Lucene search
K

1647 matches found

Github Security Blog
Github Security Blog
added 2026/04/04 6:17 a.m.10 views

AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php

Summary The plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesystem paths, remote server URLs, and SSH connection metadata. Details...

5.3CVSS5.9AI score0.00367EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/04 4:59 a.m.4 views

CVE-2026-26135

Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...

9.6CVSS5.9AI score0.00596EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/03 12:31 a.m.4 views

EUVD-2026-18556

Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...

9.6CVSS5.9AI score0.00596EPSS
Exploits0References2
NVD
NVD
added 2026/04/03 12:16 a.m.9 views

CVE-2026-26135

Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...

9.6CVSS0.00596EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/02 11:26 p.m.20 views

CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability

...

9.6CVSS0.00596EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/02 11:26 p.m.4 views

CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability

...

9.6CVSS5.9AI score0.00596EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 11:26 p.m.1 views

CVE-2026-26135

Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...

9.6CVSS5.9AI score0.00596EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 11:26 p.m.34 views

CVE-2026-26135

CVE-2026-26135 describes a server-side request forgery (SSRF) in the Azure Custom Locations Resource Provider (RP) that enables an authorized attacker to elevate privileges over the network. The NVD entries corroborate an elevation-of-privilege impact with high confidentiality and integrity impli...

9.6CVSS5.9AI score0.00596EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/04/02 2:0 p.m.5 views

Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...

9.6CVSS5.9AI score0.00596EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29902

Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...

9.6CVSS5.9AI score0.00596EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.9 views

Microsoft Azure Custom Locations Resource Provider 代码问题漏洞

Microsoft Azure Custom Locations Resource Provider is a service component developed by Microsoft Corporation in the United States. It serves to extend, manage, and integrate custom data centers or edge resources. There is a code vulnerability in Microsoft Azure Custom Locations Resource Provider,...

9.6CVSS5.9AI score0.00596EPSS
Exploits0References1
Kaspersky
Kaspersky
added 2026/04/02 12:0 a.m.9 views

KLA90966 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Azure MCP Server can...

10CVSS5.7AI score0.00913EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.4 views

CVE-2026-2123

A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...

8.6CVSS5.9AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 12:31 p.m.4 views

EUVD-2026-17859

Lack of output escaping for article titles leads to XSS vectors in various locations...

8.4CVSS5.8AI score0.0019EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 10:16 a.m.3 views

CVE-2026-21632

Lack of output escaping for article titles leads to XSS vectors in various locations...

8.4CVSS0.0019EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 9:3 a.m.2 views

CVE-2026-21632

Lack of output escaping for article titles leads to XSS vectors in various locations...

8.4CVSS5.8AI score0.0019EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 1:40 a.m.4 views

CVE-2026-3775

The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writab...

7.8CVSS6AI score0.00251EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29504

Name of the Vulnerable Software and Affected Versions versions affected versions not specified Description A lack of output escaping for article titles creates cross-site scripting XSS vectors in multiple areas. Recommendations At the moment, there is no information about a newer version that...

8.4CVSS5.7AI score0.0019EPSS
Exploits0References4
NVD
NVD
added 2026/03/31 6:16 p.m.4 views

CVE-2026-2123

A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...

8.6CVSS0.00101EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/31 5:18 p.m.5 views

CVE-2026-2123 Privilege escalation vulnerability in Operations Agent

A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...

8.6CVSS5.9AI score0.00101EPSS
Exploits0References1
Rows per page
Query Builder