microsoft 厂商相关 8284 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。
Microsoft 主要提供操作系统、办公软件及云计算服务。其软件历史上常出现远程代码执行、权限提升及跨站脚本等漏洞,多源于内存处理缺陷或配置错误。值得关注的是,微软推行“安全开发生命周期”并实施零信任架构,近期因 Exchange Server 漏洞引发的全球性供应链攻击事件,凸显了企业级应用的安全风险,促使业界加强补丁管理与纵深防御体系建设。
| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-42826 | Azure DevOps 信息泄露漏洞 — Azure DevOpsCWE-200 | 10.0 | Critical | 2026-05-07 |
| CVE-2026-35428 | Azure Cloud Shell 伪造漏洞 — Azure Cloud ShellCWE-77 | 9.6 | Critical | 2026-05-07 |
| CVE-2026-35435 | Azure AI Foundry 权限提升漏洞 — Azure AI FoundryCWE-284 | 8.6 | High | 2026-05-07 |
| CVE-2026-34327 | Microsoft Partner Center 欺骗漏洞 — Microsoft Partner CenterCWE-610 | 8.2 | High | 2026-05-07 |
| CVE-2026-33844 | Azure Managed Instance for Apache Cassandra远程代码执行漏洞 — Azure Managed Instance for Apache CassandraCWE-20 | 9.0 | Critical | 2026-05-07 |
| CVE-2026-33823 | Microsoft Teams Events Portal 信息泄露漏洞 — Microsoft TeamsCWE-285 | 9.6 | Critical | 2026-05-07 |
| CVE-2026-32207 | Azure Machine Learning Notebook 伪造漏洞 — Azure Machine LearningCWE-79 | 8.8 | High | 2026-05-07 |
| CVE-2026-33109 | Azure Cassandra远程代码执行漏洞 — Azure Managed Instance for Apache CassandraCWE-284 | 9.9 | Critical | 2026-05-07 |
| CVE-2026-41105 | Azure Monitor Action Group 提权漏洞 — Azure Monitor Action Group notification systemCWE-918 | 8.1 | High | 2026-05-07 |
| CVE-2026-33111 | Copilot Chat (Microsoft Edge) 信息泄露漏洞 — Copilot Chat (Microsoft Edge)CWE-77 | 7.5 | High | 2026-05-07 |
| CVE-2026-26129 | M365 Copilot 信息泄露漏洞 — Microsoft 365 Copilot's Business ChatCWE-138 | 7.5 | High | 2026-05-07 |
| CVE-2026-26164 | Microsoft 365 Copilot 信息泄露漏洞 — Microsoft 365 Copilot's Business ChatCWE-74 | 7.5 | High | 2026-05-07 |
| CVE-2026-21515 | Microsoft Azure IOT Central 安全漏洞 — Azure IOT CentralCWE-200 | 9.9 | Critical | 2026-04-24 |
| CVE-2026-32172 | Microsoft Power Apps 代码问题漏洞 — Microsoft Power AppsCWE-427 | 8.0 | High | 2026-04-23 |
| CVE-2026-35431 | Microsoft Entra ID Entitlement Management 代码问题漏洞 — Microsoft EntraCWE-918 | 10.0 | Critical | 2026-04-23 |
| CVE-2026-24303 | Microsoft Partner Center 访问控制错误漏洞 — Microsoft Partner CenterCWE-284 | 9.6 | Critical | 2026-04-23 |
| CVE-2026-26150 | Microsoft Purview 代码问题漏洞 — Microsoft Purview eDiscoveryCWE-918 | 8.6 | High | 2026-04-23 |
| CVE-2026-33819 | Microsoft Bing 代码问题漏洞 — Microsoft BingCWE-502 | 10.0 | Critical | 2026-04-23 |
| CVE-2026-33102 | Microsoft M365 Copilot 输入验证错误漏洞 — Microsoft 365 CopilotCWE-601 | 9.3 | Critical | 2026-04-23 |
| CVE-2026-32210 | Microsoft Dynamics 365 Online 代码问题漏洞 — Microsoft Dynamics 365 (online)CWE-918 | 9.3 | Critical | 2026-04-23 |
| CVE-2026-41134 | Kiota 代码注入漏洞 — kiotaCWE-94 | 9.8AI | CriticalAI | 2026-04-22 |
| CVE-2026-40372 | Microsoft ASP.NET Core 数据伪造问题漏洞 — ASP.NET Core 10.0CWE-347 | 9.1 | Critical | 2026-04-21 |
| CVE-2026-32214 | Microsoft Windows UPnP 访问控制错误漏洞 — Windows 10 Version 1607CWE-284 | 5.5 | Medium | 2026-04-14 |
| CVE-2026-33829 | Microsoft Snipping Tool 信息泄露漏洞 — Windows 10 Version 1607CWE-200 | 4.3 | Medium | 2026-04-14 |
| CVE-2026-33827 | Microsoft Windows TCP/IP 竞争条件问题漏洞 — Windows 10 Version 1607CWE-362 | 8.1 | High | 2026-04-14 |
| CVE-2026-33824 | Microsoft Windows IKE Extension 资源管理错误漏洞 — Windows 10 Version 1607CWE-415 | 9.8 | Critical | 2026-04-14 |
| CVE-2026-33114 | Microsoft Word 安全漏洞 — Microsoft 365 Apps for EnterpriseCWE-822 | 8.4 | High | 2026-04-14 |
| CVE-2026-33115 | Microsoft Word 资源管理错误漏洞 — Microsoft 365 Apps for EnterpriseCWE-416 | 8.4 | High | 2026-04-14 |
| CVE-2026-33104 | Microsoft Win32k 资源管理错误漏洞 — Windows 10 Version 1607CWE-362 | 7.0 | High | 2026-04-14 |
| CVE-2026-33103 | Microsoft Dynamics 365 访问控制错误漏洞 — Microsoft Dynamics 365 (on-premises) version 9.0CWE-284 | 5.5 | Medium | 2026-04-14 |
本页汇总了 microsoft 厂商截至目前公开的全部 8284 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。