Skip to main content

Exchange Server

158 CVEs product

Monthly

CVE-2026-47631 MEDIUM PATCH Exploit Unlikely This Month

Spoofing via reflected/stored cross-site scripting in Microsoft Exchange Server allows a remote unauthenticated attacker to execute attacker-controlled script in the context of a victim's authenticated Exchange session after the victim interacts with a crafted link or message. With a CVSS 3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R) and high confidentiality and integrity impact, successful exploitation enables session hijacking, mailbox content disclosure, and message manipulation, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

XSS Microsoft Exchange Server
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-45504 HIGH PATCH This Week

Privilege escalation via server-side request forgery in Microsoft Exchange Server allows an authenticated attacker with low-level network access to coerce the Exchange server into making attacker-controlled requests, resulting in high impact to confidentiality, integrity, and availability. The flaw is network-exploitable with low complexity (CVSS 8.8) but requires prior authentication, and no public exploit identified at time of analysis. As a Microsoft-discovered issue (reported by secure@microsoft.com), it is consistent with the broader pattern of Exchange SSRF chains used to pivot to elevated mailbox or domain access.

Microsoft SSRF Exchange Server
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-45503 MEDIUM PATCH This Month

Server-side request forgery in Microsoft Exchange Server allows an authenticated attacker with low privileges to coerce the Exchange server into making arbitrary outbound requests, resulting in disclosure of sensitive information and potential integrity impact across internal network resources. The CVSS 8.1 score reflects the high confidentiality and integrity impact from a network-reachable, low-complexity attack, though no public exploit identified at time of analysis. The vulnerability is tagged as an Authentication Bypass / SSRF, suggesting the SSRF primitive may be leveraged to bypass network-based authentication boundaries (e.g., reaching internal trusted endpoints).

Authentication Bypass Microsoft SSRF Exchange Server Exchange Server Subscription Edition
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-45502 MEDIUM PATCH This Month

Server-side request forgery in Microsoft Exchange Server enables an authenticated low-privilege attacker to coerce the server into issuing outbound network requests to internal or external resources, resulting in information disclosure. Affected deployments span Exchange Server 2016 CU23, Exchange Server 2019 CU14 and CU15, and the current Subscription Edition - all at versions below their respective patched builds. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis, but the Changed scope in the CVSS vector indicates the server can reach resources beyond its own trust boundary, amplifying reconnaissance value for an already-authenticated adversary.

Microsoft SSRF Exchange Server Exchange Server Subscription Edition
NVD VulDB
CVSS 3.1
5.0
EPSS
0.1%
CVE-2026-45501 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting and server-side request forgery in Microsoft Exchange Server enables authenticated low-privilege network attackers to perform spoofing and exfiltrate sensitive information. Affected are Exchange Server 2016 CU23, 2019 CU14, 2019 CU15, and the Subscription Edition RTM release lines, all below their respective patched cumulative update builds. No public exploit identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, though Microsoft has released patches across all affected branches.

XSS Microsoft SSRF Exchange Server Exchange Server Subscription Edition
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-21527 MEDIUM PATCH This Month

Microsoft Exchange Server is vulnerable to UI spoofing attacks that allow unauthenticated remote attackers to misrepresent critical information and deceive users. The vulnerability has a CVSS score of 6.5 and currently lacks an available patch, leaving affected systems exposed to social engineering and impersonation attacks. Organizations running Exchange Server should implement network-level protections and monitor for suspicious activity until a fix is released.

Microsoft Exchange Server Authentication Bypass
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-64667 MEDIUM This Month

Spoofing via UI misrepresentation in Microsoft Exchange Server 2016 and Exchange Server Subscription Edition allows unauthenticated network attackers to falsify critical sender or authentication information as rendered by the Exchange interface. Rooted in CWE-451 (UI Misrepresentation of Critical Information), the flaw enables an attacker to craft messages or interactions that Exchange presents deceptively, undermining trust signals recipients rely upon to distinguish legitimate from malicious communications. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; however, the PR:N/AC:L vector means exploitation requires no credentials and minimal attacker sophistication.

Microsoft Authentication Bypass Exchange Server Exchange Server Subscription Edition
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2025-64666 HIGH This Week

Privilege escalation in Microsoft Exchange Server 2016 (and Subscription Edition per vendor tagging) allows an authenticated attacker on the network to elevate privileges through improper input validation (CWE-20). The flaw carries a CVSS 7.5 score with high impact to confidentiality, integrity, and availability, though attack complexity is rated High. No public exploit identified at time of analysis.

