CVE-2026-32207 Azure Machine Learning Notebook Spoofing Vulnerability

...

CVE-2026-32207

CVE-2026-32207 concerns an XSS vulnerability in Azure Machine Learning Notebook/Notebook UI where improper neutralization of input during web page generation enables an unauthenticated attacker to spoof content over the network. Underlying cause: improper sanitization of user-controlled input in ...

CVE-2026-32207

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...

Azure Machine Learning Notebook Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...

drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35

...

Improper Isolation or Compartmentalization

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the NodeVM constructor in lib/nodevm.js. An attacker can run host commands when the VM is set up...

GHSA-CP6G-6699-WX9C vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape

Summary NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve which does not dereference symlinks but module loading uses Node's...

NPM: vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape

NPM: vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape vulnerability discovered by ? in WordPress Npm vm2 versions 3.10.5...

Improper Isolation or Compartmentalization

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the transformer fast-path in the source instrumentation logic. An attacker can...

Microsoft Azure Machine Learning 跨站脚本漏洞

Microsoft Azure Machine Learning is a machine learning service provided by Microsoft Corporation in the United States. Microsoft Azure Machine Learning has a cross-site scripting vulnerability, which stems from improper input during the web page generation process. This vulnerability could allow...

PT-2026-38576

Name of the Vulnerable Software and Affected Versions Azure Machine Learning affected versions not specified Description Improper neutralization of input during web page generation in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network. This issue is a form o...

TUANDROMD-X: Advanced Entropy and Visual Analytics Dataset for Enhanced Malware Detection and Classification

Malware and malware-based attacks are becoming more prevalent and complex. Attackers regularly come up with new techniques that have the ability to evade conventional and signature-based malware defense. In order to address such threats, there is an increasing demand for advanced and better defen...

KLA91030 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azur...

Linux Distros Unpatched Vulnerability : CVE-2026-43265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: x86: Ignore -EBUSY when checking nested events from vcpublock Ignore -EBUSY when checking nested events after exiting a blocking state while L2 is active, ...

CVE-2026-43265

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM for x86 architectures. A local user or a malicious guest operating system could manipulate the virtual CPU vCPU state by injecting events while the vCPU is in a blocking state. This could lead to a spurious exit to userspace,...

CVE-2026-43191

A flaw was found in the Linux kernel's AMD display drm/amd/display component. An issue occurs when the physical layer's finite state machine PHY FSM incorrectly transitions during the disabling of Transition Minimized Differential Signaling TMDS output on DCN35 hardware. This can cause the Output...

EUVD-2026-27695

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f "KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state" made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed...

CVE-2026-43265

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ignore -EBUSY when checking nested events from vcpublock Ignore -EBUSY when checking nested events after exiting a blocking state while L2 is active, as exiting to userspace will generate a spurious userspace exit,...

CVE-2026-43226

In the Linux kernel, the following vulnerability has been resolved: net/rds: No shortcut out of RDSCONNERROR RDS connections carry a state "rdsconnpath::cpstate" and transitions from one state to another and are conditional upon an expected state: "rdsconnpathtransition." There is one exception t...

CVE-2026-43214

The CVE-2026-43214 issue concerns Linux kernel KVM on x86: when reading PDPTRs in __get_sregs2(), SRCU read-side protection was missing. The root cause is that kvm_pdptr_read() may dereference guest memory via a chain (svm_cache_reg -> load_pdptrs -> kvm_vcpu_read_guest_page -> kvm_vcpu_...