Export limit exceeded: 17870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (120 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1229 | 1 Microsoft | 1 Dynamics 365 | 2026-02-20 | N/A |
| An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker needs to have credentials for a user that has permission to author customized business rules in Dynamics, and persist XAML script in a way that causes it to be interpreted as code. The update addresses the vulnerability by restricting XAML activities to a whitelisted set. | ||||
| CVE-2025-55238 | 1 Microsoft | 3 365, Dynamics 365, Dynamics 365 Fasttrack Implementation | 2026-02-20 | 7.5 High |
| Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability | ||||
| CVE-2025-49715 | 1 Microsoft | 2 Dynamics 365, Dynamics 365 Fasttrack Implementation | 2026-02-20 | 7.5 High |
| Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-62211 | 1 Microsoft | 2 365, Dynamics 365 | 2026-02-13 | 8.7 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2025-62210 | 1 Microsoft | 2 365, Dynamics 365 | 2026-02-13 | 8.7 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2025-62206 | 1 Microsoft | 2 365, Dynamics 365 | 2026-02-13 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-21177 | 1 Microsoft | 1 Dynamics 365 Sales | 2026-02-13 | 8.7 High |
| Server-side request forgery (ssrf) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-30391 | 1 Microsoft | 1 Dynamics 365 Customer Service | 2026-02-13 | 8.1 High |
| Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-29821 | 1 Microsoft | 7 Dynamics 365 Business Central 2023, Dynamics 365 Business Central 2023 Wave 2, Dynamics 365 Business Central 2024 and 4 more | 2026-02-13 | 5.5 Medium |
| Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-53783 | 1 Microsoft | 6 Dynamics 365 Guides, Dynamics 365 Remote Assist, Teams and 3 more | 2026-02-13 | 7.5 High |
| Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-53728 | 1 Microsoft | 1 Dynamics 365 | 2026-02-13 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-49745 | 1 Microsoft | 1 Dynamics 365 | 2026-02-13 | 5.4 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2024-38182 | 1 Microsoft | 1 Dynamics 365 | 2026-02-10 | 9 Critical |
| Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | ||||
| CVE-2024-35263 | 1 Microsoft | 1 Dynamics 365 | 2025-12-17 | 5.7 Medium |
| Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | ||||
| CVE-2024-35249 | 1 Microsoft | 3 Dynamics 365 Business Central, Dynamics 365 Business Central 2023, Dynamics 365 Business Central 2024 | 2025-12-17 | 8.8 High |
| Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability | ||||
| CVE-2024-35248 | 1 Microsoft | 3 Dynamics 365 Business Central, Dynamics 365 Business Central 2023, Dynamics 365 Business Central 2024 | 2025-12-17 | 7.3 High |
| Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | ||||
| CVE-2024-30061 | 1 Microsoft | 1 Dynamics 365 | 2025-12-09 | 7.3 High |
| Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | ||||
| CVE-2020-0656 | 1 Microsoft | 1 Dynamics 365 | 2025-11-14 | 5.4 Medium |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | ||||
| CVE-2023-36800 | 1 Microsoft | 1 Dynamics 365 | 2025-10-30 | 7.6 High |
| Dynamics Finance and Operations Cross-site Scripting Vulnerability | ||||
| CVE-2023-38164 | 1 Microsoft | 1 Dynamics 365 | 2025-10-30 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||