Microsoft Information Disclosure Exchange Server Exchange Server Subscription Edition
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2025-59249 HIGH This Week

Privilege escalation in Microsoft Exchange Server (including 2016 cumulative updates and Subscription Edition) allows an authenticated network attacker to elevate privileges due to weak authentication mechanisms (CWE-1390). With a CVSS score of 8.8 and full confidentiality, integrity, and availability impact, this represents a significant risk to mail infrastructure, though no public exploit identified at time of analysis.

Microsoft Information Disclosure Exchange Server Exchange Server Subscription Edition
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-59248 HIGH This Week

Spoofing in Microsoft Exchange Server (including 2016 cumulative updates and Subscription Edition) allows remote unauthenticated attackers to impersonate trusted entities over the network due to improper input validation. The flaw carries a CVSS 7.5 with integrity-only impact, and no public exploit identified at time of analysis. Defenders should treat it as a credible spoofing/authentication-bypass primitive that may be chained with downstream phishing or follow-on Exchange attacks.

Microsoft Authentication Bypass Exchange Server Exchange Server Subscription Edition
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2025-53782 HIGH This Week

Local privilege escalation in Microsoft Exchange Server 2016 (and Subscription Edition) stems from an incorrect implementation of an authentication algorithm (CWE-303), allowing a low-privileged local user to gain high-impact control over confidentiality, integrity, and availability of the mail platform. The flaw was reported by Microsoft (MSRC) and carries a CVSS 3.1 base of 7.8 (AV:L/AC:L/PR:L/UI:N). At time of analysis, no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but exploitation by an authenticated insider on an Exchange host would yield full server compromise.

Microsoft Authentication Bypass Exchange Server Exchange Server Subscription Edition
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-33051 HIGH This Week

Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-25007 MEDIUM This Month

Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Exchange Server
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-25006 MEDIUM This Month

Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Exchange Server
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-25005 MEDIUM This Month

Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-53786 HIGH CERT-EU This Week

On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Microsoft Exchange Server
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2024-49040 HIGH PATCH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
7.5
EPSS
7.7%
CVE-2024-26198 HIGH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
8.8
EPSS
6.8%
CVE-2024-21410 CRITICAL KEV PATCH THREAT Act Now

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Microsoft Exchange Server
NVD
CVSS 3.1
9.8
EPSS
12.7%
CVE-2023-36439 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
4.9%
CVE-2023-36050 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
39.2%
CVE-2023-36039 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
73.0%
CVE-2023-36035 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
86.6%
CVE-2023-36778 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
8.0
EPSS
3.7%
CVE-2023-36777 MEDIUM POC PATCH THREAT This Month

Microsoft Exchange Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Information Disclosure Deserialization Exchange Server
NVD
CVSS 3.1
5.7
EPSS
81.2%
CVE-2023-36757 HIGH PATCH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
68.6%
CVE-2023-36756 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
74.7%
CVE-2023-36745 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
81.1%
CVE-2023-36744 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
81.7%
CVE-2023-38185 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2023-38182 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
11.1%
CVE-2023-38181 HIGH PATCH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.8
EPSS
16.8%
CVE-2023-35388 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
12.4%
CVE-2023-35368 HIGH PATCH This Week

Microsoft Exchange Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2023-21709 CRITICAL PATCH Act Now

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-32031 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.8
EPSS
81.8%
CVE-2023-28310 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
25.0%
CVE-2023-21710 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
7.2
EPSS
7.9%
CVE-2023-21707 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.8
EPSS
82.0%
CVE-2023-21706 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2023-21764 HIGH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-21763 HIGH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-21762 HIGH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
1.6%
CVE-2023-21761 HIGH This Week

Microsoft Exchange Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-21745 HIGH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
1.5%
CVE-2022-41123 HIGH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41080 HIGH KEV PATCH THREAT This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
8.8
EPSS
77.3%
CVE-2022-41079 HIGH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2022-41078 HIGH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2022-34692 MEDIUM This Month

Microsoft Exchange Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2022-30134 MEDIUM This Month

Microsoft Exchange Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2022-24516 HIGH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
8.0
EPSS
1.8%
CVE-2022-24477 HIGH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
8.0
EPSS
1.7%
CVE-2022-21980 HIGH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
8.0
EPSS
2.0%
CVE-2022-21979 MEDIUM This Month

Microsoft Exchange Server Information Disclosure Vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
4.8
EPSS
1.8%
CVE-2022-21978 HIGH PATCH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2022-24463 MEDIUM This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
31.8%
CVE-2022-23277 HIGH POC THREAT Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
8.8
EPSS
40.8%
CVE-2021-42321 HIGH POC KEV PATCH THREAT Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
8.8
EPSS
90.4%
CVE-2021-42305 MEDIUM PATCH This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
8.1%
CVE-2021-41349 MEDIUM POC PATCH THREAT This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
93.9%
CVE-2021-41350 MEDIUM PATCH This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-41348 HIGH PATCH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Exchange Server
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2021-34453 HIGH PATCH This Week

Microsoft Exchange Server Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Exchange Server
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-26427 CRITICAL PATCH Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
9.0
EPSS
0.9%
CVE-2021-34470 HIGH PATCH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
8.0
EPSS
3.3%
CVE-2021-33768 HIGH PATCH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
8.0
EPSS
1.2%
CVE-2021-33766 HIGH POC KEV PATCH THREAT This Week

Microsoft Exchange Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
7.3
EPSS
97.5%
CVE-2021-31206 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
7.6
EPSS
9.8%
CVE-2021-31196 HIGH KEV PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
7.2
EPSS
46.4%
CVE-2021-31209 MEDIUM PATCH This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Exchange Server
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2021-31198 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
7.8
EPSS
4.9%
CVE-2021-31195 MEDIUM POC PATCH THREAT This Month

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Authentication Bypass Exchange Server
NVD
CVSS 3.1
6.5
EPSS
73.7%
CVE-2021-28483 CRITICAL PATCH Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
9.0
EPSS
1.2%
CVE-2021-28482 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
8.8
EPSS
83.3%
CVE-2021-28481 CRITICAL POC PATCH THREAT Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
9.8
EPSS
36.5%
CVE-2021-28480 CRITICAL POC PATCH THREAT Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
9.8
EPSS
71.4%
CVE-2021-27078 CRITICAL PATCH Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
9.1
EPSS
18.3%
CVE-2021-26854 MEDIUM PATCH This Month

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
6.6
EPSS
19.6%
CVE-2021-26412 CRITICAL PATCH Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Exchange Server
NVD
CVSS 3.1
9.1
EPSS
30.4%
CVE-2021-24085 MEDIUM PATCH This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
4.6%
CVE-2021-1730 MEDIUM PATCH This Month

<p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p> <p>This update addresses this. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
5.4
EPSS
1.8%
CVE-2020-17144 HIGH KEV PATCH THREAT This Week

Microsoft Exchange Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft RCE Deserialization Exchange Server
NVD
CVSS 3.1
8.4
EPSS
36.5%
CVE-2020-17143 HIGH PATCH This Week

Microsoft Exchange Server Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
8.8
EPSS
70.6%
CVE-2020-17142 CRITICAL PATCH Act Now

Microsoft Exchange Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
9.1
EPSS
3.5%
CVE-2020-17141 HIGH PATCH This Week

Microsoft Exchange Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
8.4
EPSS
7.4%
CVE-2020-17132 CRITICAL POC PATCH THREAT Act Now

Microsoft Exchange Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
9.1
EPSS
89.8%
CVE-2020-17117 MEDIUM PATCH This Month

Microsoft Exchange Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
6.6
EPSS
48.9%
CVE-2020-17085 MEDIUM PATCH This Month

Microsoft Exchange Server Denial of Service Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable.

Denial Of Service Microsoft Exchange Server
NVD
CVSS 3.1
6.2
EPSS
3.4%
CVE-2020-17084 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Microsoft Exchange Server
NVD
CVSS 3.1
8.5
EPSS
3.6%
EPSS 0% CVSS 5.4
MEDIUM PATCH Exploit Unlikely This Month

Spoofing via reflected/stored cross-site scripting in Microsoft Exchange Server allows a remote unauthenticated attacker to execute attacker-controlled script in the context of a victim's authenticated Exchange session after the victim interacts with a crafted link or message. With a CVSS 3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R) and high confidentiality and integrity impact, successful exploitation enables session hijacking, mailbox content disclosure, and message manipulation, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

XSS Microsoft Exchange Server
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation via server-side request forgery in Microsoft Exchange Server allows an authenticated attacker with low-level network access to coerce the Exchange server into making attacker-controlled requests, resulting in high impact to confidentiality, integrity, and availability. The flaw is network-exploitable with low complexity (CVSS 8.8) but requires prior authentication, and no public exploit identified at time of analysis. As a Microsoft-discovered issue (reported by secure@microsoft.com), it is consistent with the broader pattern of Exchange SSRF chains used to pivot to elevated mailbox or domain access.

