CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

95 matches found

CVE•added 2026/04/02 11:26 p.m.•31 views

CVE-2026-33107

Azure Databricks is affected by a server-side request forgery (SSRF) that, per the sources, allows an unauthorized attacker to elevate privileges over a network. The CVSS 3.1 base score is 10.0 (CRITICAL) with network access, low attack complexity, and no user interaction required; confidentialit...

10CVSS5.9AI score0.00061EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/02 11:26 p.m.•0 views

CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability

...

10CVSS5.9AI score0.00061EPSS

Exploits0References1

Cvelist•added 2026/04/02 11:26 p.m.•13 views

CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability

...

10CVSS0.00061EPSS

Exploits0References1

ATTACKERKB•added 2026/04/02 11:26 p.m.•0 views

CVE-2026-33107

Server-side request forgery ssrf in Azure Databricks allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.9AI score0.00061EPSS

Exploits0References2

Microsoft CVE•added 2026/04/02 2:0 p.m.•2 views

Azure Databricks Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Azure Databricks allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.9AI score0.00061EPSS

Exploits0

CNNVD•added 2026/04/02 12:0 a.m.•3 views

Microsoft Azure Databricks 代码问题漏洞

Microsoft Azure Databricks is an open analysis platform provided by the American company Microsoft. There is a code vulnerability in Microsoft Azure Databricks, which stems from server-side request forgery. This vulnerability could allow unauthorized attackers to gain elevated privileges through...

10CVSS5.9AI score0.00061EPSS

Exploits0References1

Positive Technologies•added 2026/04/02 12:0 a.m.•3 views

PT-2026-29907

Name of the Vulnerable Software and Affected Versions Azure Databricks affected versions not specified Description Server-side request forgery ssrf in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information abou...

10CVSS5.8AI score0.00061EPSS

Exploits0References10

Kaspersky•added 2026/04/02 12:0 a.m.•5 views

KLA90966 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Azure MCP Server can...

10CVSS5.7AI score0.00086EPSS

Exploits0References8

RedhatCVE•added 2026/03/31 10:58 p.m.•3 views

CVE-2026-32794

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...

4.8CVSS5.9AI score0.00024EPSS

Exploits1References1

IBM Security Bulletins•added 2026/03/31 3:2 p.m.•2 views

Security Bulletin: IBM App Connect Enterprise Certified Container flows that use the Box or Databricks connectors are vulnerable to loss of confidentiality (CVE-2026-27699)

Summary Node.js module basic-ftp is used by IBM App Connect Enterprise Certified Container in the connectors for Box and Databricks. IBM App Connect Enterprise Certified Container IntergationRuntime and IntegrationServer operands that run flows containing Box or Databricks connectors are vulnerab...

9.8CVSS5.8AI score0.00152EPSS

Exploits2Affected Software1

Snyk•added 2026/03/31 12:34 a.m.•3 views

Improper Certificate Validation

Overview apache-airflow-providers-databricks is a Provider package apache-airflow-providers-databricks for Apache Airflow Affected versions of this package are vulnerable to Improper Certificate Validation due to the lack of certificate validation in the K8s Token Exchange. An attacker can...

8.3CVSS5.9AI score0.00024EPSS

Exploits1References2

Github Security Blog•added 2026/03/31 12:31 a.m.•4 views

Apache Airflow Provider for Databricks: TLS Certificate Verification is Disabled in Databricks Provider K8s Token Exchange

4.8CVSS5.9AI score0.00024EPSS

Exploits1References5Affected Software1

OSV•added 2026/03/31 12:31 a.m.•3 views

GHSA-WRPJ-755P-X363 Apache Airflow Provider for Databricks: TLS Certificate Verification is Disabled in Databricks Provider K8s Token Exchange

4.8CVSS5.9AI score0.00024EPSS

Exploits1References5

EUVD•added 2026/03/31 12:31 a.m.•1 views

EUVD-2026-17219

4.8CVSS5.9AI score0.00024EPSS

Exploits1References4

NVD•added 2026/03/30 10:16 p.m.•1 views

CVE-2026-32794

4.8CVSS0.00024EPSS

Exploits1References3

Vulnrichment•added 2026/03/30 9:43 p.m.•0 views

CVE-2026-32794 Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange

5.9AI score0.00024EPSS

Exploits1References2

CVE•added 2026/03/30 9:43 p.m.•10 views

CVE-2026-32794

CVE-2026-32794: Improper Certificate Validation in Apache Airflow Provider for Databricks (affected: Apache Airflow Provider for Databricks 1.10.0 – 1.11.x; fixed in 1.12.0). Root cause: provider code does not validate TLS certificates when connecting to the Databricks back-end, enabling a man-in...

4.8CVSS5.9AI score0.00024EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/03/30 9:43 p.m.•20 views

CVE-2026-32794 Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange

0.00024EPSS

Exploits1References2

ATTACKERKB•added 2026/03/30 9:43 p.m.•1 views

CVE-2026-32794

5.9AI score0.00024EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/03/30 12:0 a.m.•3 views

PT-2026-29132