https://vulnerability.circl.lu/sightings/feed 2026-06-03T08:49:42.412626+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/2f3c871b-e244-4b6f-bbb8-0ee5c0700b3d/export 2026-06-03T08:49:42.423043+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "2f3c871b-e244-4b6f-bbb8-0ee5c0700b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mmrrsxr72j2w", "content": "Microsoft Exchange (CVE-2026-42897) has a zero-day XSS that can let attackers compromise OWA mailboxes. For defenders: review OWA exposure and watch for odd mailbox actions.\n\nhttps://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch", "creation_timestamp": "2026-05-26T20:00:21.186644Z"} 2026-05-26T20:00:21.186644+00:00 https://vulnerability.circl.lu/sighting/05dba9ec-9b54-42ec-8783-d40cee4b16bd/export 2026-06-03T08:49:42.422965+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "05dba9ec-9b54-42ec-8783-d40cee4b16bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/pvynckier.bsky.social/post/3mmssvy5szc23", "content": "CVE-2026-42897, Microsoft publie une att\u00e9nuation d'urgence pour la faille XSS d'Exchange - IT SOCIAL itsocial.fr/cybersecurit...", "creation_timestamp": "2026-05-27T05:52:39.490764Z"} 2026-05-27T05:52:39.490764+00:00 https://vulnerability.circl.lu/sighting/ced1de12-d2a4-447c-8270-34fc0907b8b9/export 2026-06-03T08:49:42.422895+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "ced1de12-d2a4-447c-8270-34fc0907b8b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/diesec.bsky.social/post/3mmte3szsrg2d", "content": "Exchange Server zero-day (CVE-2026-42897): crafted email \u2192 OWA XSS \u2192 session token stolen.\u00a0\nActive exploitation confirmed.\nNo permanent patch.\n CISA deadline May 29.\nIf EM Service is disabled, you're unprotected right now.\n\nCheck EM Service status before Friday.\n\n#CyberSecurity", "creation_timestamp": "2026-05-27T11:00:05.860500Z"} 2026-05-27T11:00:05.860500+00:00 https://vulnerability.circl.lu/sighting/411ed968-4922-4c49-ab5b-6e85cfcaaf7a/export 2026-06-03T08:49:42.422822+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "411ed968-4922-4c49-ab5b-6e85cfcaaf7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/hakksaww.bsky.social/post/3mmuwmpbe5w2k", "content": "CISA Exchange CVE-2026-42897 federal deadline tomorrow. Three more crews hit this week: Marquis (400K), Brightspeed via Crimson Collective (1M+), Silent Ransom Group on law firms. All four in our STIX feed: https://analytics.dugganusa.com/stix/register", "creation_timestamp": "2026-05-28T02:04:22.648044Z"} 2026-05-28T02:04:22.648044+00:00 https://vulnerability.circl.lu/sighting/88db9cb5-bedb-4a3a-a5af-405997b58d9e/export 2026-06-03T08:49:42.422752+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "88db9cb5-bedb-4a3a-a5af-405997b58d9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mmvct7g2d426", "content": "Microsoft has confirmed attackers are actively exploiting CVE-2026-42897, a XSS flaw in on-premises Exchange Server's Outlook Web Access. A crafted email can run arbitrary JavaScript when opened in OWA. No permanent patch; CISA added the bug to KEV with a May 29 deadline for federal agencies.", "creation_timestamp": "2026-05-28T05:42:43.216373Z"} 2026-05-28T05:42:43.216373+00:00 https://vulnerability.circl.lu/sighting/3c96c48b-c8fa-4348-b093-fbe63f84dced/export 2026-06-03T08:49:42.422681+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "3c96c48b-c8fa-4348-b093-fbe63f84dced", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mndus2udfk2u", "content": "\u300cExchange Server\u300d\u306b\u8106\u5f31\u6027 - \u3059\u3067\u306b\u60aa\u7528\u3092\u78ba\u8a8d\u3001\u30d1\u30c3\u30c1\u306f\u6e96\u5099\u4e2d\n\n\u300cMicrosoft Exchange Server\u300d\u306b\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u304c\u660e\u3089\u304b\u3068\u306a\u3063\u305f\u3002\u3059\u3067\u306b\u60aa\u7528\u304c\u78ba\u8a8d\u3055\u308c\u3066\u304a\u308a\u3001\u540c\u793e\u3067\u306f\u4fee\u6b63\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u63d0\u4f9b\u306b\u5411\u3051\u3066\u6e96\u5099\u3092\u9032\u3081\u3066\u3044\u308b\u3002\n\n\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u306f\u73fe\u5730\u6642\u95932026\u5e745\u670814\u65e5\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea\u3092\u516c\u958b\u3057\u3001\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\uff08XSS\uff09\u306b\u3088\u308b\u306a\u308a\u3059\u307e\u3057\u306e\u8106\u5f31\u6027\u300cCVE-2026-42897\u300d\u306b\u3064\u3044\u3066\u660e\u3089\u304b\u306b\u3057\u305f\u3002\n\n\u300cOutlook Web Access\uff08OWA\uff09\u300d\u3067\u7d30\u5de5\u3055\u308c\u305f\u30e1\u30fc\u30eb\u3092\u958b\u304d\u3001\u4e00\u5b9a\u306e\u64cd\u4f5c\u3092\u884c\u3046\u3068\u30d6\u30e9\u30a6\u30b6\u4e0a\u3067\u4efb\u610f\u306eJavaScript\u304c\u5b9f...", "creation_timestamp": "2026-06-03T00:41:29.185607Z"} 2026-06-03T00:41:29.185607+00:00 https://vulnerability.circl.lu/sighting/bf0cba9f-70aa-4bc3-8cc0-49996fc8d5f4/export 