1531 matches found
Azure Connected Machine Agent Elevation of Privilege Vulnerability
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
PT-2026-40210
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
Microsoft Azure Connected Machine Agent 访问控制错误漏洞
Microsoft Azure Connected Machine Agent is a core component of Microsoft that connects non-Azure servers to the Azure console. There is an access control vulnerability present in Microsoft Azure Connected Machine Agent. Attackers can exploit this vulnerability to gain higher privileges...
KLA91034 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Azure Machine Learning Notebook can be...
Malicious code in @w3m-app/is_connected (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 793804fbeaedf1325065aa857a03e0aba4bacd06b686728efeeb4a406f2e2668 The package @w3m-app/isconnected was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @w3m-app/isconnected is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-3273 Malicious code in @w3m-app/is_connected (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 793804fbeaedf1325065aa857a03e0aba4bacd06b686728efeeb4a406f2e2668 The package @w3m-app/isconnected was found to contain malicious code. Source: ghsa-malware...
Mattermost Server 10.11.x < 10.11.13 Improper Validation (MMSA-2026-00603)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00603 advisory. - Mattermost versions 10.11.x prior to 10.11.13 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicio...
PT-2026-34403
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth L2CAP component. The l2cap config req function processes CONFIG REQ for channels in BT CONNECTED state to support reconfiguration, such as MTU changes...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the Connected Workspaces API. An attacker can change the displayed status of local users by connecting a malicious remote server using the Connected Workspaces feature. Remediation Upgrade...
Mattermost doesn't validate whether users were correctly owned by the correct Connected Workspace
Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...
GHSA-MXXH-FMJQ-J6X4 Mattermost doesn't validate whether users were correctly owned by the correct Connected Workspace
Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the Connected Workspaces API. An attacker can change the displayed status of local users by connecting a malicious remote server using the Connected Workspaces feature. Remediation Upgrade...
CVE-2026-27769
Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...
CVE-2026-27769 Connected Workspaces: Malicious remote server can manipulate arbitrary user's status
Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...
CVE-2026-27769
Mattermost CVE-2026-27769 affects Mattermost 10.11.x up to 10.11.12 where the Connected Workspaces feature does not validate that users are correctly owned by the target Connected Workspace. This allows a malicious remote server connected via the Connected Workspaces API to change the displayed s...
CVE-2026-27769
Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...
CVE-2026-27769 Connected Workspaces: Malicious remote server can manipulate arbitrary user's status
Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...
PT-2026-33036
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.12 Description Improper validation of user ownership within the Connected Workspaces feature allows a malicious remote server to change the displayed status of local users via the Connected Workspaces...
Out-of-bounds Write
Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...