Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-48579 | Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network. | 9.1 | 0.07% | 2026-06-04 | 2026-06-05 |
| CVE-2026-48567 | Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.08% | 2026-06-04 | 2026-06-05 |
| CVE-2026-47655 | Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network. | 6.5 | 0.15% | 2026-06-04 | 2026-06-05 |
| CVE-2026-47644 | Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network. | 6.5 | 0.08% | 2026-06-04 | 2026-06-05 |
| CVE-2026-45497 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network. | 7.7 | 0.08% | 2026-06-04 | 2026-06-05 |
| CVE-2026-42824 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | 6.5 | 0.08% | 2026-06-04 | 2026-06-05 |
| CVE-2026-47294 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.0 | 0.06% | 2026-06-01 | 2026-06-03 |
| CVE-2026-47280 | Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.07% | 2026-05-22 | 2026-05-27 |
| CVE-2026-45659 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 | 0.86% | 2026-05-22 | 2026-05-27 |
| CVE-2026-42901 | Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.03% | 2026-05-22 | 2026-05-27 |
| CVE-2026-42827 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | 6.5 | 0.06% | 2026-05-22 | 2026-05-27 |
| CVE-2026-41104 | Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network. | 10.0 | 0.31% | 2026-05-22 | 2026-05-29 |
| CVE-2026-41090 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network. | 9.3 | 0.05% | 2026-05-22 | 2026-05-27 |
| CVE-2026-40412 | Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. | 10.0 | 0.40% | 2026-05-22 | 2026-05-27 |
| CVE-2026-40411 | Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network. | 9.9 | 0.09% | 2026-05-22 | 2026-05-27 |
| CVE-2026-35430 | Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network. | 8.8 | 0.06% | 2026-05-22 | 2026-05-27 |
| CVE-2026-33843 | Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network. | 9.1 | 0.05% | 2026-05-22 | 2026-05-27 |
| CVE-2026-26147 | Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | 7.7 | 0.11% | 2026-05-22 | 2026-05-27 |
| CVE-2026-23663 | Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network. | 7.5 | 0.07% | 2026-05-22 | 2026-05-27 |
| CVE-2026-23652 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. | 10.0 | 0.07% | 2026-05-22 | 2026-05-27 |