Microsoft SSRF Exchange Server
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Server-side request forgery in Microsoft Exchange Server allows an authenticated attacker with low privileges to coerce the Exchange server into making arbitrary outbound requests, resulting in disclosure of sensitive information and potential integrity impact across internal network resources. The CVSS 8.1 score reflects the high confidentiality and integrity impact from a network-reachable, low-complexity attack, though no public exploit identified at time of analysis. The vulnerability is tagged as an Authentication Bypass / SSRF, suggesting the SSRF primitive may be leveraged to bypass network-based authentication boundaries (e.g., reaching internal trusted endpoints).

Authentication Bypass Microsoft SSRF +2
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Server-side request forgery in Microsoft Exchange Server enables an authenticated low-privilege attacker to coerce the server into issuing outbound network requests to internal or external resources, resulting in information disclosure. Affected deployments span Exchange Server 2016 CU23, Exchange Server 2019 CU14 and CU15, and the current Subscription Edition - all at versions below their respective patched builds. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis, but the Changed scope in the CVSS vector indicates the server can reach resources beyond its own trust boundary, amplifying reconnaissance value for an already-authenticated adversary.

Microsoft SSRF Exchange Server +1
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting and server-side request forgery in Microsoft Exchange Server enables authenticated low-privilege network attackers to perform spoofing and exfiltrate sensitive information. Affected are Exchange Server 2016 CU23, 2019 CU14, 2019 CU15, and the Subscription Edition RTM release lines, all below their respective patched cumulative update builds. No public exploit identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, though Microsoft has released patches across all affected branches.

XSS Microsoft SSRF +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Microsoft Exchange Server is vulnerable to UI spoofing attacks that allow unauthenticated remote attackers to misrepresent critical information and deceive users. The vulnerability has a CVSS score of 6.5 and currently lacks an available patch, leaving affected systems exposed to social engineering and impersonation attacks. Organizations running Exchange Server should implement network-level protections and monitor for suspicious activity until a fix is released.

Microsoft Exchange Server Authentication Bypass
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

Spoofing via UI misrepresentation in Microsoft Exchange Server 2016 and Exchange Server Subscription Edition allows unauthenticated network attackers to falsify critical sender or authentication information as rendered by the Exchange interface. Rooted in CWE-451 (UI Misrepresentation of Critical Information), the flaw enables an attacker to craft messages or interactions that Exchange presents deceptively, undermining trust signals recipients rely upon to distinguish legitimate from malicious communications. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; however, the PR:N/AC:L vector means exploitation requires no credentials and minimal attacker sophistication.

Microsoft Authentication Bypass Exchange Server +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Privilege escalation in Microsoft Exchange Server 2016 (and Subscription Edition per vendor tagging) allows an authenticated attacker on the network to elevate privileges through improper input validation (CWE-20). The flaw carries a CVSS 7.5 score with high impact to confidentiality, integrity, and availability, though attack complexity is rated High. No public exploit identified at time of analysis.

Microsoft Information Disclosure Exchange Server +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Privilege escalation in Microsoft Exchange Server (including 2016 cumulative updates and Subscription Edition) allows an authenticated network attacker to elevate privileges due to weak authentication mechanisms (CWE-1390). With a CVSS score of 8.8 and full confidentiality, integrity, and availability impact, this represents a significant risk to mail infrastructure, though no public exploit identified at time of analysis.

Microsoft Information Disclosure Exchange Server +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Spoofing in Microsoft Exchange Server (including 2016 cumulative updates and Subscription Edition) allows remote unauthenticated attackers to impersonate trusted entities over the network due to improper input validation. The flaw carries a CVSS 7.5 with integrity-only impact, and no public exploit identified at time of analysis. Defenders should treat it as a credible spoofing/authentication-bypass primitive that may be chained with downstream phishing or follow-on Exchange attacks.

Microsoft Authentication Bypass Exchange Server +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Microsoft Exchange Server 2016 (and Subscription Edition) stems from an incorrect implementation of an authentication algorithm (CWE-303), allowing a low-privileged local user to gain high-impact control over confidentiality, integrity, and availability of the mail platform. The flaw was reported by Microsoft (MSRC) and carries a CVSS 3.1 base of 7.8 (AV:L/AC:L/PR:L/UI:N). At time of analysis, no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but exploitation by an authenticated insider on an Exchange host would yield full server compromise.

