Microsoft Exchange Server
by Microsoft
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-0688 | 0.29 | — | 0.94 | KEV | Feb 11, 2020 | A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | ||
| CVE-2019-0724 | 0.08 | — | 0.61 | Mar 6, 2019 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686. | |||
| CVE-2018-8265 | 0.02 | — | 0.19 | Oct 10, 2018 | A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server. | |||
| CVE-2019-1373 | 0.01 | — | 0.10 | Nov 12, 2019 | A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. | |||
| CVE-2019-1233 | 0.01 | — | 0.11 | Sep 11, 2019 | A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'. | |||
| CVE-2019-1084 | 0.01 | — | 0.09 | Jul 15, 2019 | An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to… | |||
| CVE-2019-0686 | 0.01 | — | 0.11 | Mar 6, 2019 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0724. | |||
| CVE-2026-21527 | 0.00 | — | 0.00 | Feb 10, 2026 | User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-64666 | 0.00 | — | 0.00 | Dec 9, 2025 | Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2025-64667 | 0.00 | — | 0.00 | Dec 9, 2025 | User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-59248 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-59249 | 0.00 | — | 0.00 | Oct 14, 2025 | Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2025-53782 | 0.00 | — | 0.00 | Oct 14, 2025 | Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. | |||
| CVE-2025-25007 | 0.00 | — | 0.02 | Aug 12, 2025 | Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-25006 | 0.00 | — | 0.01 | Aug 12, 2025 | Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-25005 | 0.00 | — | 0.02 | Aug 12, 2025 | Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. | |||
| CVE-2025-33051 | 0.00 | — | 0.02 | Aug 12, 2025 | Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-53786 | 0.00 | — | 0.00 | Aug 6, 2025 | On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation,… | |||
| CVE-2020-0692 | 0.00 | — | 0.05 | Feb 11, 2020 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. | |||
| CVE-2019-1266 | 0.00 | — | 0.00 | Sep 11, 2019 | A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. |
- risk 0.29cvss —epss 0.94
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
- CVE-2019-0724Mar 6, 2019risk 0.08cvss —epss 0.61
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.
- CVE-2018-8265Oct 10, 2018risk 0.02cvss —epss 0.19
A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server.
- CVE-2019-1373Nov 12, 2019risk 0.01cvss —epss 0.10
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.
- CVE-2019-1233Sep 11, 2019risk 0.01cvss —epss 0.11
A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'.
- CVE-2019-1084Jul 15, 2019risk 0.01cvss —epss 0.09
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to…
- CVE-2019-0686Mar 6, 2019risk 0.01cvss —epss 0.11
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0724.
- CVE-2026-21527Feb 10, 2026risk 0.00cvss —epss 0.00
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-64666Dec 9, 2025risk 0.00cvss —epss 0.00
Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
- CVE-2025-64667Dec 9, 2025risk 0.00cvss —epss 0.00
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-59248Oct 14, 2025risk 0.00cvss —epss 0.00
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-59249Oct 14, 2025risk 0.00cvss —epss 0.00
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
- CVE-2025-53782Oct 14, 2025risk 0.00cvss —epss 0.00
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
- CVE-2025-25007Aug 12, 2025risk 0.00cvss —epss 0.02
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-25006Aug 12, 2025risk 0.00cvss —epss 0.01
Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-25005Aug 12, 2025risk 0.00cvss —epss 0.02
Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.
- CVE-2025-33051Aug 12, 2025risk 0.00cvss —epss 0.02
Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.
- CVE-2025-53786Aug 6, 2025risk 0.00cvss —epss 0.00
On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation,…
- CVE-2020-0692Feb 11, 2020risk 0.00cvss —epss 0.05
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
- CVE-2019-1266Sep 11, 2019risk 0.00cvss —epss 0.00
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'.
Page 1 of 2