17 matches found
CVE-2026-26135
Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...
CVE-2026-26135
Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability
...
CVE-2026-26135
Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability
...
CVE-2026-26135
CVE-2026-26135 describes a server-side request forgery (SSRF) in the Azure Custom Locations Resource Provider (RP) that enables an authorized attacker to elevate privileges over the network. The NVD entries corroborate an elevation-of-privilege impact with high confidentiality and integrity impli...
Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability
Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...
Microsoft Azure Custom Locations Resource Provider 代码问题漏洞
Microsoft Azure Custom Locations Resource Provider is a service component developed by Microsoft Corporation in the United States. It serves to extend, manage, and integrate custom data centers or edge resources. There is a code vulnerability in Microsoft Azure Custom Locations Resource Provider,...
PT-2026-29902
Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...
forman: Foreman: Remote Code Execution via command injection in WebSocket proxy
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...
CVE-2025-59503 Azure Compute Resource Provider Elevation of Privilege Vulnerability
...
CVE-2025-59503
CVE-2025-59503 affects Azure Compute Gallery (Azure Compute Resource Provider). Root cause is SSRF that allows an unauthorized attacker to elevate privileges over the network. Documented impact is privilege escalation with high confidentiality/integrity/availability consequences. Remediation refe...
KLA89723 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure Compute Resource Provider can be exploited...
SUSE CVE-2013-6665
Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resourceprovider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that triggers improper...
PT-2022-10737 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns ClassLoaderTheme and ClasspathThemeResourceProviderFactory, which allow reading any file available as a resource to the classloader. ...
keycloak-services: ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available...
Authorization
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource...