. [email protected] 7.5 0.47% 2026-06-09 2026-06-17
CVE-2026-45504 Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. [email protected] 8.8 0.46% 2026-06-09 2026-06-17
CVE-2026-45503 Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network. [email protected] 8.1 0.45% 2026-06-09 2026-06-17
CVE-2026-45502 Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network. [email protected] 5.0 0.46% 2026-06-09 2026-06-17
CVE-2026-45501 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. [email protected] 6.5 0.30% 2026-06-09 2026-06-17
CVE-2026-45500 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. [email protected] 6.1 0.38% 2026-06-09 2026-06-17
CVE-2026-42897 KEV Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. [email protected] 8.1 5.64% 2026-05-14 2026-06-17
CVE-2026-21527 User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. [email protected] 6.5 9.46% 2026-02-10 2026-06-17
CVE-2025-64667 User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. [email protected] 5.3 0.82% 2025-12-09 2026-06-17
CVE-2025-64666 Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. [email protected] 7.5 0.98% 2025-12-09 2026-06-17
CVE-2025-59249 Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. [email protected] 8.8 0.75% 2025-10-14 2026-06-17
CVE-2025-59248 Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. [email protected] 7.5 0.92% 2025-10-14 2026-06-17
CVE-2025-53782 Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. [email protected] 8.4 0.33% 2025-10-14 2026-06-17
CVE-2025-33051 Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. [email protected] 7.5 1.13% 2025-08-12 2026-06-17
CVE-2025-25007 Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. [email protected] 5.3 0.80% 2025-08-12 2026-06-17
CVE-2025-25006 Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. [email protected] 5.3 0.79% 2025-08-12 2026-06-17
CVE-2025-25005 Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. [email protected] 6.5 1.27% 2025-08-12 2026-06-17
CVE-2025-53786 On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by tak [email protected] 8.0 7.42% 2025-08-06 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence