CVE-2026-47647
- EPSS 0.43%
- Veröffentlicht 18.06.2026 21:42:40
- Zuletzt bearbeitet 25.06.2026 18:57:14
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
CVE-2026-40371
- EPSS 0.63%
- Veröffentlicht 09.06.2026 17:17:05
- Zuletzt bearbeitet 09.06.2026 19:32:51
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
CVE-2026-33821
- EPSS 0.66%
- Veröffentlicht 12.05.2026 16:59:38
- Zuletzt bearbeitet 15.05.2026 18:26:18
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
CVE-2026-42833
- EPSS 0.75%
- Veröffentlicht 12.05.2026 16:59:35
- Zuletzt bearbeitet 01.06.2026 19:16:44
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42898
- EPSS 1.19%
- Veröffentlicht 12.05.2026 16:59:06
- Zuletzt bearbeitet 14.05.2026 14:31:46
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-32210
- EPSS 0.58%
- Veröffentlicht 23.04.2026 21:35:47
- Zuletzt bearbeitet 05.05.2026 14:10:29
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33103
- EPSS 0.22%
- Veröffentlicht 14.04.2026 16:58:41
- Zuletzt bearbeitet 28.04.2026 12:15:28
Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.
CVE-2025-58112
- EPSS 0.46%
- Veröffentlicht 18.03.2026 00:00:00
- Zuletzt bearbeitet 19.03.2026 15:16:20
Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; this is then processed by the SQL Server Reporting Se...
CVE-2025-62210
- EPSS 0.59%
- Veröffentlicht 11.11.2025 18:15:48
- Zuletzt bearbeitet 17.11.2025 17:41:05
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
CVE-2025-62211
- EPSS 0.59%
- Veröffentlicht 11.11.2025 18:15:48
- Zuletzt bearbeitet 17.11.2025 17:41:00
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.