聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-55945 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Edge (Chromium-based) allows an authorized attacker to disclose information locally. | 4.2 | 0.15% | 2026-07-03 | 2026-07-03 |
| CVE-2026-45489 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 6.5 | 0.53% | 2026-07-03 | 2026-07-03 |
| CVE-2026-45488 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | 5.4 | 0.30% | 2026-07-03 | 2026-07-03 |
| CVE-2026-57100 | Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network. | 9.9 | 0.64% | 2026-07-02 | 2026-07-02 |
| CVE-2026-54998 | Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. | 8.8 | 0.64% | 2026-07-02 | 2026-07-02 |
| CVE-2026-45499 | Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network. | 9.9 | 0.62% | 2026-07-02 | 2026-07-02 |
| CVE-2026-41106 | Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network. | 9.3 | 0.54% | 2026-07-02 | 2026-07-02 |
| CVE-2026-26145 | Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network. | 4.8 | 0.33% | 2026-07-02 | 2026-07-02 |
| CVE-2026-50521 | Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. | 8.3 | 0.82% | 2026-07-01 | 2026-07-03 |
| CVE-2026-50519 | Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network. | 6.5 | 0.53% | 2026-06-19 | 2026-06-29 |
| CVE-2026-48584 | Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network. | 9.9 | 0.50% | 2026-06-19 | 2026-06-29 |
| CVE-2026-48582 | Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. | 9.6 | 0.40% | 2026-06-19 | 2026-06-24 |
| CVE-2026-47645 | Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network. | 8.8 | 0.42% | 2026-06-19 | 2026-06-26 |
| CVE-2026-45480 | Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.57% | 2026-06-19 | 2026-06-24 |
| CVE-2026-42895 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network. | 6.5 | 0.39% | 2026-06-19 | 2026-06-26 |
| CVE-2026-32208 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Entra ID allows an authorized attacker to perform spoofing over a network. | 8.8 | 0.28% | 2026-06-19 | 2026-07-01 |
| CVE-2026-54130 | Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network. | 9.8 | 0.58% | 2026-06-18 | 2026-06-25 |
| CVE-2026-47647 | Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network. | 9.9 | 0.44% | 2026-06-18 | 2026-06-25 |
| CVE-2026-47633 | Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network. | 7.5 | 0.58% | 2026-06-18 | 2026-06-26 |
| CVE-2026-32174 | Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network. | 7.7 | 0.37% | 2026-06-18 | 2026-06-24 |