本頁列出影響 microsoft dynamics_365 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-47647 | Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network. | [email protected] | 9.9 | 0.44% | 2026-06-18 | 2026-06-25 |
| CVE-2026-40371 | Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network. | [email protected] | 8.8 | 0.63% | 2026-06-09 | 2026-06-17 |
| CVE-2026-42898 | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | [email protected] | 9.9 | 1.19% | 2026-05-12 | 2026-06-17 |
| CVE-2026-42833 | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | [email protected] | 9.1 | 0.75% | 2026-05-12 | 2026-06-17 |
| CVE-2026-32210 | Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network. | [email protected] | 9.3 | 0.58% | 2026-04-23 | 2026-06-17 |
| CVE-2026-33103 | Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. | [email protected] | 5.5 | 0.22% | 2026-04-14 | 2026-06-17 |
| CVE-2025-62211 | Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. | [email protected] | 8.7 | 0.58% | 2025-11-11 | 2026-06-17 |
| CVE-2025-62210 | Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. | [email protected] | 8.7 | 0.58% | 2025-11-11 | 2026-06-17 |
| CVE-2025-62206 | Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. | [email protected] | 6.5 | 0.86% | 2025-11-11 | 2026-06-17 |
| CVE-2025-55238 | Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability | [email protected] | 7.5 | 0.77% | 2025-09-04 | 2026-06-17 |
| CVE-2025-53728 | Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. | [email protected] | 6.5 | 1.18% | 2025-08-12 | 2026-06-17 |
| CVE-2025-49745 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. | [email protected] | 5.4 | 0.47% | 2025-08-12 | 2026-06-17 |
| CVE-2025-49715 | Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network. | [email protected] | 7.5 | 0.69% | 2025-06-19 | 2026-06-17 |
| CVE-2024-43476 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | [email protected] | 7.6 | 0.84% | 2024-09-10 | 2026-06-17 |
| CVE-2024-38211 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | [email protected] | 8.2 | 0.94% | 2024-08-13 | 2026-06-17 |
| CVE-2024-38182 | Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | [email protected] | 9.0 | 0.89% | 2024-07-31 | 2026-06-17 |
| CVE-2024-30061 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | [email protected] | 7.3 | 1.37% | 2024-07-09 | 2026-06-17 |
| CVE-2024-35263 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | [email protected] | 5.7 | 1.66% | 2024-06-11 | 2026-06-17 |
| CVE-2024-21419 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | [email protected] | 7.6 | 1.08% | 2024-03-12 | 2026-06-17 |
| CVE-2024-21396 | Dynamics 365 Sales Spoofing Vulnerability | [email protected] | 7.6 | 1.16% | 2024-02-13 | 2026-06-17 |