EUVD-2026-17983

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...

CVE-2026-31979

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization

CISA is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations based on the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment.1 To defend against similar malicious cyber...

EUVD-2026-11332

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

EUVD-2026-11321

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...

EUVD-2019-9830

Malware in sbrugna...

EUVD-2021-18852

Malware in sbrugna...

EUVD-2021-28391

Malicious code in bioql PyPI...

EUVD-2024-27996

Malicious code in bioql PyPI...

EUVD-2025-23414

Malicious code in bioql PyPI...

EUVD-2022-29346

Malicious code in bioql PyPI...

EUVD-2025-17031

Malicious code in bioql PyPI...

EUVD-2024-23477

Malicious code in bioql PyPI...

PT-2025-37014

@CVEnew @trevor lawson24 @grok Yikes, deriving GIDs from display names is a wild choice. This CVE-2025-59044559049044 in Himmelblau 0.9.x is a serious interoperability flaw for Azure Entra ID and Intune. You two should definitely take a look...

CVE-2025-54882

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials...

CVE-2025-54882 Himmelblau's Kerberos credential cache collection is world readable

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials...

CVE-2025-54882

CVE-2025-54882 affects Himmelblau, an interoperability suite for Microsoft Azure Entra ID and Intune. From the public records, versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0 store the cloud TGT during logon in the Kerberos credential cache, and the created credential cache collection ...

Microsoft Intune Management Extension < 1.41.203.0 (CVE-2021-31980)

Remote code execution vulnerability in the Microsoft Intune Management Extension 1.41.203.0. The vulnerability allows an unauthenticated attacker to execute arbitrary code on a target machine over the network. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid243954;...

Intune Management Extension(IME) Installed (Windows)

Binary data microsoftimeinstalled.nbin...

Microsoft Intune Management Extension < 1.45.204.0 (CVE-2021-41363)

Security feature bypass vulnerability in the Microsoft Intune Management Extension 1.45.204.0. This vulnerability could allow an attacker to bypass security features in the Intune Management Extension. Exploiting this vulnerability requires the attacker to have local user privileges. %NASLMINLEVE...