2024 matches found
CVE-2026-57100 Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability
...
CVE-2026-57100
Technical details on affected products/versions, root cause, exploit scenarios, or mitigations are not publicly provided in the supplied documents. Monitor official sources for updates.
CVE-2026-57100
Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...
CVE-2026-57100 Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability
...
Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability
Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...
PT-2026-55321
Name of the Vulnerable Software and Affected Versions Microsoft Entra Provisioning Service SyncFabric affected versions not specified Description Server-side request forgery SSRF in the Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a...
KLA91129 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Microsoft Azure Synapse can be exploited remotely ...
RLSA-2026:30844 Moderate: mod_md security update
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: httpd:...
Moderate: Red Hat Security Advisory: mod_md security update
An update for modmd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
ALSA-2026:30845 Moderate: mod_md security update
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: httpd:...
ALSA-2026:30844 Moderate: mod_md security update
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: httpd:...
CVE-2026-11834
A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...
CVE-2026-11834
A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...
CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers
A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...
CVE-2026-56215
Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoin...
EUVD-2026-38101
Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoin...
CVE-2026-56215
Capgo before 12.128.12 is vulnerable: authenticated users can modify their public.users.email, which the SSO provisioning endpoint trusts as an account-merge key, enabling an attacker to merge a victim’s SSO identity into their own account. Affected component: provisioning/SSO merge logic manipul...
PT-2026-51045
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description Authenticated users can modify the mutable public.users.email variable to arbitrary addresses. The SSO provisioning endpoint trusts this value as an account-merge key. This allows an attacker to...
PT-2026-50739
Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.15.1 ZITADEL versions 3.0.0 through 3.4.11 Description A flaw in user lifecycle enforcement allows deleted users to retain their original organization or tenant association. When a user is deleted, the historic...
EUVD-2025-210216
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...