Microsoft SharePoint Server - Authentication Bypass

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. id: CVE-2025-49706 info: name: Microsoft SharePoint Server - Authentication Bypass author: daffainfo severity: medium description: | Improper authentication in Microsoft Offi...

Exploit for Improper Input Validation in Microsoft

monikerlinktest cve-2024-21413 1. set up tun0 on router via o...

CVE-2026-35439

CVE-2026-35439 is a remote code execution vulnerability in Microsoft SharePoint Server caused by deserialization of untrusted data. An authorized attacker can exploit this over a network to execute code on affected systems. The CVE is associated with SharePoint Server (on‑premises) and the approv...

Data Deduplication Elevation of Privilege Vulnerability

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally...

Exploit for Insufficient Granularity of Access Control in Microsoft

CVE-20...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

CVE-2026-32091

CVE-2026-32091 is a Microsoft elevation of privilege vulnerability in the Brokering File System with a CVSS 3.1 base score of 8.4 (HIGH). It is a local, no-user-interaction attack requiring no privileges, with high impact on confidentiality, integrity, and availability. The exploitation status is...

CVE-2026-20945 Microsoft SharePoint Server Spoofing Vulnerability

...

VulnCheck KEV: CVE-2023-21529

Microsoft Exchange Server Remote Code Execution Vulnerability...

An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched. As a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions. This vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.

...

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.

...

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.

...

CVE-2026-32194

CVE-2026-32194 affects Microsoft Bing Images and is described as an instance of improper neutralization of command elements leading to remote code execution. The connected sources consistently identify command injection as the root cause affecting Microsoft Bing Images, with high-severity impact ...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2025-59284-PoC Proof of con...

CVE-2026-25167

CVE-2026-25167 is a local elevation-of-privilege vulnerability described as affecting a Microsoft component referred to as the Brokering File System. The CVSS 3.1 base score is 7.4 (HIGH) with Local attack vector, High impact on confidentiality, integrity, and availability, and requirements of ze...

Exploit for Double Free in Microsoft

CVE-2...

Microsoft Hyper-V Access Control Error Vulnerability

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. An access control error vulnerability exists in Microsoft Hyper-V. The vulnerability stems from a flaw in the access control mechanism and can be...

How Asem Eleraky went from a shared family PC to finding critical vulnerabilities

In the world of vulnerability research, origin stories are rarely linear. For Asem Eleraky, the path to becoming a Microsoft MVR began not in a SOC lab or a university classroom, but with a single family PC and a short daily window to explore his growing interest in cybersecurity...

Exploit for External Control of File Name or Path in Microsoft

C...