23 matches found
CVE-2023-24881
CVE-2023-24881 affects Microsoft Teams. The vulnerability is an Information Disclosure flaw with CVSS v3.1 base score 6.5 (Confidentiality impact: High; integrity/availability: None). Attack vector is Network, with Low attack complexity, no privileges required, but user interaction is required. E...
CVE-2023-4863
CVE-2023-4863 describes a heap buffer overflow in libwebp used by Google Chrome prior to 116.0.5845.187 and in libwebp 1.3.2. A remote attacker can cause an out-of-bounds memory write by presenting a crafted HTML page. The vulnerability is exploitable over the network and requires user interactio...
CVE-2022-21965
Summary of CVE-2022-21965 (Microsoft Teams DoS) Affected product: Microsoft Teams. The vulnerability is a Denial of Service in Teams, with root details not fully disclosed in some sources but the CVE entry describes a DoS impact. According to CVSSv3.1, the base score is 7.5 (HIGH), with network a...
CVE-2023-29330
CVE-2023-29330 affects Microsoft Teams across multiple platforms (Desktop, Android, Mac, iOS) and is a remote code execution vulnerability. The reports note RCE in Teams with high impact; CVSS 3.1 base score 8.8 (Network attack vector, no privileges, user interaction required). The exact root cau...
CVE-2024-21374
The CVE affects Microsoft Teams for Android and is an Information Disclosure vulnerability that could allow access to sensitive information. Details on affected versions, root cause, and concrete exploit methods are not fully provided in the given documents. Public remediation status is not speci...
CVE-2024-21448
CVE-2024-21448 is an information-disclosure vulnerability in Microsoft Teams for Android . The issue affects the Teams for Android app and is described as allowing access to sensitive information. The published CVSSv3 base score is 5.0 (Medium) with confidentiality impact High , attack vector Loc...
CVE-2023-29328
Technical details about CVE-2023-29328 are not publicly provided in the supplied documents. Available sources reference a Microsoft Teams RCE but do not specify affected versions, root cause, exploitability, or fixes. Monitor for updates and vendor advisories.
CVE-2020-17091
CVE-2020-17091 is a Microsoft Teams remote code execution vulnerability. Multiple connected sources (including AttackerkB and MSRC/MSRP entries) describe an attack that can occur with local access to the Teams client and a server-side/XSS trigger: a novel XSS vector on teams.microsoft.com can lea...
CVE-2020-10146
CVE-2020-10146 concerns a stored cross-site scripting vulnerability in the Microsoft Teams online service, affecting the displayName parameter. The issue could be exploited on Teams clients to obtain sensitive information such as authentication tokens and potentially execute arbitrary commands. M...
CVE-2025-53783
CVE-2025-53783 is a heap-based buffer overflow in Microsoft Teams that enables remote code execution over a network. Public documents consistently identify the affected component as Microsoft Teams (notably the desktop client) and describe the underlying flaw as a heap-based overflow that allows ...
CVE-2024-38197
CVE-2024-38197 affects Microsoft Teams for iOS. The description indicates a spoofing vulnerability with CVSS 3.1: Network attack vector, low complexity, no privileges required, no user interaction. Confidentiality and integrity are Low; availability unaffected. Connected sources reference Microso...
CVE-2021-24114
CVE-2021-24114 refers to a Microsoft Teams for iOS information disclosure vulnerability. Affected product: Microsoft Teams for iOS. Vulnerability: lack of protection for sensitive data in the iOS client allows exposure of the Skype token value in the preview URL for images in the app. Root cause ...
CVE-2024-41145
CVE-2024-41145 pertains to a library-injection vulnerability in Microsoft Teams for macOS, specifically the WebView.app helper. Talos’ analysis confirms the WebView (and related Teams components) are hardened-runtime apps that also include com.apple.security.cs.disable-library-validation, enablin...
CVE-2026-32185
CVE-2026-32185 affects Microsoft Teams. The vulnerability description indicates files or directories exposed to external parties can let an unauthorized, locally positioned attacker perform spoofing. CVSS metrics cite Local attack vector, requiring user interaction, with High confidentiality impa...
CVE-2019-5922
The CVE-2019-5922 issue affects the installer of Microsoft Teams, where an unsafe DLL search path (App Dir DLL planting) could allow arbitrary code to run with the caller’s privileges. Affected product: the Teams installer (prior to version 1.3.00.362). Root cause: insecure loading of Dynamic Lin...
CVE-2024-41138
Microsoft Teams on macOS contains a library injection vulnerability in the com.microsoft.teams2.modulehost.app helper and related Teams components. The issue arises because hardened runtime is enabled but the com.apple.security.cs.disable-library-validation entitlement is set to true in multiple ...
CVE-2024-42004
Cisco Talos and related sources document a library-injection vulnerability (CVE-2024-42004) affecting Microsoft Teams for macOS 24046.2813.2770.1094, where specially crafted libraries loaded via relative paths and insufficient library-validation entitlements (com.apple.security.cs.disable-library...
CVE-2025-49731
CVE-2025-49731 affects Microsoft Teams (Desktop). The vulnerability is due to improper handling of insufficient permissions or privileges, allowing an authorized attacker to elevate privileges over a network. Per the public metrics, the CVSSv3.1 base score is 3.1 (LOW) with Network attack vector,...
CVE-2026-26133
CVE-2026-26133 involves an AI command injection vulnerability in Microsoft 365 Copilot that can lead to unauthorized disclosure of information over a network. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N) indicates a network-accessible issue with no privileges required but user intera...
CVE-2025-49737
This CVE (CVE-2025-49737) concerns Microsoft Teams. Description: a race condition arising from concurrent execution on a shared resource could let an authenticated user elevate privileges locally. Affected product: Microsoft Teams (desktop/mobile). Root cause: improper synchronization / race cond...
CVE-2026-42835
Microsoft Teams for Android contains a vulnerability described as improper neutralization of special elements in output used by a downstream component ('injection'), enabling an authorized attacker to disclose information over a network. Affected software: Microsoft Teams for Android. Root cause:...
CVE-2026-21535
Technical details about CVE-2026-21535 are not publicly provided in the supplied documents. Monitor for updates to obtain affected products, impact details, and remediation information.
CVE-2026-33823
Technical details (affected product/component, root cause, exploit specifics, and remediation) are not publicly available in the provided documents. Monitor for updates from the listed sources (NVD, CVE List, MSRC, Attackerkb).