11718 matches found
Joern 4.0.538
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
vm2 安全漏洞
vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using built-in Node.js modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem from the CallSite wrapper class allowing...
EUVD-2026-29657
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
EUVD-2026-29580
Improper neutralization of special elements in output used by a downstream component 'injection' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-40381
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
CVE-2026-33833
Improper neutralization of special elements in output used by a downstream component 'injection' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-40381
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability
...
CVE-2026-40381
CVE-2026-40381: Improper access control in the Azure Connected Machine Agent enables a locally authenticated attacker to elevate privileges. The vulnerability affects the Azure Connected Machine Agent; attacker must have local access and low privileges, with no user interaction required. The CVSS...
CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability
...
CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability
...
CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability
...
CVE-2026-33833
Azure Machine Learning is affected where the issue occurs in the downstream component’s output handling, described as an improper neutralization of special elements that enables network spoofing. The CVE-2026-33833 entry notes an attacker could exploit this via a network vector with no user inter...
CVE-2025-35979
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some IntelR Processors within VMX non-root guest operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a...
Azure Machine Learning Notebook Spoofing Vulnerability
Improper neutralization of special elements in output used by a downstream component 'injection' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...
Azure Connected Machine Agent Elevation of Privilege Vulnerability
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
MAL-2026-3578 Malicious code in @uipath/tasks-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1924ebd0e25a511d934e9103d324a7e11db5dfad8820ff2a1f71d31ebd8eb8b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3566 Malicious code in @uipath/platform-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89f494a30a8fe1637198b531a2c267ebb3aedf5d0c537afc1f12ea2186ef1d1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MINI-VM63-974G-QP6P
Bulletin has no description...
MAL-2026-3458 Malicious code in @tallyui/connector-vendure (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0283da4a59287c5418e3485a9a642cfbb9cc387f5e1ab4c120af92199daa0970 The package @tallyui/connector-vendure was found to contain malicious code. Source: ghsa-malware...