com.azure.resourcemanager:azure-resourcemanager (>=2.52.0 <=2.60.0), com.azure.resourcemanager:azure-resourcemanager-appservice (>=2.52.0 <=2.55.0) +20 more potentially affected by CVE-2026-33117 via com.azure:azure-security-keyvault-keys (>=4.10.0 <=4.10.5)

com.azure:azure-security-keyvault-keys MAVEN version =4.10.0, =2.52.0, =2.52.0, =2.52.0, =5.23.0, =5.23.0, =5.23.0, =5.23.0, =5.23.0, =3.2.0, =239.v0e088b133a77, =0.17.0, =0.17.0, =5.13.0, =1.2.0, =4.19.0, =4.20.0 and more Source cves: CVE-2026-33117htt...

EUVD-2025-14449

Malicious code in bioql PyPI...

EUVD-2023-39394

Malicious code in bioql PyPI...

EUVD-2025-14050

Malicious code in bioql PyPI...

EUVD-2025-12759

Malicious code in bioql PyPI...

USN-7609-5: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - InfiniBand drivers; - Netfilter; - Network traffic control; CVE-2025-38001, CVE-2025-37798, CVE-2025-37932,...

USN-7609-4: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - InfiniBand drivers; - Netfilter; - Network traffic control; CVE-2025-38001, CVE-2025-37798, CVE-2025-37932,...

KLA84763 SUI vulnerability in Microsoft Azure

Security UI vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to perform cross-site scripting attack, spoof user interface. Original advisories CVE-2025-47977 Related products Microsoft-Azure CVE list CVE-2025-47977 critical Solution Install necessary...

CVE-2025-29972

Server-Side Request Forgery SSRF in Azure allows an authorized attacker to perform spoofing over a network...

CVE-2025-33072

Improper access control in Azure allows an unauthorized attacker to disclose information over a network...

CVE-2025-33072

Improper access control in Azure allows an unauthorized attacker to disclose information over a network...

CVE-2025-30390

Improper authorization in Azure allows an authorized attacker to elevate privileges over a network...

CVE-2025-30390

Improper authorization in Azure allows an authorized attacker to elevate privileges over a network...

CVE-2025-30390

CVE-2025-30390 affects Microsoft Azure Machine Learning Compute. Described as an improper authorization vulnerability that enables an authorized attacker to elevate privileges over a network. Root cause is improper authorization in Azure; impact is privilege escalation (high/critical). Exploitati...

Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity

Microsoft launched its Cybersecurity Governance Council in 2024, and with it, named a group of deputy chief information security officers that ensure comprehensive oversight of the company's cybersecurity risk, defense, and compliance. These leaders work in tandem with product and engineering...

Tech Accelerator: Azure security and AI adoption

Are you looking for guidance on how to effectively integrate security best practices within your Azure and AI projects? We know the pace of technological innovation offers as many opportunities as it does challenges. However, security cannot be an afterthought as you create Azure deployments and...

Azure Linux 3.0 Security Update: kernel (CVE-2024-49966)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49966 advisory. - In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqisyncwork before freeing...

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 CVSS score: 7.5 - Microsoft Accou...

CVE-2024-38098

CVE-2024-38098 (Azure Connected Machine Agent Elevation of Privilege) affects the Azure Connected Machine Agent. Reported CVSSv3.1 base score 7.8 (LOCAL, LOW Privileges, NONE user interaction; Confidentiality/Integrity/Availability HIGH). Connected documents indicate an elevation-of-privilege fla...

Microsoft Open Management Infrastructure Security Vulnerability

Microsoft Open Management Infrastructure is a free, open source Common Information Model CIM management server from Microsoft. A security vulnerability exists in Microsoft Open Management Infrastructure. An attacker could exploit this vulnerability to gain elevated privileges. The following...