CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2 days ago•8 views

PT-2026-46406

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Online affected versions not specified Description Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no...

9.1CVSS5.4AI score0.00068EPSS

Exploits0References5

Nuclei•added 5 days ago•17 views

Microsoft Exchange - Authentication Bypass

Microsoft Exchange Server Information Disclosure Vulnerability. This vulnerability enables an attacker to bypass authentication and gain access to the Exchange Server's internal. id: CVE-2021-33766 info: name: Microsoft Exchange - Authentication Bypass author: daffainfo severity: high description...

9.8CVSS7.1AI score0.94302EPSS

Exploits65References4

Tenable Nessus•added 2026/05/21 12:0 a.m.•3 views

Security Updates for Microsoft Exchange Server (May 2026)

The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by a vulnerability as referenced in the May, 2026 security bulletin. - Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Serve...

8.1CVSS6AI score0.07856EPSS

Exploits1References3

RedhatCVE•added 2026/05/15 7:57 p.m.•8 views

CVE-2026-42897

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS6AI score0.07856EPSS

NVD•added 2026/05/14 6:16 p.m.•6 views

CVE-2026-42897

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS0.07856EPSS

Exploits1References2

EUVD•added 2026/05/14 5:0 p.m.•10 views

EUVD-2026-30343

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

Vulnrichment•added 2026/05/14 5:0 p.m.•6 views

CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability

...

8.1CVSS6AI score0.07856EPSS

CVE•added 2026/05/14 5:0 p.m.•89 views

CVE-2026-42897

CVE-2026-42897 affects on-prem Microsoft Exchange Server (2016, 2019, SE) with an XSS flaw in Outlook Web Access caused by improper neutralization of input during web page generation. An attacker could send a crafted email to trigger arbitrary JavaScript execution in the victim’s browser, enablin...

In wildExploits1References2Affected Software1

Cvelist•added 2026/05/14 5:0 p.m.•31 views

CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability

...

8.1CVSS0.07856EPSS

Microsoft CVE•added 2026/05/14 2:0 p.m.•13 views

Microsoft Exchange Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

HackRead•added 2026/05/14 12:20 p.m.•6 views

Exploits1

FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit

Bitdefender Labs reveals how the China-linked FamousSparrow hacking group targeted an Azerbaijani energy firm using ProxyNotShell, Deed RAT,…...

5.8AI score

VulnCheck KEV•added 2026/05/14 12:0 a.m.•20 views

VulnCheck KEV: CVE-2026-42897

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

In wildExploits1References6

Kaspersky•added 2026/05/14 12:0 a.m.•15 views

KLA91046 SUI vulnerability in Microsoft Server Software

A spoofing vulnerability was found in Microsoft Server Software. Malicious users can exploit this vulnerability to perform cross-site scripting attack, spoof user interface. Original advisories CVE-2026-42897 Exploitation Public exploits exist for this vulnerability. Related products...

8.1CVSS5.3AI score0.07856EPSS

Exploits1References3

Positive Technologies•added 2026/05/14 12:0 a.m.•8 views

PT-2026-40978

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2016 affected versions not specified Microsoft Exchange Server 2019 affected versions not specified Microsoft Exchange Server Subscription Edition affected versions not specified Description An issue exists in the...

9.4CVSS6.2AI score0.07856EPSS

Exploits1References224

The Hacker News•added 2026/05/13 1:0 p.m.•10 views

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-hig...

6AI score

The Hacker News•added 2026/04/28 7:57 a.m.•5 views

Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks

A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating cyber attacks against...

5.9AI score