VYPR

Exchange Server

by Microsoft

CVEs (233)

  • CVE-2023-21529HigKEVFeb 14, 2023
    risk 0.77cvss 8.8epss 0.62

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2017-8540HigKEVMay 26, 2017
    risk 0.71cvss 7.8epss 0.72

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2018-8302CriAug 15, 2018
    risk 0.66cvss 9.8epss 0.26

    A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2026-42897HigKEVMay 14, 2026
    risk 0.65cvss 8.1epss 0.06

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2018-8154CriMay 9, 2018
    risk 0.65cvss 9.8epss 0.22

    A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.

  • CVE-2018-0986HigApr 4, 2018
    risk 0.65cvss 8.8epss 0.61

    A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender,…

  • CVE-2026-45504HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

  • CVE-2025-59249HigOct 14, 2025
    risk 0.57cvss 8.8epss 0.01

    Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

  • CVE-2018-16793HigSep 21, 2018
    risk 0.57cvss 8.6epss 0.11

    Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

  • CVE-2025-53782HigOct 14, 2025
    risk 0.55cvss 8.4epss 0.00

    Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-47631HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-45503HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

  • CVE-2017-11932HigDec 12, 2017
    risk 0.53cvss 8.1epss 0.06

    Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".

  • CVE-2017-11937HigDec 7, 2017
    risk 0.53cvss 7.8epss 0.28

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and…

  • CVE-2025-53786HigAug 6, 2025
    risk 0.52cvss 8.0epss 0.07

    On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation,…

  • CVE-2018-8265HigOct 10, 2018
    risk 0.52cvss 7.8epss 0.20

    A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2017-11940HigDec 8, 2017
    risk 0.52cvss 7.8epss 0.20

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and…

  • CVE-2026-45583HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.

  • CVE-2025-64666HigDec 9, 2025
    risk 0.49cvss 7.5epss 0.01

    Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

  • CVE-2025-59248HigOct 14, 2025
    risk 0.49cvss 7.5epss 0.01

    Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Page 1 of 12