Lucene search
K

100 matches found

NVD
NVD
added 2026/07/06 3:16 p.m.8 views

CVE-2026-54893

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...

2.1CVSS0.00143EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/06 2:4 p.m.34 views

CVE-2026-54893 Email-derived URL path injection in the Swoosh Microsoft Graph adapter

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...

2.1CVSS0.00143EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/06 2:4 p.m.6 views

CVE-2026-54893 Email-derived URL path injection in the Swoosh Microsoft Graph adapter

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...

2.1CVSS6AI score0.00143EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 2:4 p.m.3 views

CVE-2026-54893 Email-derived URL path injection in the Swoosh Microsoft Graph adapter

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...

2.1CVSS6AI score0.00143EPSS
Exploits0References9
CVE
CVE
added 2026/07/06 2:4 p.m.15 views

CVE-2026-54893

Swoosh.Adapters.MsGraph is vulnerable to URL path injection via the from-address interpolation into /users/{from}/sendMail without percent-encoding or validation. If from derives from untrusted input, an attacker can inject URL-special characters (/, ?, #) to escape the intended path and rewrite ...

2.1CVSS6AI score0.00143EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:4 p.m.11 views

CVE-2026-54893

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...

2.1CVSS6AI score0.00143EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-47655

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...

6.5CVSS5.4AI score0.00756EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 12:31 a.m.11 views

EUVD-2026-34337

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00756EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:17 p.m.24 views

CVE-2026-47655

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...

6.5CVSS0.00756EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 10:0 p.m.9 views

CVE-2026-47655

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00756EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 10:0 p.m.13 views

CVE-2026-47655 Microsoft Graph Information Disclosure Vulnerability

...

6.5CVSS5.4AI score0.00756EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 10:0 p.m.32 views

CVE-2026-47655 Microsoft Graph Information Disclosure Vulnerability

...

6.5CVSS0.00756EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 10:0 p.m.27 views

CVE-2026-47655

CVE-2026-47655 describes an information-disclosure vulnerability in Microsoft Graph. An authorized attacker could disclose sensitive data over a network due to a root cause that enables exposure to an attacker with Network access, Low complexity and Low privileges, with no user interaction. The C...

6.5CVSS5.8AI score0.00756EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/06/04 2:0 p.m.15 views

Microsoft Graph Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00756EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46404

Name of the Vulnerable Software and Affected Versions Microsoft Graph affected versions not specified Description Exposure of sensitive information in Microsoft Graph allows an authorized attacker to disclose information over a network. Recommendations At the moment, there is no information about...

6.5CVSS5.8AI score0.00756EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

Microsoft Graph 日志信息泄露漏洞

Microsoft Graph is a unified API platform of the American company Microsoft. There is an information leakage vulnerability in Microsoft Graph; this vulnerability stems from the exposure of sensitive information to unauthorized actors, which may allow authorized attackers to disclose information...

6.5CVSS5.7AI score0.00756EPSS
Exploits0References1
Veeam
Veeam
added 2026/06/02 12:0 a.m.17 views

Support Statement — Impact of SharePoint Service Prioritization on Veeam Backup Performance

Article Applicability This article is regarding SharePoint Service Prioritization, a paid, consumption-based Microsoft Azure feature billed through the customer's Microsoft Azure subscription. It affects only SharePoint and OneDrive backup performance. Exchange Online uses a different throttling...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/20 12:51 p.m.22 views

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control C2 or C&C communications. Webworm, first publicly documented by Broadcom-owned Symantec ...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/13 12:0 a.m.8 views

MAL-2026-3651 Malicious code in ms-graph-types (npm)

Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 12:0 a.m.18 views

Malicious code in ms-graph-types (npm)

Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...

5.9AI score
Exploits0References2
Rows per page
Query Builder