Every CVE whose affected-product data names Microsoft Account, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2026-21264 — CVSS 9.3 (critical): Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker…
CVE-2025-21396 — CVSS 8.2 (high): Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.