126796 matches found
PT-2026-51033
Name of the Vulnerable Software and Affected Versions Microsoft Exchange Online affected versions not specified Description Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. There have been reports of elevated activities targeti...
PT-2026-51031
Name of the Vulnerable Software and Affected Versions Azure Active Directory affected versions not specified Description Improper authentication allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...
PT-2026-50979
Name of the Vulnerable Software and Affected Versions Tilt versions 0.24.0 through 0.37.3 Description The Tilt HUD WebSocket endpoint /ws/view is susceptible to Cross-site WebSocket Hijacking CSWSH, a technique where an attacker tricks a victim's browser into establishing a WebSocket connection t...
PT-2026-50901
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description Insecure default credentials exist when TLS configuration is absent and the server is bound beyond the loopback interface. This allows an unauthenticated user on the local network to gain...
PT-2026-51030
Name of the Vulnerable Software and Affected Versions Microsoft Copilot affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized attacker to perform tampering over a network. Recommendations At th...
PT-2026-51034
Name of the Vulnerable Software and Affected Versions Azure Synapse affected versions not specified Description Execution with unnecessary privileges allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version th...
CVE-2026-54130
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-47633
Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...
CVE-2026-32174
Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network...
CVE-2026-32174
Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network...
CVE-2026-47633
Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...
CVE-2026-49257 mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind
mcp-pinot is a Python-based Model Context Protocol MCP server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults to running an HTTP MCP server bound to 0.0.0.0:8080 with no authentication enabled. All MCP tools, including SQL query execution, schema creation, and...
CVE-2026-54106 U.S. GAO EPDS and CBCA EDS network access control bypass
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign codenamed CryptoBandits that has targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to hide communication. "The clipper in th...
Microsoft Exchange Online Elevation of Privilege Vulnerability
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network...
M365 Copilot Information Disclosure Vulnerability
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...
Microsoft Azure Synapse Elevation of Privilege Vulnerability
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network...
Dynamics 365 Elevation of Privilege Vulnerability
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network...
Microsoft Copilot Tampering Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
Azure Bot Service Elevation of Privilege Vulnerability
Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network...