Microsoft Authentication Bypass Exchange Server +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Exchange Server
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Exchange Server
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 0% CVSS 8.0
HIGH This Week

On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Microsoft Exchange Server
NVD
EPSS 8% CVSS 7.5
HIGH PATCH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Exchange Server
NVD
EPSS 7% CVSS 8.8
HIGH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Exchange Server
NVD
EPSS 13% CVSS 9.8
CRITICAL KEV PATCH THREAT Act Now

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Microsoft Exchange Server
NVD
EPSS 5% CVSS 8.0
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 39% CVSS 8.0
HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
EPSS 73% CVSS 8.0
HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
EPSS 87% CVSS 8.0
HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
EPSS 4% CVSS 8.0
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

RCE Microsoft Exchange Server
NVD
EPSS 81% CVSS 5.7
MEDIUM POC PATCH THREAT This Month

Microsoft Exchange Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Information Disclosure Deserialization +1
NVD
EPSS 69% CVSS 8.0
HIGH PATCH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
EPSS 75% CVSS 8.0
HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 81% CVSS 8.0
HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available.

RCE Microsoft Deserialization +1
NVD
EPSS 82% CVSS 8.0
HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Exchange Server
NVD
EPSS 11% CVSS 8.0
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 17% CVSS 8.8
HIGH PATCH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
EPSS 12% CVSS 8.0
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Microsoft Exchange Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Exchange Server
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Exchange Server
NVD
EPSS 82% CVSS 8.8
HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 25% CVSS 8.0
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 8% CVSS 7.2
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 82% CVSS 8.8
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Exchange Server
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Exchange Server
NVD
EPSS 2% CVSS 8.0
HIGH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Deserialization Exchange Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Microsoft Exchange Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure Microsoft +1
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Deserialization Exchange Server
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Exchange Server
NVD
EPSS 77% CVSS 8.8
HIGH KEV PATCH THREAT This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Exchange Server
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Exchange Server
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Exchange Server
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Microsoft Exchange Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Microsoft Exchange Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 2% CVSS 8.0
HIGH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 2% CVSS 8.0
HIGH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 2% CVSS 8.0
HIGH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 2% CVSS 4.8
MEDIUM This Month

Microsoft Exchange Server Information Disclosure Vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 32% CVSS 6.5
MEDIUM This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 41% CVSS 8.8
HIGH POC THREAT Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Exchange Server
NVD
EPSS 90% CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft RCE Exchange Server
NVD
EPSS 8% CVSS 6.5
MEDIUM PATCH This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 94% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 1% CVSS 8.0
HIGH PATCH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Exchange Server
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Microsoft Exchange Server Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Exchange Server
NVD
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

Microsoft RCE Exchange Server
NVD
EPSS 3% CVSS 8.0
HIGH PATCH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 1% CVSS 8.0
HIGH PATCH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 98% CVSS 7.3
HIGH POC KEV PATCH THREAT This Week

Microsoft Exchange Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 10% CVSS 7.6
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Exchange Server
NVD
EPSS 46% CVSS 7.2
HIGH KEV PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Exchange Server
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Exchange Server
NVD
EPSS 5% CVSS 7.8
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Exchange Server
NVD
EPSS 74% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Authentication Bypass +1
NVD
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

Microsoft RCE Exchange Server
NVD
EPSS 83% CVSS 8.8
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Exchange Server
NVD
EPSS 36% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Exchange Server
NVD
EPSS 71% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Exchange Server
NVD
EPSS 18% CVSS 9.1
CRITICAL PATCH Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Exchange Server
NVD
EPSS 20% CVSS 6.6
MEDIUM PATCH This Month

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Microsoft RCE Exchange Server
NVD
EPSS 30% CVSS 9.1
CRITICAL PATCH Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Exchange Server
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

<p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p> <p>This update addresses this. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 37% CVSS 8.4
HIGH KEV PATCH THREAT This Week

Microsoft Exchange Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft RCE Deserialization +1
NVD
EPSS 71% CVSS 8.8
HIGH PATCH This Week

Microsoft Exchange Server Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

Microsoft Exchange Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Exchange Server
NVD
EPSS 7% CVSS 8.4
HIGH PATCH This Week

Microsoft Exchange Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Exchange Server
NVD
EPSS 90% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

Microsoft Exchange Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Exchange Server
NVD
EPSS 49% CVSS 6.6
MEDIUM PATCH This Month

Microsoft Exchange Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

RCE Microsoft Exchange Server
NVD
EPSS 3% CVSS 6.2
MEDIUM PATCH This Month

Microsoft Exchange Server Denial of Service Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable.

Denial Of Service Microsoft Exchange Server
NVD
EPSS 4% CVSS 8.5
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Microsoft +1
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy