142536 matches found
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
Microsoft FrontPage Extensions - Information Disclosure
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory. id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions - Information Disclosure author: r3naissance,matejsmycka severity...
Microsoft SharePoint - Authentication Bypass
Microsoft SharePoint Server Elevation of Privilege Vulnerability id: CVE-2023-29357 info: name: Microsoft SharePoint - Authentication Bypass author: pdteam severity: critical description: | Microsoft SharePoint Server Elevation of Privilege Vulnerability impact: | Unauthenticated attackers can...
Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access OWA for Exchange Server 2003 SP2 aka build 6.5.7638 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. id: CVE-2008-1547 info: name:...
Microsoft SharePoint - Remote Code Execution
Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package. id: CVE-2020-16952 info: name: Microsoft SharePoint - Remote Code Execution author: dwisiswant0 severity: high description: Microsoft SharePoint is vulnerabl...
Pallets Werkzeug <0.15.5 - Local File Inclusion
Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names such as C: in Windows pathnames. id: CVE-2019-14322 info: name: Pallets Werkzeug 0.15.5 - Local File Inclusion author: madrobot severity: high description: | Pallets Werkzeug...
Microsoft SQL Server Reporting Services - Remote Code Execution
Microsoft SQL Server Reporting Services is vulnerable to a remote code execution vulnerability because it incorrectly handles page requests. id: CVE-2020-0618 info: name: Microsoft SQL Server Reporting Services - Remote Code Execution author: joeldeleep severity: high description: Microsoft SQL...
Microsoft SharePoint Server - Remote Code Execution (ToolShell)
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. This vulnerability is part of the ToolShell exploit chain and when combined with CVE-2025-53771 authentication bypass, enables unauthenticated remote code...
Microsoft Exchange Server - Cross-Site Scripting
Microsoft Exchange Server, or OWA, is vulnerable to a cross-site scripting vulnerability in refurl parameter of frowny.asp. id: CVE-2021-31195 info: name: Microsoft Exchange Server - Cross-Site Scripting author: infosecsanyam severity: medium description: Microsoft Exchange Server, or OWA, is...
CVE-2026-58596
Untrusted pointer dereference in Microsoft Edge Chromium-based allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-58596
Microsoft Edge (Chromium-based) contains CVE-2026-58596: an untrusted pointer dereference that allows an unauthenticated attacker to elevate privileges over a network. The CVSSv3.1 vector is AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H with a base score of 8.3 (HIGH). Impact affects confidentiality, integ...
EUVD-2026-43239
Untrusted pointer dereference in Microsoft Edge Chromium-based allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-58596 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
...
CVE-2026-58281
Deserialization of untrusted data in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-58281
CVE-2026-58281 — Microsoft Edge (Chromium-based) Root cause: Deserialization of untrusted data in Edge may allow remote code execution. The vulnerability is exploitable over a network and falls under a high severity (CVSS v3.1 base score 8.3; AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Impact: Unauthor...
EUVD-2026-43191
Deserialization of untrusted data in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy. According to a new report published by the Threat Hunter Team from Symantec, the ransomware was first...
libXfont2 PCF Font Parsing Heap Buffer Overflow
...
CVE-2026-58525
CVE-2026-58525 affects Microsoft Edge (Chromium-based) with an improper access control that lets an unauthenticated attacker bypass a security feature over the network. CVSS 3.1 base score 8.2 (HIGH) with Network attack vector, Low attack complexity, No privileges, User interaction required, Conf...
CVE-2026-58525 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
...