Dark Reading

Microsoft Exchange Zero-Day Under Attack, No Patch Available

Microsoft on Thursday disclosed a zero-day vulnerability in Exchange that's under active exploitation, but four days later customers are still awaiting a patch. The zero-day, tracked as CVE-2026-42897 ...
SecurityWeek

Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild

Microsoft is working to patch CVE-2026-42897, an Exchange Server zero-day vulnerability that has been exploited in attacks.

Microsoft warns of Exchange zero-day flaw exploited in attacks

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow ...
The Hacker News

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come ...

From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
IEEE

An Automatic XSS Attack Vector Generation Method Based on the Improved Dueling DDQN Algorithm

Traditional XSS (Cross Site Scripting) scanners typically rely on attack vectors based on expert knowledge and manual testing, which not only incur high costs and long processing times but also result ...
GitHub

Reflective XSS lead to executing javascript code

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...