Lucene search
K

142097 matches found

NVD
NVD
added 6 hours ago6 views

CVE-2026-11374

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover...

9CVSS
Exploits0References1
Nuclei
Nuclei
added 10 hours ago4217 views

Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection

Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access OWA for Exchange Server 2003 SP2 aka build 6.5.7638 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. id: CVE-2008-1547 info: name:...

4.3CVSS6.1AI score0.45927EPSS
Exploits2References5
Nuclei
Nuclei
added 10 hours ago35 views

Pallets Werkzeug <0.15.5 - Local File Inclusion

Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names such as C: in Windows pathnames. id: CVE-2019-14322 info: name: Pallets Werkzeug 0.15.5 - Local File Inclusion author: madrobot severity: high description: | Pallets Werkzeug...

7.5CVSS7.1AI score0.55526EPSS
Exploits7References5
Nuclei
Nuclei
added 10 hours ago1396 views

Microsoft FrontPage Extensions - Information Disclosure

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory. id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions - Information Disclosure author: r3naissance,matejsmycka severity...

5CVSS6AI score0.47595EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago67 views

Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting

Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305. id: CVE-2021-41349 info: name: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting author: rootxharsh,iamnoooob severity: medium description: Microsoft Exchange...

9.8CVSS7.1AI score0.99999EPSS
Exploits66References5
Nuclei
Nuclei
added yesterday22 views

Microsoft SharePoint Server - Remote Code Execution (ToolShell)

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. This vulnerability is part of the ToolShell exploit chain and when combined with CVE-2025-53771 authentication bypass, enables unauthenticated remote code...

9.8CVSS7.7AI score0.99982EPSS
Exploits41References4
Nuclei
Nuclei
added yesterday59 views

Microsoft SharePoint - Remote Code Execution

Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package. id: CVE-2020-16952 info: name: Microsoft SharePoint - Remote Code Execution author: dwisiswant0 severity: high description: Microsoft SharePoint is vulnerabl...

8.6CVSS7.8AI score0.70985EPSS
Exploits5References5
NVD
NVD
added 4 days ago10 views

CVE-2026-48582

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network...

9.6CVSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-47645

Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-42895

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

6.5CVSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-32208

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an authorized attacker to perform spoofing over a network...

8.8CVSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-38091

Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 4 days ago14 views

CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability

...

8.8CVSS
Exploits0References1
CVE
CVE
added 4 days ago16 views

CVE-2026-47645

Summary: CVE-2026-47645 is an open redirect vulnerability in Microsoft 365 Copilot’s Business Chat that can lead to privilege escalation over a network. The issue is described across sources (NVD/MSRC/CVE records) as a url redirection to an untrusted site, with a CVSS v3.1 base score of 8.8 (HIGH...

8.8CVSS5.8AI score
Exploits0References1
CVE
CVE
added 4 days ago49 views

CVE-2026-48582

This CVE affects Microsoft Exchange Online. Missing authorization could allow an attacker with low privileges and network access (no user interaction) to elevate privileges (impact: high confidentiality and integrity, no availability impact) per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N, base...

9.6CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-38090

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network...

9.6CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 4 days ago23 views

CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability

...

9.6CVSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-38087

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

6.5CVSS5.9AI score
Exploits0References1
CVE
CVE
added 4 days ago20 views

CVE-2026-42895

CVE-2026-42895 describes an improper neutralization of special elements used in a command ("command injection") in Microsoft Copilot, allowing a remote attacker to tamper with data over a network. The available sources identify the affected product as Microsoft Copilot and classify the vulnerabil...

6.5CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 4 days ago14 views

CVE-2026-42895 Microsoft Copilot Tampering Vulnerability

...

6.5CVSS
Exploits0References1
Rows per page
Query Builder