Skip to main content

Bing

5 CVEs product

Monthly

CVE-2026-45650 MEDIUM PATCH Exploit Unlikely This Month

UI misrepresentation of critical information in Microsoft Bing Search for Android (versions below 33.3) enables unauthenticated network-based attackers to spoof content displayed to end users. The vulnerability (CWE-451) causes the application to render or present critical information-such as URLs, security indicators, or source attribution-in a misleading way, enabling deception attacks. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the zero-privilege-required, low-complexity network vector makes it accessible to opportunistic attackers targeting users of the unpatched Android application.

Authentication Bypass Microsoft Bing
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-21355 HIGH PATCH This Week

Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Bing
NVD
CVSS 3.1
8.6
EPSS
6.7%
CVE-2021-33753 MEDIUM PATCH This Month

Microsoft Bing Search Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Bing
NVD
CVSS 3.1
4.7
EPSS
1.5%
CVE-2020-1329 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Authentication Bypass Bing
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2014-1670 MEDIUM POC THREAT This Month

The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.2%.

Code Injection Google Microsoft RCE Bing
NVD
CVSS 2.0
6.8
EPSS
29.2%
EPSS 0% CVSS 4.3
MEDIUM PATCH Exploit Unlikely This Month

UI misrepresentation of critical information in Microsoft Bing Search for Android (versions below 33.3) enables unauthenticated network-based attackers to spoof content displayed to end users. The vulnerability (CWE-451) causes the application to render or present critical information-such as URLs, security indicators, or source attribution-in a misleading way, enabling deception attacks. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the zero-privilege-required, low-complexity network vector makes it accessible to opportunistic attackers targeting users of the unpatched Android application.

Authentication Bypass Microsoft Bing
NVD VulDB
EPSS 7% CVSS 8.6
HIGH PATCH This Week

Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Bing
NVD
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

Microsoft Bing Search Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Bing
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Authentication Bypass +1
NVD
EPSS 29% CVSS 6.8
MEDIUM POC THREAT This Month

The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.2%.

Code Injection Google Microsoft +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy