Lucene search
K

142188 matches found

Microsoft CVE
Microsoft CVE
added last week5 views

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge Chromium-based allows an authorized attacker to execute code over a network...

8.3CVSS5.9AI score0.00822EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52967

Name of the Vulnerable Software and Affected Versions HCL Traveler for Microsoft Outlook affected versions not specified Description The HCL Traveler for Microsoft Outlook libraries are susceptible to an application modification issue, causing them to be flagged as unrecognized applications or...

6.7CVSS5.8AI score0.00066EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/25 1:31 a.m.19 views

Microsoft SharePoint Server - Authentication Bypass

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. id: CVE-2025-49706 info: name: Microsoft SharePoint Server - Authentication Bypass author: daffainfo severity: medium description: | Improper authentication in Microsoft Offi...

9.8CVSS7AI score0.99982EPSS
Exploits41References5
CVE
CVE
added 2026/06/24 11:53 a.m.22 views

CVE-2026-56351

CVE-2026-56351 affects n8n prior to 2.4.0. A SQL injection exists in the MySQL, PostgreSQL, and Microsoft SQL nodes, where unescaped identifier values in node configuration parameters can be exploited by an authenticated user with workflow-creation permissions to inject arbitrary SQL and compromi...

9.6CVSS6.1AI score0.00217EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/23 4:17 p.m.10 views

CVE-2026-54312

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes Object.prototype...

8.5CVSS0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 3:42 p.m.36 views

CVE-2026-54308 n8n: Missing Token Validation on Microsoft Agent 365 Trigger Node

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to...

6.3CVSS0.00276EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:42 p.m.11 views

CVE-2026-54308

CVE-2026-54308 affects the n8n platform, specifically versions prior to 2.25.7 and 2.26.2. The MicrosoftAgent365Trigger and StripeTrigger nodes did not validate inbound requests, enabling an unauthenticated attacker who knows the webhook URL to submit a forged payload and cause workflow execution...

7.2CVSS5.9AI score0.00276EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/23 3:33 p.m.16 views

CVE-2026-54312

The CVE-2026-54312 entry concerns n8n, an open-source workflow automation platform. Affected component: the Microsoft SQL node, where an authenticated user with workflow edit rights could trigger global prototype pollution by supplying a crafted value for the table parameter. This would pollute O...

8.5CVSS5.9AI score0.00294EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:33 p.m.33 views

CVE-2026-54312 n8n: Microsoft SQL Node Prototype Pollution

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes Object.prototype...

7.2CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:32 p.m.11 views

CVE-2026-54303

Summary of CVE-2026-54303 (n8n): An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or CSP headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. Affected component: n8n trigger no...

6.8CVSS5.9AI score0.00177EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:32 p.m.38 views

CVE-2026-54303 n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints

n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user...

6.8CVSS0.00177EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 9:16 a.m.35 views

CVE-2026-11374

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover...

9CVSS0.01237EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.69 views

Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting

Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305. id: CVE-2021-41349 info: name: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting author: rootxharsh,iamnoooob severity: medium description: Microsoft Exchange...

9.8CVSS7.1AI score0.99999EPSS
Exploits66References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.6 views

PT-2026-51487

Name of the Vulnerable Software and Affected Versions ADSelfService Plus versions prior to 6529 RecoveryManager Plus versions prior to 6321 M365 Manager Plus versions prior to 4817 ADAudit Plus versions prior to 8703 Description In ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and...

9CVSS5.9AI score0.01237EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/22 5:20 a.m.22 views

Microsoft SharePoint Server - Remote Code Execution (ToolShell)

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. This vulnerability is part of the ToolShell exploit chain and when combined with CVE-2025-53771 authentication bypass, enables unauthenticated remote code...

9.8CVSS7.7AI score0.99982EPSS
Exploits41References4
NVD
NVD
added 2026/06/19 9:17 p.m.13 views

CVE-2026-48582

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network...

9.6CVSS0.00389EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 9:16 p.m.12 views

CVE-2026-47645

Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS0.00408EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 9:16 p.m.13 views

CVE-2026-42895

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

7.5CVSS0.00399EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 9:16 p.m.11 views

CVE-2026-32208

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Entra ID allows an authorized attacker to perform spoofing over a network...

8.8CVSS0.00282EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:29 p.m.17 views

CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability

...

8.8CVSS0.00408EPSS
Exploits0References1
Rows per page
Query Builder