1647 matches found
AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php
Summary The plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesystem paths, remote server URLs, and SSH connection metadata. Details...
CVE-2026-26135
Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...
EUVD-2026-18556
Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...
CVE-2026-26135
Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability
...
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability
...
CVE-2026-26135
Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...
CVE-2026-26135
CVE-2026-26135 describes a server-side request forgery (SSRF) in the Azure Custom Locations Resource Provider (RP) that enables an authorized attacker to elevate privileges over the network. The NVD entries corroborate an elevation-of-privilege impact with high confidentiality and integrity impli...
Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability
Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...
PT-2026-29902
Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...
Microsoft Azure Custom Locations Resource Provider 代码问题漏洞
Microsoft Azure Custom Locations Resource Provider is a service component developed by Microsoft Corporation in the United States. It serves to extend, manage, and integrate custom data centers or edge resources. There is a code vulnerability in Microsoft Azure Custom Locations Resource Provider,...
KLA90966 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Azure MCP Server can...
CVE-2026-2123
A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...
EUVD-2026-17859
Lack of output escaping for article titles leads to XSS vectors in various locations...
CVE-2026-21632
Lack of output escaping for article titles leads to XSS vectors in various locations...
CVE-2026-21632
Lack of output escaping for article titles leads to XSS vectors in various locations...
CVE-2026-3775
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writab...
PT-2026-29504
Name of the Vulnerable Software and Affected Versions versions affected versions not specified Description A lack of output escaping for article titles creates cross-site scripting XSS vectors in multiple areas. Recommendations At the moment, there is no information about a newer version that...
CVE-2026-2123
A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...
CVE-2026-2123 Privilege escalation vulnerability in Operations Agent
A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...