Dynamics 365

dynamics_365

Vendor: Microsoft • 97 CVEs

CVEs (97)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-42898 1Microsoft 1Dynamics 365 May 14, 2026 May 12, 2026 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42833 1Microsoft 1Dynamics 365 Jun 1, 2026 May 12, 2026 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-32210 1Microsoft 1Dynamics 365 May 5, 2026 Apr 23, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33103 1Microsoft 1Dynamics 365 Apr 28, 2026 Apr 14, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.
CVE-2025-62211 1Microsoft 1Dynamics 365 Nov 17, 2025 Nov 11, 2025 N/A· v4 8.7 HIGH· v3 N/A· v2 Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
CVE-2025-62210 1Microsoft 1Dynamics 365 Nov 17, 2025 Nov 11, 2025 N/A· v4 8.7 HIGH· v3 N/A· v2 Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
CVE-2025-62206 1Microsoft 1Dynamics 365 Nov 17, 2025 Nov 11, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
CVE-2025-55238 1Microsoft 1Dynamics 365 Sep 10, 2025 Sep 4, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
CVE-2025-53728 1Microsoft 1Dynamics 365 Aug 15, 2025 Aug 12, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
CVE-2025-49745 1Microsoft 1Dynamics 365 Aug 15, 2025 Aug 12, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49715 1Microsoft 1Dynamics 365 Jul 17, 2025 Jun 20, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network.
CVE-2024-43476 1Microsoft 1Dynamics 365 Sep 13, 2024 Sep 10, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-38211 1Microsoft 1Dynamics 365 Aug 15, 2024 Aug 13, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-38182 1Microsoft 1Dynamics 365 Nov 14, 2025 Jul 31, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
CVE-2024-30061 1Microsoft 1Dynamics 365 Nov 21, 2024 Jul 9, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2024-35263 1Microsoft 1Dynamics 365 Nov 21, 2024 Jun 11, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2024-21419 1Microsoft 1Dynamics 365 Nov 29, 2024 Mar 12, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21396 1Microsoft 1Dynamics 365 Nov 21, 2024 Feb 13, 2024 N/A· v4 7.6 HIGH· v3 N/A· v2 Dynamics 365 Sales Spoofing Vulnerability
CVE-2024-21395 1Microsoft 1Dynamics 365 Nov 21, 2024 Feb 13, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21394 1Microsoft 1Dynamics 365 Nov 21, 2024 Feb 13, 2024 N/A· v4 7.6 HIGH· v3 N/A· v2 Dynamics 365 Field Service Spoofing Vulnerability

12 3 4 5 Next