Microsoft Account
by Microsoft
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-0760 | Hig | 0.58 | 8.8 | 0.09 | Apr 15, 2020 | A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991. | ||
| CVE-2025-21396 | Hig | 0.53 | 8.2 | 0.01 | Jan 29, 2025 | Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2018-8312 | Hig | 0.52 | 7.8 | 0.20 | Jul 11, 2018 | A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office. | ||
| CVE-2019-1172 | Med | 0.28 | 4.3 | 0.04 | Aug 14, 2019 | An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. To exploit the vulnerability, an attacker would… | ||
| CVE-2026-21264 | 0.00 | — | 0.00 | Jan 22, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network. |
- risk 0.58cvss 8.8epss 0.09
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.
- risk 0.53cvss 8.2epss 0.01
Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.
- risk 0.52cvss 7.8epss 0.20
A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office.
- risk 0.28cvss 4.3epss 0.04
An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. To exploit the vulnerability, an attacker would…
- CVE-2026-21264Jan 22, 2026risk 0.00cvss —epss 0.00
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.