CVEs (19)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Jun 9, 2026 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Jun 9, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Jun 9, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Jun 9, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Jun 9, 2026 N/A· v4 5.0 MEDIUM· v3 N/A· v2 Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Jun 9, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Jun 9, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 May 14, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Feb 10, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Dec 9, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Dec 9, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Oct 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Oct 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Aug 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Aug 12, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Aug 12, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Aug 12, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. |
1Microsoft 2Exchange Server Exchange Server Subscription EditionJun 17, 2026 Aug 6, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hyb...Show more |