Microsoft Account
by Microsoft
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8312 | Hig | 0.52 | 7.8 | 0.20 | Jul 11, 2018 | A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office. | ||
| CVE-2020-0760 | 0.03 | — | 0.09 | Apr 15, 2020 | A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991. | |||
| CVE-2026-21264 | 0.00 | — | 0.00 | Jan 22, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-21396 | 0.00 | — | 0.01 | Jan 29, 2025 | Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. |
- risk 0.52cvss 7.8epss 0.20
A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office.
- CVE-2020-0760Apr 15, 2020risk 0.03cvss —epss 0.09
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.
- CVE-2026-21264Jan 22, 2026risk 0.00cvss —epss 0.00
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-21396Jan 29, 2025risk 0.00cvss —epss 0.01
Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.