Monthly
Remote unauthenticated attackers can disclose sensitive information from Microsoft 365 Copilot's Business Chat through improper input neutralization (CVSS 7.5). The vulnerability allows network-based exploitation with low complexity and no user interaction required. Vendor-released patch available via Microsoft Security Response Center (MSRC-2026-26129). No public exploit identified at time of analysis, though the low attack complexity (AC:L) and lack of authentication requirements (PR:N) increase realistic exploitation risk.
Information disclosure in Microsoft .NET 8.0, 9.0, 10.0, and Visual Studio 2022 allows unauthenticated remote attackers to access sensitive data through improper neutralization of special elements. This spoofing vulnerability (CWE-138) enables attackers to bypass authentication mechanisms and extract high-confidentiality information over the network with low attack complexity. No active exploitation confirmed (not in CISA KEV), but the network-accessible, no-authentication-required attack profile presents immediate risk for internet-facing .NET applications. Vendor patches available for all affected versions.
Unauthenticated SSH authentication bypass in Cisco Secure Firewall ASA allows remote attackers to log in as arbitrary users by exploiting insufficient input validation during the SSH key authentication phase, requiring only knowledge of a valid username and its associated public key. This vulnerability enables attackers to execute arbitrary commands on affected ASA devices with the privileges of the compromised user account. No patch is currently available.
A security vulnerability in tarteaucitron.js (CVSS 4.2). Risk factors: public PoC available. Vendor patch is available.
Remote unauthenticated attackers can disclose sensitive information from Microsoft 365 Copilot's Business Chat through improper input neutralization (CVSS 7.5). The vulnerability allows network-based exploitation with low complexity and no user interaction required. Vendor-released patch available via Microsoft Security Response Center (MSRC-2026-26129). No public exploit identified at time of analysis, though the low attack complexity (AC:L) and lack of authentication requirements (PR:N) increase realistic exploitation risk.
Information disclosure in Microsoft .NET 8.0, 9.0, 10.0, and Visual Studio 2022 allows unauthenticated remote attackers to access sensitive data through improper neutralization of special elements. This spoofing vulnerability (CWE-138) enables attackers to bypass authentication mechanisms and extract high-confidentiality information over the network with low attack complexity. No active exploitation confirmed (not in CISA KEV), but the network-accessible, no-authentication-required attack profile presents immediate risk for internet-facing .NET applications. Vendor patches available for all affected versions.
Unauthenticated SSH authentication bypass in Cisco Secure Firewall ASA allows remote attackers to log in as arbitrary users by exploiting insufficient input validation during the SSH key authentication phase, requiring only knowledge of a valid username and its associated public key. This vulnerability enables attackers to execute arbitrary commands on affected ASA devices with the privileges of the compromised user account. No patch is currently available.
A security vulnerability in tarteaucitron.js (CVSS 4.2). Risk factors: public PoC available. Vendor patch is available.