Lucene search
K

126796 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51033

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Online affected versions not specified Description Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. There have been reports of elevated activities targeti...

9.6CVSS5.8AI score0.00389EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-51031

Name of the Vulnerable Software and Affected Versions Azure Active Directory affected versions not specified Description Improper authentication allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...

10CVSS5.9AI score0.00562EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-50979

Name of the Vulnerable Software and Affected Versions Tilt versions 0.24.0 through 0.37.3 Description The Tilt HUD WebSocket endpoint /ws/view is susceptible to Cross-site WebSocket Hijacking CSWSH, a technique where an attacker tricks a victim's browser into establishing a WebSocket connection t...

8.3CVSS5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50901

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description Insecure default credentials exist when TLS configuration is absent and the server is bound beyond the loopback interface. This allows an unauthenticated user on the local network to gain...

9.3CVSS6.8AI score0.00308EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51030

Name of the Vulnerable Software and Affected Versions Microsoft Copilot affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized attacker to perform tampering over a network. Recommendations At th...

7.5CVSS5.8AI score0.00399EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51034

Name of the Vulnerable Software and Affected Versions Azure Synapse affected versions not specified Description Execution with unnecessary privileges allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version th...

9.9CVSS5.9AI score0.005EPSS
Exploits0References7
NVD
NVD
added 2026/06/18 10:16 p.m.12 views

CVE-2026-54130

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...

9.8CVSS0.00578EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 10:16 p.m.12 views

CVE-2026-47633

Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.0057EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 10:16 p.m.12 views

CVE-2026-32174

Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network...

8.8CVSS0.00411EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:39 p.m.7 views

CVE-2026-32174

Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network...

7.7CVSS5.3AI score0.00411EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:37 p.m.10 views

CVE-2026-47633

Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.2AI score0.0057EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 9:1 p.m.19 views

CVE-2026-49257 mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind

mcp-pinot is a Python-based Model Context Protocol MCP server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults to running an HTTP MCP server bound to 0.0.0.0:8080 with no authentication enabled. All MCP tools, including SQL query execution, schema creation, and...

10CVSS0.00498EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 4:13 p.m.26 views

CVE-2026-54106 U.S. GAO EPDS and CBCA EDS network access control bypass

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS0.00289EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/18 2:30 p.m.12 views

Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2

Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign codenamed CryptoBandits that has targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to hide communication. "The clipper in th...

6.4AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.8 views

Microsoft Exchange Online Elevation of Privilege Vulnerability

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network...

9.6CVSS5.8AI score0.00389EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.13 views

M365 Copilot Information Disclosure Vulnerability

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...

9.8CVSS5.9AI score0.00578EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.9 views

Microsoft Azure Synapse Elevation of Privilege Vulnerability

Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.9AI score0.005EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.8 views

Dynamics 365 Elevation of Privilege Vulnerability

Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.00426EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.8 views

Microsoft Copilot Tampering Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

7.5CVSS5.9AI score0.00399EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.9 views

Azure Bot Service Elevation of Privilege Vulnerability

Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network...

8.8CVSS5.9AI score0.00411EPSS
Exploits0
Rows per page
Query Builder