org.springframework.ai:spring-ai-starter-vector-store-azure-cosmos-db (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40978 via org.springframework.ai:spring-ai-azure-cosmos-db-store (>=1.1.0 <=1.1.4)

org.springframework.ai:spring-ai-azure-cosmos-db-store MAVEN version =1.1.0, =1.1.0, =1.1.4 Source cves: CVE-2026-40978 Source advisory: OSV:GHSA-63C8-M9M2-CVR3...

org.springframework.ai:spring-ai-azure-cosmos-db-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6), org.springframework.ai:spring-ai-starter-vector-store-azure-cosmos-db (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40978 via org.springframework.ai:spring-ai-azure-cosmos-db-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-azure-cosmos-db-store MAVEN version =1.0.0-M5, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40978 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316419...

CVE-2025-64675

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-64675

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-64675

Microsoft Azure Cosmos DB is affected by CVE-2025-64675, a cross-site scripting (XSS) issue caused by improper input neutralization during web page generation. This enables spoofing over a network and, per Kaspersky, there are public exploits. The provided documents do not specify affected versio...

CVE-2025-64675

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-64675 Azure Cosmos DB Spoofing Vulnerability

...

CVE-2025-64675 Azure Cosmos DB Spoofing Vulnerability

...

Azure Cosmos DB Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network...

マイクロソフト、Jupyter Notebooks for Azure Cosmos DB の脆弱性を修正

本ブログは、Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB の抄訳版です。最新の情報は原文を参照してください。 概...

Researchers Disclose Details of Critical 'CosMiss' RCE Flaw Affecting Azure Cosmos DB

Microsoft on Tuesday said it addressed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB that enabled full read and write access. The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide on October 6, 2022, two days after responsible...

Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB

Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB currently in preview reported by Orca Security. Customers not using Jupyter Notebooks 99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks were not susceptible to this...

Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB

Summary Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB currently in preview reported by Orca Security. Customers not using Jupyter Notebooks 99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks were not susceptible to th...

Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB

Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB currently in preview reported by Orca Security. Customers not using Jupyter Notebooks 99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks were not susceptible to this...

Detecting malicious key extractions by compromised identities for Azure Cosmos DB

Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...

Detecting malicious key extractions by compromised identities for Azure Cosmos DB

Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...

Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure

The inexorable movement of data and applications to the cloud that began several years ago and accelerated during the pandemic shows no signs of slowing down. The rationale for this transformation is driven by a desire to outsource non-critical functions building and maintaining data centers,...

Whitehat hackers accessed primary keys of Azure’s Cosmos DB customers

By Saad Rajpoot The vulnerability existed in Microsoft Azure’s flagship database service Cosmos DB for approximately two years. This is a post from HackRead.com Read the original post: Whitehat hackers accessed primary keys of Azures Cosmos DB customers...

Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature

On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customers resources by using the accounts primary read-write key. We mitigated the vulnerability immediately. Our...

Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature

On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customers resources by using the accounts primary read-write key. We mitigated the vulnerability immediately. Our...