Lucene search
K

15929 matches found

ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-53518

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS6.1AI score0.00029EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-47158 Vaultwarden: CSRF in SSO Authorization Flow

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...

8.3CVSS0.00031EPSS
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-44693

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...

8.3CVSS6.1AI score0.00031EPSS
Exploits0References4
Circl
Circl
added yesterday5 views

CVE-2026-59837

creationtimestamp| type| source ---|---|--- 2026-07-15 10:13:15+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116923458848771348 2026-07-15 14:20:29+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mqow55nlat2n...

6.6CVSS6.1AI score0.00603EPSS
Exploits0References2
Circl
Circl
added yesterday8 views

CVE-2026-59839

creationtimestamp| type| source ---|---|--- 2026-07-15 07:22:41+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116922788149851186 2026-07-15 14:20:29+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mqow55nlat2n...

5.5CVSS6.1AI score0.00208EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday61 views

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28481 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

10CVSS7.5AI score0.83337EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday4230 views

Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection

Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access OWA for Exchange Server 2003 SP2 aka build 6.5.7638 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. id: CVE-2008-1547 info: name:...

4.3CVSS6.2AI score0.45927EPSS
Exploits2References5
NVD
NVD
added 2 days ago4 views

CVE-2026-55006

Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-55008

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

9.6CVSS0.00725EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-55005

Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network...

8.8CVSS0.00663EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-55009

Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally...

7.8CVSS0.01652EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-50696

Heap-based buffer overflow in Windows Internet Key Exchange IKE Protocol allows an unauthorized attacker to deny service over a network...

7.5CVSS0.00834EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago22 views

CVE-2026-55009 Microsoft Exchange Server Elevation of Privilege Vulnerability

...

7.8CVSS0.01652EPSS
Exploits0References1
CVE
CVE
added 2 days ago22 views

CVE-2026-55009

CVE-2026-55009 describes a deserialization of untrusted data in Microsoft Exchange Server that enables a locally authenticated attacker to elevate privileges. The CVSSv3.1 details show a Local attack vector, Low attack complexity, Low privileges required, and No user interaction, with High impact...

7.8CVSS6AI score0.01652EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago2 views

CVE-2026-55009 Microsoft Exchange Server Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score0.01652EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago23 views

CVE-2026-55006 Microsoft Exchange Server Elevation of Privilege Vulnerability

...

7.8CVSS0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago22 views

CVE-2026-55008 Microsoft Exchange Server Spoofing Vulnerability

...

9.6CVSS0.00725EPSS
Exploits0References1
CVE
CVE
added 2 days ago18 views

CVE-2026-55006

Microsoft Exchange Server vulnerability CVE-2026-55006: Insufficient granularity of access control enables local privilege escalation for an authorized attacker. Root cause: lack of fine-grained access controls. Impact: high confidentiality, integrity, and availability impact per CVSS 3.1 (AV:L/A...

7.8CVSS6AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2 days ago25 views

CVE-2026-55008

CVE-2026-55008 affects Microsoft Exchange Server and is caused by improper neutralization of input during web page generation, enabling cross-site scripting. The NVD entry lists a high-severity CVSS 3.1 base score of 9.6 (NETWORK, LOW attack complexity, NONE privileges, user interaction required,...

9.6CVSS6.1AI score0.00725EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-55006 Microsoft Exchange Server Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score0.00219EPSS
Exploits0References1
Rows per page
Query Builder