688 matches found
Microsoft Office 资源管理错误漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a resource management vulnerability in Microsoft Office. Attackers can exploit this...
Microsoft Office 安全漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There are security vulnerabilities in Microsoft Office. Attackers can exploit these...
Microsoft Office Excel 缓冲区错误漏洞
Microsoft Office Excel is an spreadsheet software developed by Microsoft and open source. There is a buffer overflow vulnerability in Microsoft Office Excel. Attackers can exploit this vulnerability to obtain sensitive information. The following products and versions are affected: Office Online...
Microsoft Office Word 安全漏洞
Microsoft Office Word is a word processing software developed by Microsoft and open sourced. There are security vulnerabilities in Microsoft Office Word. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected: Microsoft 365 Apps for Enterpris...
Microsoft Office ClickToRun 访问控制错误漏洞
Microsoft Office ClickToRun is a component developed by Microsoft that allows for the download and installation of Microsoft Office products. There is an access control error vulnerability present in Microsoft Office ClickToRun. Attackers can exploit this vulnerability to gain higher privileges...
Microsoft Office 资源管理错误漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a resource management vulnerability in Microsoft Office. Attackers can exploit this...
Microsoft Word 资源管理错误漏洞
Microsoft Word is a word processing software within the Office suite developed by Microsoft Corporation. There is a resource management vulnerability in Microsoft Word. Attackers can exploit this vulnerability to execute code remotely. The following products and versions are affected: Microsoft...
CVE-2026-2559
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoffice365oauthredirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admininit without any currentusercan check ...
WordPress Post SMTP plugin <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite vulnerability
Missing Authorization to Authenticated Subscriber+ Office 365 OAuth Configuration Overwrite vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Post SMTP versions = 3.8.0...
CVE-2026-2559
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoffice365oauthredirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admininit without any currentusercan check ...
CVE-2026-2559
Post SMTP for WordPress is vulnerable up to version 3.8.0 due to a missing capability check in handle_office365_oauth_redirect() (hooked to admin_init without current_user_can() or nonce verification). Authenticated attackers with Subscriber level access+ can overwrite the Office 365 OAuth config...
CVE-2026-2559 Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoffice365oauthredirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admininit without any currentusercan check ...
CVE-2026-2559
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoffice365oauthredirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admininit without any currentusercan check ...
CVE-2026-2559 Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoffice365oauthredirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admininit without any currentusercan check ...
PT-2026-26069
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle office365 oauth redirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admin init without any current user can...
WordPress plugin Post SMTP 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-59683
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of servi...
EUVD-2025-205370
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of servi...
CVE-2025-59683
CVE-2025-59683 affects Pexip Infinity 15.0–38.0; vulnerability due to Improper Access Control in the Secure Scheduler for Exchange service when using Office 365 Legacy Exchange Tokens. Exploitation could allow a remote attacker to read potentially sensitive data and cause resource exhaustion, lea...
CVE-2025-59683
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of servi...