CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Microsoft KB•added 2026/05/12 2:0 p.m.•15 views

May 12, 2026—KB5087537 (OS Build 14393.9140)

May 12, 2026—KB5087537 OS Build 14393.9140 Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the past...

9.8CVSS6.3AI score0.72253EPSS

Exploits31

Microsoft KB•added 2026/03/21 12:0 a.m.•20 views

March 21, 2026—KB5085516 (OS Builds 26200.8039 and 26100.8039) Out-of-band

March 21, 2026—KB5085516 OS Builds 26200.8039 and 26100.8039 Out-of-band This out-of-band update for Windows 11, version 25H2 and 24H2 KB5085516 is cumulative. It includes updates from previous security and non-security releases, along with an additional fix. To learn more about differences...

5.8AI score

RedhatCVE•added 2026/01/24 3:17 a.m.•12 views

CVE-2026-21264

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Account allows an unauthorized attacker to perform spoofing over a network...

NVD•added 2026/01/22 11:15 p.m.•6 views

CVE-2026-21264

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Account allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS0.0037EPSS

Cvelist•added 2026/01/22 10:47 p.m.•21 views

CVE-2026-21264 Microsoft Account Spoofing Vulnerability

...

9.3CVSS0.0037EPSS

ATTACKERKB•added 2026/01/22 10:47 p.m.•4 views

CVE-2026-21264

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Account allows an unauthorized attacker to perform spoofing over a network...

Vulnrichment•added 2026/01/22 10:47 p.m.•2 views

CVE-2026-21264 Microsoft Account Spoofing Vulnerability

...

9.3CVSS5.3AI score0.0037EPSS

CVE•added 2026/01/22 10:47 p.m.•40 views

CVE-2026-21264

CVE-2026-21264 concerns improper neutralization of input during web page generation (XSS) in Microsoft Account, enabling a network-based spoofing scenario. The vulnerability affects Microsoft Account web page rendering and can lead to spoofing without listed exploitation likelihood in the provide...

Exploits0References1Affected Software1

Microsoft CVE•added 2026/01/22 4:0 p.m.•14 views

Microsoft Account Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Account allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS5.5AI score0.0037EPSS

CNNVD•added 2026/01/22 12:0 a.m.•5 views

Microsoft Account cross-site scripting vulnerability

The Microsoft Account is an account service provided by the American company Microsoft. The Microsoft Account has a cross-site scripting vulnerability, which stems from improper input during the web page generation process...

9.3CVSS5.6AI score0.0037EPSS

Positive Technologies•added 2026/01/22 12:0 a.m.•6 views

PT-2026-4306

Name of the Vulnerable Software and Affected Versions Microsoft Account affected versions not specified Description The issue involves improper neutralization of input during web page generation, specifically a 'cross-site scripting' condition within Microsoft Account. This allows an unauthorized...

RedhatCVE•added 2025/11/14 10:1 p.m.•15 views

Exploits0References12

CVE-2025-64754

Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the OAuth authentication window for Microsoft accounts. This is fixed in version 2.0.10532. No known workarounds are available...

6.9CVSS6.8AI score0.00443EPSS

CNNVD•added 2025/11/13 12:0 a.m.•2 views

Jitsi Meet 输入验证错误漏洞

Jitsi Meet is a set of open source projects from Jitsi Open Source. Enabling users to use and deploy a video conferencing platform with state-of-the-art video quality and features. An input validation error vulnerability exists in versions prior to Jitsi Meet 2.0.10532 that stems from a possible...

6.9CVSS6.5AI score0.00443EPSS

Positive Technologies•added 2025/11/13 12:0 a.m.•8 views

PT-2025-46918

Name of the Vulnerable Software and Affected Versions Jitsi Meet versions prior to 2.0.10532 Description Jitsi Meet is a video conferencing application. A flaw exists that allows attackers to hijack the OAuth authentication window for Microsoft accounts. This issue does not have any known...

6.9CVSS6.5AI score0.00443EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2019-9743

Malware in sbrugna...

4.3CVSS6.4AI score0.03989EPSS

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2023-50476

Malicious code in bioql PyPI...

9CVSS9AI score0.00798EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-2457

Malicious code in bioql PyPI...

9.8CVSS8.9AI score0.00675EPSS

The Hacker News•added 2025/04/22 7:38 a.m.•31 views

Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach

Microsoft on Monday announced that it has moved the Microsoft Account MSA signing service to Azure confidential virtual machines VMs and that it's also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed...

7.5AI score

The Hacker News•added 2025/02/04 5:8 a.m.•35 views

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 CVSS score: 7.5 - Microsoft Accou...

9.9CVSS9.8AI score0.00907EPSS