Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting

Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305. id: CVE-2021-41349 info: name: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting author: rootxharsh,iamnoooob severity: medium description: Microsoft Exchange...

EUVD-2026-34338

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network...

CVE-2026-48579

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network...

CVE-2026-48579

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network...

CVE-2026-48579

CVE-2026-48579 affects Microsoft Exchange Online and represents an information disclosure vulnerability due to improper authorization. The available data indicate an unauthenticated attacker could disclose information over the network, with a CVSS 3.1 base score of 9.1 (CRITICAL) and impact limit...

CVE-2026-48579 Microsoft Exchange Online Information Disclosure Vulnerability

...

CVE-2026-10864

creationtimestamp| type| source ---|---|--- 2026-06-04 15:51:15+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116692633027353872...

CVE-2026-10840

creationtimestamp| type| source ---|---|--- 2026-06-04 14:21:53+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116692281779225455...

Microsoft Exchange Online Information Disclosure Vulnerability

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network...

Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black...

CVE-2021-27137

creationtimestamp| type| source ---|---|--- 2026-06-04 09:00:51+00:00| seen| https://infosec.exchange/users/VirusBulletin/statuses/116691019017195575 2026-06-04 09:00:52+00:00| seen| https://bsky.app/profile/virusbtn.bsky.social/post/3mnhb5w3wbk2o...

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28481 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

Exchange Server - Remote Code Execution

Microsoft Exchange Server is vulnerable to a remote code execution vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. id: CVE-2021-34473 info: name: Exchange Server - Remote Code Execution author: arcc,intx0x80,dwisiswant0,r3dg33k severity: critical description: | Microsoft...

PT-2026-46406

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Online affected versions not specified Description Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no...

CVE-2026-46270

creationtimestamp| type| source ---|---|--- 2026-06-03 20:16:14+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116688012686345151...

CVE-2026-46273

creationtimestamp| type| source ---|---|--- 2026-06-03 20:02:05+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116687957214915029...

Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection

Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access OWA for Exchange Server 2003 SP2 aka build 6.5.7638 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. id: CVE-2008-1547 info: name:...

CVE-2026-31942

creationtimestamp| type| source ---|---|--- 2026-06-03 06:00:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116684647649200501...

CVE-2026-32625

creationtimestamp| type| source ---|---|--- 2026-06-03 00:00:39+00:00| seen| https://infosec.exchange/users/offseq/statuses/116683232788673466 2026-06-03 00:00:39+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mndsj3gb3q24 2026-06-03 00:01:18+00:00| seen|...

Email item data export from EWS failed

Challenge Exchange Online backup jobs in Veeam Backup for Microsoft 365 and Veeam Data Cloud for Microsoft 365 may fail to process mailboxes, returning one of the following errors: Processing mailbox failed with error: Email item data export from EWS failed item IDs: .... The operation has timed...