CVE-2022-50930

CVE-2022-50930 concerns Emerson PAC Machine Edition 9.80, where the TrapiServer service has an unquoted service path enabling local users to execute code with elevated privileges during service startup. The vulnerability is characterized as Local, with low attack complexity and no user interactio...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges to access sensitive data or execute code that the malicious party is not initially authorized to execute. For successful abuse, the malicious...

CVE-2026-21224

CVE-2026-21224 is a stack-based buffer overflow in the Microsoft Azure Connected Machine Agent that permits an authorized local attacker to elevate privileges on the host. The vulnerability is tied to the Azure Connected Machine Agent, with a CVSS v3.1 base score of 7.8 (HIGH) and LOCAL, LOW-Comp...

CVE-2026-21224 Azure Connected Machine Agent Elevation of Privilege Vulnerability

...

CVE-2026-21224 Azure Connected Machine Agent Elevation of Privilege Vulnerability

...

EUVD-2026-2110

Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

CVE-2025-12548

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

CVE-2025-12548

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...

EUVD-2026-1867

RustCrypto: Signatures has timing side-channel in ML-DSA decomposition...

[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl

AI agents are no longer just writing code. They are executing it. Tools like Copilot, Claude Code, and Codex can now build, test, and deploy software end-to-end in minutes. That speed is reshaping engineering—but it's also creating a security gap most teams don't see until something breaks. Behin...

Eclipse Che 访问控制错误漏洞

Eclipse Che is a set of Java-based open source online integrated development environments IDEs from the Eclipse Foundation. An access control error vulnerability exists in Eclipse Che che-machine-exec, which originates from an unauthenticated remote attacker who can execute arbitrary commands and...

PT-2026-2542

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc6-115d5de2eef3-next-kasan Description The Linux kernel contains a flaw within the KVM subsystem. Specifically, it fails to prevent disabling the KVM MEM GUEST MEMFD flag on a memslot that was initially...

Microsoft Azure Connected Machine Agent 安全漏洞

Microsoft Azure Connected Machine Agent is the ability of Microsoft Corporation USA to manage Windows and Linux computers hosted outside of Azure on a corporate network or other cloud provider. A security vulnerability exists in Microsoft Azure Connected Machine Agent. An attacker could exploit t...

PT-2026-2441

Name of the Vulnerable Software and Affected Versions Eclipse Che versions affected versions not specified Description A flaw exists in Eclipse Che che-machine-exec that permits unauthenticated remote arbitrary command execution and secret exfiltration, including SSH keys and tokens, from other...

Emerson PAC Machine Edition 代码问题漏洞

Emerson PAC Machine Edition is a development environment software from Emerson USA. A code issue vulnerability exists in Emerson PAC Machine Edition version 9.80, which stems from the presence of unquoted service paths to the TrapiServer service, which could lead to code execution by a local user...

PT-2026-2764

CVE-2026-21224 Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. https://t.co/nj6zlxVciK...

Deep Learning-Based Binary Analysis for Vulnerability Detection in X86-64 Machine Code

While much of the current research in deep learning-based vulnerability detection relies on disassembled binaries, this paper explores the feasibility of extracting features directly from raw x86-64 machine code. Although assembly language is more interpretable for humans, it requires more comple...

Malicious code in xml2js-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c18f9df8257f4f610dbfd70460757eb36539314c7cce4d9eda82758da6984725 The package xml2js-js was found to contain malicious code. Source: ghsa-malware cf7cd10255ee6ff91469e7f180436d90c3eca29de3dc0b3f883c13403ca30132 Any...

Malicious code in @workleap-ai/shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2800f2cfba8ac6e7a16ef977484e4da4d360c859848daedb5220c7d3595653e1 The package @workleap-ai/shared was found to contain malicious code. Source: ghsa-malware...