Common Vulnerabilities and Exposures (CVE)

CVE-2026-32194

Mar 21, 2026 04:01:47 UTC

Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

CVE-2026-26137

Mar 21, 2026 04:01:45 UTC

Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.

CVE-2025-15607

Mar 21, 2026 04:01:44 UTC

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling auth...

CVE-2025-15608

Mar 21, 2026 04:01:43 UTC

This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under spe...

CVE-2026-24299

Mar 21, 2026 04:01:42 UTC

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-23658

Mar 21, 2026 04:01:41 UTC

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-32191

Mar 21, 2026 04:01:40 UTC

Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

CVE-2026-26138

Mar 21, 2026 04:01:38 UTC

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-26139

Mar 21, 2026 04:01:37 UTC

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-32169

Mar 21, 2026 04:01:36 UTC

Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-4451

Mar 21, 2026 04:01:35 UTC

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium ...

CVE-2026-4444

Mar 21, 2026 04:01:34 UTC

Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2026-4443

Mar 21, 2026 04:01:32 UTC

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-4440

Mar 21, 2026 04:01:31 UTC

Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-4439

Mar 21, 2026 04:01:30 UTC

Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)