21 matches found
EUVD-2026-41443
Server-side request forgery ssrf in Azure OpenAI allows an authorized attacker to elevate privileges over a network...
CVE-2026-45499
Technical details for CVE-2026-45499 are not publicly available in the provided documents. Monitor for updates; current sources only reiterate the SSRF elevation in Azure OpenAI without specification of affected products, versions, or fixes.
CVE-2026-45499
Server-side request forgery ssrf in Azure OpenAI allows an authorized attacker to elevate privileges over a network...
Malicious code in raise-common-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7401fb7c3259e43181ef51ca47b984450f7a849fed5a9598e6131b4c0ed5d2bb The package's rich-text editor module hardcodes an Azure OpenAI endpoint https://aidevused.openai.azure.com/ and an api-key in...
MAL-2026-4656 Malicious code in raise-common-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7401fb7c3259e43181ef51ca47b984450f7a849fed5a9598e6131b4c0ed5d2bb The package's rich-text editor module hardcodes an Azure OpenAI endpoint https://aidevused.openai.azure.com/ and an api-key in...
This Week in Spring - March 3rd, 2026
Hi Spring fans! Welcome to another rip-roaring installment of This Week in Spring! I'm writing this in an Uber en route to the airport to get to awsome Atlanta, GA, for Devnexus 2026! Who's goin'? You goin'? We - the Spring team - will be there in force! Come say hi at the boothes or come see our...
EUVD-2025-23957
Malicious code in bioql PyPI...
The vulnerability of the Azure OpenAI cloud platform, related to insufficient validation of incoming requests, allows a hacker to escalate their privileges.
The vulnerability of the Azure OpenAI cloud platform is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
CVE-2025-53767
Azure OpenAI Elevation of Privilege Vulnerability...
CVE-2025-53767
Azure OpenAI Elevation of Privilege Vulnerability...
CVE-2025-53767
Azure OpenAI CVE-2025-53767 is an elevation-of-privilege vulnerability rated CVSS v3.1 base score 10 (NETWORK, LOW attack complexity, PR NONE, UI NONE, C:H/I:H/A:N, scope CHANGED). It affects Azure OpenAI and can grant elevated rights with no user interaction. Microsoft has published updates via ...
CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability
...
CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability
...
Azure OpenAI Elevation of Privilege Vulnerability
...
Microsoft Azure Open AI 代码问题漏洞
Microsoft Azure Open AI is an artificial intelligence service from Microsoft Corporation USA. A code issue vulnerability exists in Microsoft Azure Open AI. An attacker can elevate privileges by exploiting the vulnerability...
PT-2025-32313
Name of the Vulnerable Software and Affected Versions: Azure OpenAI affected versions not specified Description: An elevation of privilege issue exists in Azure OpenAI. Successful exploitation could allow an attacker to gain elevated privileges. Recommendations: At the moment, there is no...
KLA86378 PE vulnerabilities in Microsoft Azure
An elevation of privilege vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure OpenAI can be exploited remotely to gain privileges. 2. A...
Incorrect Permission Assignment for Critical Resource
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource on the Azure OpenAI route. The getmodelfromrequest function does not necessarily enforce access restrictions, when an...
This Week in Spring - May 14th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! This week's highlights in the Spring ecosystem emphasize the ongoing advancements and applications of Spring AI. The discussions range from exploring the impressive VectorStore abstraction and enhanced structured output suppo...
Attackgen - Cybersecurity Incident Response Testing Tool That Leverages The Power Of Large Language Models And The Comprehensive MITRE ATT&CK Framework
AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation's details. Star the...