| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Known vulnerabilities affecting Exchange products and systems
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-42897 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | 6.1 | 569 | Neutral | Yes |
| Yes |
| CVE-2026-4108 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report. | 4.8 | 202 | Neutral | No | Yes |
| CVE-2026-4107 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report. | 5.4 | 223 | Neutral | No | Yes |
| CVE-2026-3880 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report. | 4.8 | 202 | Neutral | No | Yes |
| CVE-2026-3879 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report. | 4.8 | 202 | Neutral | No | Yes |
| CVE-2026-28756 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report. | 4.8 | 202 | Neutral | No | Yes |
| CVE-2026-28754 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report. | 4.8 | 202 | Neutral | No | Yes |
| CVE-2026-28703 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. | 4.8 | 202 | Neutral | No | Yes |
| CVE-2026-27655 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report. | 4.8 | 202 | Neutral | No | Yes |
| CVE-2026-21527 | User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | 6.5 | 216 | Neutral | No | Yes |
| CVE-2025-7633 | Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report. | 6.1 | 272 | Neutral | No | Yes |
| CVE-2025-7632 | Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report. | 5.4 | 223 | Neutral | No | Yes |
| CVE-2025-7430 | Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report. | 5.4 | 223 | Neutral | No | Yes |
| CVE-2025-7429 | Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report. | 5.4 | 223 | Neutral | No | Yes |
| CVE-2025-64667 | User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | 5.3 | 124 | Neutral | No | Yes |
| CVE-2025-64666 | Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | 7.5 | 465 | Neutral | No | Yes |
| CVE-2025-5966 | Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report. | 8.1 | 583 | Neutral | No | Yes |
| CVE-2025-59249 | Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | 8.8 | 545 | Neutral | No | Yes |
| CVE-2025-59248 | Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | 7.5 | 471 | Neutral | No | Yes |
| CVE-2025-53786 | On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving... | 8.0 | 560 | Neutral | Yes | Yes |