16 matches found
Meet Khaled Mohamed: the bug hunter who found a Microsoft flaw
It’s only on rare occasions that anyone pays attention to the acknowledgment section of a vulnerability disclosure. But for the person who found the bug, it's often the conclusion of hours of work, trial and error, searching for recognition, and finally seeing the vulnerability get patched. Bug...
Microsoft Authenticator could leak login codes—update your app now
A vulnerability in Microsoft Authenticator for both iOS and Android CVE-2026-26123 could leak your one-time sign-in codes or authentication deep links to a malicious app on the same device. Deep links are predefined URIs Uniform Resource Identifiers that allow direct access to an activity in a we...
CVE-2026-26123
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally...
CVE-2026-26123
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally...
CVE-2026-26123
Summary: CVE-2026-26123 affects Microsoft Authenticator for iOS and Android. A malicious app on the same device could intercept sign-in flows by hijacking deep links/QR-based sign-ins, potentially exposing one-time codes and allowing account takeover, bypassing MFA protections. The vulnerability ...
CVE-2026-26123
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally...
CVE-2026-26123
creationtimestamp| type| source ---|---|--- 2026-03-10 16:57:37+00:00| seen| https://www.thezdi.com/blog/2026/3/10/the-march-2026-security-update-review 2026-03-11 03:00:16+00:00| seen| https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+March+2026/32782 2026-03-11 03:00:20+00:00| seen|...
KLA90927 OSI vulnerability in Microsoft Apps
An information disclosure vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to obtain sensitive information, bypass security restrictions. Original advisories CVE-2026-26123 Exploitation CVE list CVE-2026-26123 high Solution Install necessary updates from t...
CVE-2021-26123
LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm...
CVE-2024-26123 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2023-26123
Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting XSS such that the SetClipboardText API does not properly escape the ' character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via emscriptenrunscript...
CVE-2023-26123
CVE-2023-26123 affects the raysan5/raylib package prior to 4.5.0. In web builds (PLATFORM_WEB) the SetClipboardText API fails to escape the single quote, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via emscripten_run_script, constituting a Cross-...
CVE-2022-26123
creationtimestamp| type| source ---|---|--- 2023-03-08 02:23:27+00:00| seen| https://t.me/cibsecurity/59652...
CVE-2022-26123
Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022...
CVE-2021-26123
The CVE-2021-26123 entry concerns LivingLogic XIST4C prior to version 0.107.8, which is vulnerable to cross-site scripting (XSS). Multiple connected sources (CNVD, NVD, Red Hat, CVE list, CNVD) confirm that XIST4C versions before 0.107.8 allow XSS via login.htm, login.wihtm, or login-form.htm. Th...
CVE-2022-26123
CVE-2022-26123 entry rejected/not used; does not represent an active vulnerability entry.