Azure Stack Edge Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Stack Edge allows an authorized attacker to perform spoofing over a network...

Microsoft Azure Network Adapter Elevation of Privilege Vulnerability

Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally...

May 12, 2026—Hotpatch KB5087423 (OS Build 26100.32772)

May 12, 2026—Hotpatch KB5087423 OS Build 26100.32772 This update applies to Windows Server 2025 Datacenter & Standard machines connected to Azure Arc. To learn more about differences between security updates, optional non-security preview updates, out-of-band OOB updates, and continuous innovatio...

June 9, 2026—KB5094042 (Monthly Rollup)

June 9, 2026—KB5094042 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only are...

June 9, 2026—KB5094041 (Monthly Rollup)

June 9, 2026—KB5094041 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU only a...

GHSA-Q834-8QMM-V933 vulnerabilities

Vulnerabilities for packages: azure-functions-host...

CVE-2026-40182 vulnerabilities

Vulnerabilities for packages: azure-functions-host...

Microsoft Azure 资源管理错误漏洞

Microsoft Azure is an open enterprise-level cloud computing platform provided by the American company Microsoft. There is a resource management vulnerability in Microsoft Azure. Currently, there is no information regarding this vulnerability. Please stay informed by following CNNVD or the vendor’...

PT-2026-48006

Name of the Vulnerable Software and Affected Versions Microsoft Azure Attestation service affected versions not specified Device Health Attestation Service affected versions not specified Description Improper input validation in these services allows an authorized attacker to perform spoofing via...

Microsoft Azure Stack Edge 跨站脚本漏洞

Microsoft Azure Stack Edge is a Azure-hosted device by Microsoft that integrates Azure computing, storage, and intelligent features at the edge. Microsoft Azure Stack Edge has a cross-site scripting vulnerability. Attackers can exploit this vulnerability to perform phishing attacks...

Microsoft Azure Stack Edge 安全漏洞

Microsoft Azure Stack Edge is a Azure-hosted device by Microsoft that integrates Azure computing, storage, and intelligent features at the edge. There are security vulnerabilities present in Microsoft Azure Stack Edge. Attackers can exploit these vulnerabilities to execute code remotely...

PT-2026-47873

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Stack Edge allows an authorized attacker to perform spoofing over a network...

PT-2026-48038

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...

Microsoft Azure Kubernetes Service 路径遍历漏洞

Microsoft Azure Kubernetes Service is a service provided by Microsoft Corporation for deploying, managing, and scaling containerized applications. Microsoft Azure Kubernetes Service has a path traversal vulnerability. Attackers can exploit this vulnerability to execute code remotely...

Microsoft Azure 输入验证错误漏洞

Microsoft Azure is an open enterprise-level cloud computing platform provided by Microsoft Corporation in the United States. The Microsoft Azure Attestation service and Device Health Attestation Service have vulnerabilities related to input validation. Attackers can exploit these vulnerabilities ...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42507)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42507 advisory. - When returning errors, functions in the net/textproto package would include its input as part ...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42504)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42504 advisory. - Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume...

KB5094128: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (June 2026)

The remote Windows host is missing security update 5094128. It is, therefore, affected by multiple vulnerabilities - Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. CVE-2026-47291 - Heap-based buffer overflow in Remote Desktop...

ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +12787 more potentially affected by CVE-2026-45536 via io.netty:netty-transport-native-epoll (>=4.0.21.Final <=4.1.134.Final)

io.netty:netty-transport-native-epoll MAVEN version =4.0.21.Final, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...

CVE-2026-48501

A flaw was found in GitHub CLI. The tool incorrectly includes authorization headers in API requests to TUF repository mirrors when using commands such as gh attestation, gh release verify, and gh release verify-asset. This issue occurs because the shared HTTP client's authentication layer lacks...