3640 matches found
Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access OWA for Exchange Server 2003 SP2 aka build 6.5.7638 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. id: CVE-2008-1547 info: name:...
CVE-2026-47635 Microsoft Outlook and Word Remote Code Execution Vulnerability
...
CVE-2026-47635 Microsoft Outlook and Word Remote Code Execution Vulnerability
...
CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability
...
CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability
...
CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability
...
CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability
...
Microsoft Outlook and Word Remote Code Execution Vulnerability
Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...
Microsoft Outlook and Word Remote Code Execution Vulnerability
Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...
Description of the security update for Word 2016: June 9, 2026 (KB5002879)
Description of the security update for Word 2016: June 9, 2026 KB5002879 Summary This security update resolves a Microsoft Outlook and Word Remote Code Execution vulnerability and Microsoft Word Remote Code Execution vulnerability. To learn more about the vulnerabilities, see the following securi...
Microsoft Outlook and Word Remote Code Execution Vulnerability
Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...
CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions
Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts...
Microsoft Exchange Server Cross-Site Scripting Vulnerability
Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context...
CVE-2026-42893 Microsoft Outlook for iOS Tampering Vulnerability
...
CVE-2026-42893 Microsoft Outlook for iOS Tampering Vulnerability
...
CVE-2026-42893
CVE-2026-42893 concerns Improper neutralization of special elements used in a command (command injection) in M365 Copilot, leading to potential tampering over a network. Connected records identify affected software as Microsoft Outlook for iOS and M365 Copilot, with the issue described as command...
Microsoft Outlook for iOS Tampering Vulnerability
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to perform tampering over a network...
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is assessed to be a...
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. "The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control C2 channel, allowing...
Exploit for Improper Input Validation in Microsoft
CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulne...