Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.9 MEDIUM
CVE-2026-27491 — Discourse has a bypass of official warnings messages by non-staff users

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a type coercion issue in a post actions API endpoint allowed non-staff users to issue war…

discourse | Remote | Authorization
Mar 19, 2026 Mar 25, 2026
Mar 19, 2026
Mar 25, 2026
5.3 MEDIUM
CVE-2026-27454 — Discourse has check revision visibility on posts endpoint

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The…

discourse | Remote | Authorization
Mar 19, 2026 Mar 25, 2026
Mar 19, 2026
Mar 25, 2026
5.4 MEDIUM
CVE-2026-27166 — Discourse vulnerable to HTML injection via prohibited iframe URLs

Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to t…

discourse | Remote | Cross-Site Scripting
Mar 19, 2026 Mar 25, 2026
Mar 19, 2026
Mar 25, 2026
8.6 HIGH
CVE-2026-26139 — Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

purview office_purview
Mar 19, 2026 Mar 24, 2026
Mar 19, 2026
Mar 24, 2026
10.0 CRITICAL
CVE-2026-26138 — Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

purview office_purview | Remote
Mar 19, 2026 Mar 24, 2026
Mar 19, 2026
Mar 24, 2026
9.9 CRITICAL
CVE-2026-26137 — Microsoft Exchange Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.

365_copilot_business_chat 365_copilot_chat exchange_online | Remote
Mar 19, 2026 Mar 27, 2026
Mar 19, 2026
Mar 27, 2026
7.5 HIGH
CVE-2026-26136 — Microsoft Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.

copilot | Remote
Mar 19, 2026 Apr 01, 2026
Mar 19, 2026
Apr 01, 2026
7.5 HIGH
CVE-2026-26120 — Microsoft Bing Tampering Vulnerability

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network.

bing | Remote
Mar 19, 2026 Apr 01, 2026
Mar 19, 2026
Apr 01, 2026
5.3 MEDIUM
CVE-2026-24299 — M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

365_copilot
Mar 19, 2026 Mar 24, 2026
Mar 19, 2026
Mar 24, 2026
8.6 HIGH
CVE-2026-23659 — Azure Data Factory Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.

azure_data_factory
Mar 19, 2026 Apr 01, 2026
Mar 19, 2026
Apr 01, 2026
9.8 CRITICAL
CVE-2026-23658 — Azure DevOps: msazure Elevation of Privilege Vulnerability

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

azure_devops azure_devops_msazure | Remote
Mar 19, 2026 Apr 01, 2026
Mar 19, 2026
Apr 01, 2026
Showing 20 of 6431 Results