Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
CVE-2026-47647
CRITICAL CVSS 9.9
Find Similar
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
CVE-2026-33821
CRITICAL CVSS 9.9
Find Similar
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
CVE-2024-38182
CRITICAL CVSS 9.8
Find Similar
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
CVE-2026-42898
CRITICAL CVSS 9.9
Find Similar
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42833
CRITICAL CVSS 9.1
Find Similar
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2025-64655
CRITICAL CVSS 9.8
Find Similar
Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.
Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
CVE-2026-24303
CRITICAL CVSS 9.6
Find Similar
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
Page 1+ Next →