15631 matches found
CVE-2026-48582
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network...
Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access OWA for Exchange Server 2003 SP2 aka build 6.5.7638 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. id: CVE-2008-1547 info: name:...
CVE-2026-49252
creationtimestamp| type| source ---|---|--- 2026-06-19 03:00:31+00:00| seen| https://infosec.exchange/users/offseq/statuses/116774537156468830 2026-06-19 03:00:33+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3momdzivs6c26 2026-06-19 09:01:31+00:00| seen|...
CVE-2026-47647
creationtimestamp| type| source ---|---|--- 2026-06-18 23:00:25+00:00| seen| https://infosec.exchange/users/offseq/statuses/116773592895899835 2026-06-18 23:00:25+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3molwm435hu2l 2026-06-19 01:30:08+00:00| seen|...
CVE-2026-49257
creationtimestamp| type| source ---|---|--- 2026-06-18 21:30:16+00:00| seen| https://infosec.exchange/users/offseq/statuses/116773238347097877 2026-06-18 21:30:40+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3molrkuu26z27 2026-06-18 22:03:44+00:00| seen|...
Microsoft Exchange Online Elevation of Privilege Vulnerability
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network...
Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)
Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28480 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...
Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)
Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28481 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...
Microsoft Exchange Server - Cross-Site Scripting
Microsoft Exchange Server, or OWA, is vulnerable to a cross-site scripting vulnerability in refurl parameter of frowny.asp. id: CVE-2021-31195 info: name: Microsoft Exchange Server - Cross-Site Scripting author: infosecsanyam severity: medium description: Microsoft Exchange Server, or OWA, is...
EUVD-2026-37782
libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...
CVE-2026-55199
libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...
CVE-2026-55199 libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler
libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...
Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting
Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305. id: CVE-2021-41349 info: name: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting author: rootxharsh,iamnoooob severity: medium description: Microsoft Exchange...
CVE-2026-6039
A flaw was found in LibreOffice. This vulnerability, a heap buffer overflow, occurs when processing specially crafted DXF Drawing Exchange Format polyline files. An attacker could exploit this by convincing a user to open a malicious DXF file, which may lead to a denial of service DoS due to...
Exchange Server - Remote Code Execution
Microsoft Exchange Server is vulnerable to a remote code execution vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. id: CVE-2021-34473 info: name: Exchange Server - Remote Code Execution author: arcc,intx0x80,dwisiswant0,r3dg33k severity: critical description: | Microsoft...
Microsoft Exchange Server SSRF Vulnerability
This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or...
Microsoft Exchange - Authentication Bypass
Microsoft Exchange Server Information Disclosure Vulnerability. This vulnerability enables an attacker to bypass authentication and gain access to the Exchange Server's internal. id: CVE-2021-33766 info: name: Microsoft Exchange - Authentication Bypass author: daffainfo severity: high description...
CVE-2026-2470
creationtimestamp| type| source ---|---|--- 2026-06-16 03:59:14+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116757781000613357...
Check Point Gaia Operating System (sk185033)
The version of Gaia Operating System installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the sk185033 advisory. - A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange...
CVE-2026-36537
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...