Shodan
Vulnerabilities
Vulnerable Software
Microsoft:  Security Vulnerabilities
CVE-2026-32191
Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-19
CVE-2026-26137
Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.9
EPSS Score
0.0
Published
2026-03-19
CVE-2026-26138
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.6
EPSS Score
0.001
Published
2026-03-19
CVE-2026-26139
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.6
EPSS Score
0.001
Published
2026-03-19
CVE-2026-26136
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-03-19
CVE-2026-26120
Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-03-19
CVE-2026-24299
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-03-19
CVE-2026-23659
Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.
CVSS Score
8.6
EPSS Score
0.001
Published
2026-03-19
CVE-2026-23658
Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.6
EPSS Score
0.001
Published
2026-03-19
CVE-2026-25667
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing.
CVSS Score
7.5
EPSS Score
0.145
Published
2026-03-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved