450 matches found
CVE-2026-54303
Summary of CVE-2026-54303 (n8n): An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or CSP headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. Affected component: n8n trigger no...
n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints
Impact An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. Patches The issue has been fixed in n8n...
NPM: n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints
NPM: n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...
PT-2026-50169
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers. This allows for reflected Cross-Site...
EUVD-2026-35535
Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...
CVE-2026-42835 Microsoft Teams for Android Information Disclosure Vulnerability
...
CVE-2026-42835 Microsoft Teams for Android Information Disclosure Vulnerability
...
Microsoft Teams for Android Information Disclosure Vulnerability
Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...
Microsoft Teams 注入漏洞
Microsoft Teams is a software product developed by the American company Microsoft, used for online meetings, chatting, and cloud storage functions. There is a vulnerability in Microsoft Teams. Attackers can exploit this vulnerability to obtain sensitive information...
CVE-2026-49139
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...
CVE-2026-49139 Nanobot < 0.2.1 SSRF via Microsoft Teams Channel serviceUrl Poisoning
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...
CVE-2026-49139 Nanobot < 0.2.1 SSRF via Microsoft Teams Channel serviceUrl Poisoning
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...
CVE-2026-49139
Summary: Nanobot before 0.2.1 contains a server-side request forgery (SSRF) in the Microsoft Teams channel handler, enabling attackers to exfiltrate Bot Framework bearer tokens. By sending a forged inbound activity with an attacker-controlled serviceUrl, an adversary can poison the stored convers...
PT-2026-45561
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...
nanobot 代码问题漏洞
Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing issues in the Microsoft Teams channel processing program. This could allow...
The EU Is Going Through a Trump-Fueled Breakup With Big Tech
France is already moving on from Zoom and Microsoft Teams in favor of homegrown alternatives. Other countries are quickly following suit...
CVE-2026-33823
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network...
EUVD-2026-29573
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally...
CVE-2026-32185
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally...
CVE-2026-32185
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally...