14915 matches found
CVE-2026-46270
creationtimestamp| type| source ---|---|--- 2026-06-03 20:16:14+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116688012686345151...
CVE-2026-46273
creationtimestamp| type| source ---|---|--- 2026-06-03 20:02:05+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116687957214915029...
Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)
Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28481 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...
Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access OWA for Exchange Server 2003 SP2 aka build 6.5.7638 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. id: CVE-2008-1547 info: name:...
CVE-2026-31942
creationtimestamp| type| source ---|---|--- 2026-06-03 06:00:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116684647649200501...
CVE-2026-32625
creationtimestamp| type| source ---|---|--- 2026-06-03 00:00:39+00:00| seen| https://infosec.exchange/users/offseq/statuses/116683232788673466 2026-06-03 00:00:39+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mndsj3gb3q24 2026-06-03 00:01:18+00:00| seen|...
Email item data export from EWS failed
Challenge Exchange Online backup jobs in Veeam Backup for Microsoft 365 and Veeam Data Cloud for Microsoft 365 may fail to process mailboxes, returning one of the following errors: Processing mailbox failed with error: Email item data export from EWS failed item IDs: .... The operation has timed...
CVE-2026-9097
Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken function in object/tokenoauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revok...
CVE-2026-9094
Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/tokenoauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This c...
CVE-2026-10629
creationtimestamp| type| source ---|---|--- 2026-06-02 21:23:34+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116682615290341234 2026-06-02 21:23:59+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116682616422398554 2026-06-03 00:02:33+00:00| seen|...
CVE-2026-48132
The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used 4500/UDP. As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service temporary interruption of VPN...
Microsoft Exchange Server - Cross-Site Scripting
Microsoft Exchange Server, or OWA, is vulnerable to a cross-site scripting vulnerability in refurl parameter of frowny.asp. id: CVE-2021-31195 info: name: Microsoft Exchange Server - Cross-Site Scripting author: infosecsanyam severity: medium description: Microsoft Exchange Server, or OWA, is...
Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting
Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305. id: CVE-2021-41349 info: name: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting author: rootxharsh,iamnoooob severity: medium description: Microsoft Exchange...
CVE-2026-8293
creationtimestamp| type| source ---|---|--- 2026-06-02 07:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116679339265385389 2026-06-02 07:30:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mnc36jcnba2k 2026-06-02 09:43:15+00:00| seen|...
CVE-2026-0072
creationtimestamp| type| source ---|---|--- 2026-06-01 19:26:07+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116676491126128421...
CVE-2026-0095
creationtimestamp| type| source ---|---|--- 2026-06-01 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260602 2026-06-02 06:41:05+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116679145256764752 2026-06-02 20:00:00+00:00| seen|...
CVE-2025-48595
creationtimestamp| type| source ---|---|--- 2026-06-01 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260602 2026-06-01 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1895 2026-06-02 06:28:12+00:00| seen|...
CVE-2026-46243
creationtimestamp| type| source ---|---|--- 2026-06-01 17:51:47+00:00| seen| https://infosec.exchange/users/wdormann/statuses/116676120156561133 2026-06-01 17:57:16+00:00| seen| https://bsky.app/profile/ifin-intel.org/post/3mnanqg7sy22p 2026-06-02 09:16:28+00:00| seen|...
PYSEC-2026-185
A bug in Apache Airflow's XCom PATCH endpoint PATCH /api/v2/xcomEntries/key allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names e.g. returnvalue that the matching POST endpoint already validated against FORBIDDENXCOMKEYS. The...
Microsoft Exchange - Authentication Bypass
Microsoft Exchange Server Information Disclosure Vulnerability. This vulnerability enables an attacker to bypass authentication and gain access to the Exchange Server's internal. id: CVE-2021-33766 info: name: Microsoft Exchange - Authentication Bypass author: daffainfo severity: high description...