EUVD-2026-13177

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network...

CVE-2026-23659

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network...

CVE-2026-23659 Azure Data Factory Information Disclosure Vulnerability

...

CVE-2026-23659 Azure Data Factory Information Disclosure Vulnerability

...

CVE-2026-23659

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network...

CVE-2026-23659

Azure Data Factory contains an information disclosure vulnerability (CVE-2026-23659) that allows an unauthorized network actor to access sensitive data. The descriptor indicates exposure of information to unauthorized actors over a network, implying a potential data breach risk. Connected sources...

Azure Data Factory Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network...

KLA90946 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure Cloud Shell can be exploited remotely to gai...

Microsoft Azure Data Factory 信息泄露漏洞

Microsoft Azure Data Factory is a cloud-based data integration service provided by Microsoft Corporation. There is an information leakage vulnerability in Microsoft Azure Data Factory. This vulnerability stems from the exposure of sensitive information to unauthorized participants, which may allo...

PT-2026-26351

Azure Data Factory Information Disclosure Vulnerability CVE: CVE-2026-23659 PT-Identifier: PT-2026-26351 Vendor: Microsoft Product: Azure Data Factory CVSS: 8.6 Credits: n/a Description: Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attack...

CVE-2026-32839

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and...

CVE-2026-32839 Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and...

CVE-2026-32839

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and...

CVE-2026-32839

Edimax GS-5008PL firmware 1.00.54 and earlier is impacted by a cross-site request forgery (CSRF) vulnerability. The issue stems from lack of anti-CSRF tokens and insufficient request validation, enabling remote attackers to coerce logged-in administrators into performing actions via malicious pag...

PT-2026-25945

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and...

CVE-2026-3611 Honeywell IQ4x BMS Controller Missing authentication for critical function

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...

CVE-2026-3611

The CVE-2026-3611 entry describes unauthenticated access to the Honeywell IQ4x BMS controller web UI in factory-default configurations. Affected devices expose the full HMI via HTTP without requiring authentication when no user module is configured, leaving the system running under a System Guest...

CVE-2026-30980

iccDEV contains a stack overflow in CIccBasicStructFactory::CreateStruct() that can lead to uncontrolled recursion/stack exhaustion and crash. Affected versions are prior to 2.3.1.5; the issue is fixed in 2.3.1.5. Upgrade to 2.3.1.5 to remediate.

CVE-2026-3750

A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side...

CVE-2026-3675

A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The attack needs to be launched locally. The exploit has been...