100 matches found
CVE-2026-54893
URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...
CVE-2026-54893 Email-derived URL path injection in the Swoosh Microsoft Graph adapter
URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...
CVE-2026-54893 Email-derived URL path injection in the Swoosh Microsoft Graph adapter
URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...
CVE-2026-54893 Email-derived URL path injection in the Swoosh Microsoft Graph adapter
URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...
CVE-2026-54893
Swoosh.Adapters.MsGraph is vulnerable to URL path injection via the from-address interpolation into /users/{from}/sendMail without percent-encoding or validation. If from derives from untrusted input, an attacker can inject URL-special characters (/, ?, #) to escape the intended path and rewrite ...
CVE-2026-54893
URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...
CVE-2026-47655
Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...
EUVD-2026-34337
Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...
CVE-2026-47655
Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...
CVE-2026-47655
Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...
CVE-2026-47655 Microsoft Graph Information Disclosure Vulnerability
...
CVE-2026-47655 Microsoft Graph Information Disclosure Vulnerability
...
CVE-2026-47655
CVE-2026-47655 describes an information-disclosure vulnerability in Microsoft Graph. An authorized attacker could disclose sensitive data over a network due to a root cause that enables exposure to an attacker with Network access, Low complexity and Low privileges, with no user interaction. The C...
Microsoft Graph Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...
PT-2026-46404
Name of the Vulnerable Software and Affected Versions Microsoft Graph affected versions not specified Description Exposure of sensitive information in Microsoft Graph allows an authorized attacker to disclose information over a network. Recommendations At the moment, there is no information about...
Microsoft Graph 日志信息泄露漏洞
Microsoft Graph is a unified API platform of the American company Microsoft. There is an information leakage vulnerability in Microsoft Graph; this vulnerability stems from the exposure of sensitive information to unauthorized actors, which may allow authorized attackers to disclose information...
Support Statement — Impact of SharePoint Service Prioritization on Veeam Backup Performance
Article Applicability This article is regarding SharePoint Service Prioritization, a paid, consumption-based Microsoft Azure feature billed through the customer's Microsoft Azure subscription. It affects only SharePoint and OneDrive backup performance. Exchange Online uses a different throttling...
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control C2 or C&C communications. Webworm, first publicly documented by Broadcom-owned Symantec ...
MAL-2026-3651 Malicious code in ms-graph-types (npm)
Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...
Malicious code in ms-graph-types (npm)
Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...