2026-06-03T08:49:42.422602+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "bf0cba9f-70aa-4bc3-8cc0-49996fc8d5f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mndv6v4psc2u", "content": "\u30aa\u30f3\u30d7\u30ec\u30df\u30b9\u306eMicrosoft Exchange Server\u306e\u8106\u5f31\u6027CVE-2026-42897\u304c\u3001\u7d30\u5de5\u3055\u308c\u305f\u30e1\u30fc\u30eb\u3092\u4ecb\u3057\u3066\u60aa\u7528\u3055\u308c\u308b\n\n\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u306f\u3001\u30aa\u30f3\u30d7\u30ec\u30df\u30b9\u7248\u306eExchange Server\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u65b0\u305f\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\u3092\u516c\u8868\u3057\u305f\u3002\u540c\u793e\u306b\u3088\u308b\u3068\u3001\u3053\u306e\u8106\u5f31\u6027\u306f\u65e2\u306b\u60aa\u7528\u3055\u308c\u3066\u3044\u308b\u3068\u3044\u3046\u3002\n\nCVE-2026-42897 \uff08CVSS\u30b9\u30b3\u30a2\uff1a8.1\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u3044\u308b\u3053\u306e\u8106\u5f31\u6027\u306f\u3001\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306e\u6b20\u9665\u306b\u8d77\u56e0\u3059\u308b\u306a\u308a\u3059\u307e\u3057\u30d0\u30b0\u3068\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u554f\u984c\u3092\u767a\u898b\u3057\u5831\u544a\u3057\u305f\u306e\u306f\u3001\u533f\u540d\u306e\u7814\u7a76\u8005\u3067\u3042\u308b\u3068\u3055\u308c\u3066\u3044\u307e\u3059\u3002", "creation_timestamp": "2026-06-03T00:48:42.290925Z"} 2026-06-03T00:48:42.290925+00:00 https://vulnerability.circl.lu/sighting/bd306a2a-010d-4db3-b432-fad48c982546/export 2026-06-03T08:49:42.422514+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "bd306a2a-010d-4db3-b432-fad48c982546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mndxjgdyhc2u", "content": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u306f\u3001Exchange\u306e\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u304c\u653b\u6483\u306b\u60aa\u7528\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3068\u8b66\u544a\u3057\u3066\u3044\u308b\u3002\n\n\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u306f\u6728\u66dc\u65e5\u3001Exchange Server\u306e\u6df1\u523b\u306a\u8106\u5f31\u6027\u306b\u5bfe\u3059\u308b\u5bfe\u7b56\u3092\u767a\u8868\u3057\u305f\u3002\u3053\u306e\u8106\u5f31\u6027\u306f\u3001\u653b\u6483\u8005\u304c\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\uff08XSS\uff09\u3092\u4ecb\u3057\u3066\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3067\u304d\u308b\u653b\u6483\u306b\u60aa\u7528\u3055\u308c\u3001Outlook on the web\u306e\u30e6\u30fc\u30b6\u30fc\u3092\u6a19\u7684\u306b\u3057\u3066\u3044\u308b\u3002\n\n\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u306f\u3053\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u6b20\u9665\uff08CVE-2026-42897\uff09\u3092\u3001\u6700\u65b0\u306eExchange Server 2016\u3001Exchange Server 2019\u3001\u304a\u3088\u3073Exchange Server Subscriptio...", "creation_timestamp": "2026-06-03T01:30:23.605449Z"} 2026-06-03T01:30:23.605449+00:00 https://vulnerability.circl.lu/sighting/7d5b2ede-a274-45e7-b244-47c2665f67b5/export 2026-06-03T08:49:42.422414+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "7d5b2ede-a274-45e7-b244-47c2665f67b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mndytjfs722u", "content": "CVE-2026-42897\uff1a\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u306f\u3001Exchange Server\u306e\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u304c\u5b9f\u969b\u306b\u60aa\u7528\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u305f\u3002\n\n\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u306f\u3001\u653b\u6483\u8005\u304cExchange Server\u306e\u65b0\u305f\u306a\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\uff08CVE-2026-42897\u3001CVSS\u30b9\u30b3\u30a28.1\uff09\u3092\u7a4d\u6975\u7684\u306b\u60aa\u7528\u3057\u3066\u3044\u308b\u3068\u8b66\u544a\u3057\u305f\u3002\n\n\u3053\u306e\u8106\u5f31\u6027\u306f\u3001Microsoft Exchange Server\u306b\u304a\u3051\u308bWeb\u30da\u30fc\u30b8\u751f\u6210\u6642\u306e\u5165\u529b\u51e6\u7406\uff08\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\uff09\u306e\u4e0d\u5099\u306b\u8d77\u56e0\u3059\u308b\u3082\u306e\u3067\u3059\u3002\u653b\u6483\u8005\u306f\u3053\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u3066\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u4e0a\u3067\u306a\u308a\u3059\u307e\u3057\u884c\u70ba\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\n\n\u300cMicrosoft Exchange Se...", "creation_timestamp": "2026-06-03T01:54:00.076640Z"} 2026-06-03T01:54:00.076640+00:00 https://vulnerability.circl.lu/sighting/e458456c-88a2-410d-bb18-ffff9b2b1183/export 2026-06-03T08:49:42.421270+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "e458456c-88a2-410d-bb18-ffff9b2b1183", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mne36np2f22u", "content": "CISA Adds One Known Exploited Vulnerability to Catalog\nRelease Date\u3000May 15, 2026\n\nCVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting Vulnerability", "creation_timestamp": "2026-06-03T02:35:55.107146Z"} 2026-06-03T02:35:55.107146+00:00