CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 416013346 条结果
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-55945 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Edge (Chromium-based) allows an authorized attacker to disclose information locally. 4.2 0.15% 2026-07-03 2026-07-03
CVE-2026-45489 Microsoft Edge (Chromium-based) Spoofing Vulnerability 6.5 0.53% 2026-07-03 2026-07-03
CVE-2026-45488 User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. 5.4 0.30% 2026-07-03 2026-07-03
CVE-2026-57100 Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network. 9.9 0.64% 2026-07-02 2026-07-02
CVE-2026-54998 Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. 8.8 0.64% 2026-07-02 2026-07-02
CVE-2026-45499 Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network. 9.9 0.62% 2026-07-02 2026-07-02
CVE-2026-41106 Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network. 9.3 0.54% 2026-07-02 2026-07-02
CVE-2026-26145 Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network. 4.8 0.33% 2026-07-02 2026-07-02
CVE-2026-50521 Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. 8.3 0.82% 2026-07-01 2026-07-03
CVE-2026-50519 Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network. 6.5 0.53% 2026-06-19 2026-06-29
CVE-2026-48584 Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network. 9.9 0.50% 2026-06-19 2026-06-29
CVE-2026-48582 Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. 9.6 0.40% 2026-06-19 2026-06-24
CVE-2026-47645 Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network. 8.8 0.42% 2026-06-19 2026-06-26
CVE-2026-45480 Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network. 10.0 0.57% 2026-06-19 2026-06-24
CVE-2026-42895 Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network. 6.5 0.39% 2026-06-19 2026-06-26
CVE-2026-32208 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Entra ID allows an authorized attacker to perform spoofing over a network. 8.8 0.28% 2026-06-19 2026-07-01
CVE-2026-54130 Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network. 9.8 0.58% 2026-06-18 2026-06-25
CVE-2026-47647 Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network. 9.9 0.44% 2026-06-18 2026-06-25
CVE-2026-47633 Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network. 7.5 0.58% 2026-06-18 2026-06-26
CVE-2026-32174 Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network. 7.7 0.37% 2026-06-18 2026-06-24
cvelogic Threat Intelligence