聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2021-34473 KEV | Microsoft Exchange Server Remote Code Execution Vulnerability | 9.1 | 100.00% | 2021-07-14 | 2026-06-16 |
| CVE-2021-26855 KEV | Microsoft Exchange Server Remote Code Execution Vulnerability | 9.1 | 100.00% | 2021-03-02 | 2026-06-16 |
| CVE-2019-0708 KEV | A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | 9.8 | 100.00% | 2019-05-16 | 2026-06-16 |
| CVE-2015-1635 KEV | HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability." | 9.8 | 100.00% | 2015-04-14 | 2026-06-16 |
| CVE-2012-0158 KEV | The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web | 8.8 | 99.99% | 2012-04-10 | 2026-06-16 |
| CVE-2021-34523 KEV | Microsoft Exchange Server Elevation of Privilege Vulnerability | 9.0 | 99.99% | 2021-07-14 | 2026-06-16 |
| CVE-2025-53770 KEV | Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. | 9.8 | 99.98% | 2025-07-19 | 2026-06-17 |
| CVE-2020-0688 KEV | A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 | 99.97% | 2020-02-11 | 2026-06-16 |
| CVE-2022-41082 KEV | Microsoft Exchange Server Remote Code Execution Vulnerability | 8.0 | 99.96% | 2022-10-02 | 2026-06-17 |
| CVE-2025-59287 KEV | Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network. | 9.8 | 99.96% | 2025-10-14 | 2026-06-17 |
| CVE-2021-27065 KEV | Microsoft Exchange Server Remote Code Execution Vulnerability | 7.8 | 99.95% | 2021-03-02 | 2026-06-16 |
| CVE-2022-41040 KEV | Microsoft Exchange Server Elevation of Privilege Vulnerability | 8.8 | 99.94% | 2022-10-02 | 2026-06-17 |
| CVE-2017-11882 KEV | Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884. | 7.8 | 99.94% | 2017-11-14 | 2026-06-16 |
| CVE-2017-0199 KEV | Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." | 7.8 | 99.93% | 2017-04-12 | 2026-06-16 |
| CVE-2019-0604 KEV | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594. | 9.8 | 99.91% | 2019-03-05 | 2026-06-16 |
| CVE-2025-49704 KEV | Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 | 99.91% | 2025-07-08 | 2026-06-17 |
| CVE-2025-53771 | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | 6.5 | 99.89% | 2025-07-20 | 2026-06-17 |
| CVE-2025-49706 KEV | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | 6.5 | 99.88% | 2025-07-08 | 2026-06-17 |
| CVE-2020-0796 KEV | A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'. | 10.0 | 99.81% | 2020-03-12 | 2026-06-16 |
| CVE-2021-31207 KEV | Microsoft Exchange Server Security Feature Bypass Vulnerability | 6.6 | 99.78% | 2021-05-11 | 2026-06-16 |