Lucene search
K

1531 matches found

Microsoft CVE
Microsoft CVE
added 2026/05/12 2:0 p.m.9 views

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00219EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40210

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00219EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Microsoft Azure Connected Machine Agent 访问控制错误漏洞

Microsoft Azure Connected Machine Agent is a core component of Microsoft that connects non-Azure servers to the Azure console. There is an access control vulnerability present in Microsoft Azure Connected Machine Agent. Attackers can exploit this vulnerability to gain higher privileges...

7.8CVSS5.8AI score0.00219EPSS
Exploits0References2
Kaspersky
Kaspersky
added 2026/05/12 12:0 a.m.16 views

KLA91034 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Azure Machine Learning Notebook can be...

9.9CVSS6AI score0.05378EPSS
Exploits0References15
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/04 12:1 a.m.8 views

Malicious code in @w3m-app/is_connected (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 793804fbeaedf1325065aa857a03e0aba4bacd06b686728efeeb4a406f2e2668 The package @w3m-app/isconnected was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/05/04 12:1 a.m.6 views

Malicious Package

Overview @w3m-app/isconnected is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/04 12:1 a.m.6 views

MAL-2026-3273 Malicious code in @w3m-app/is_connected (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 793804fbeaedf1325065aa857a03e0aba4bacd06b686728efeeb4a406f2e2668 The package @w3m-app/isconnected was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.5 views

Mattermost Server 10.11.x < 10.11.13 Improper Validation (MMSA-2026-00603)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00603 advisory. - Mattermost versions 10.11.x prior to 10.11.13 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicio...

2.7CVSS5.6AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34403

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth L2CAP component. The l2cap config req function processes CONFIG REQ for channels in BT CONNECTED state to support reconfiguration, such as MTU changes...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References300
Snyk
Snyk
added 2026/04/17 3:31 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the Connected Workspaces API. An attacker can change the displayed status of local users by connecting a malicious remote server using the Connected Workspaces feature. Remediation Upgrade...

5.1CVSS5.8AI score0.00167EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/17 3:31 p.m.41 views

Mattermost doesn't validate whether users were correctly owned by the correct Connected Workspace

Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...

2.7CVSS5.3AI score0.00167EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/17 3:31 p.m.3 views

GHSA-MXXH-FMJQ-J6X4 Mattermost doesn't validate whether users were correctly owned by the correct Connected Workspace

Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...

2.7CVSS5.8AI score0.00167EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 3:31 p.m.7 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the Connected Workspaces API. An attacker can change the displayed status of local users by connecting a malicious remote server using the Connected Workspaces feature. Remediation Upgrade...

5.1CVSS5.8AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 11:16 a.m.8 views

CVE-2026-27769

Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...

2.7CVSS0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/15 10:11 a.m.6 views

CVE-2026-27769 Connected Workspaces: Malicious remote server can manipulate arbitrary user's status

Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...

2.7CVSS5.8AI score0.00167EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 10:11 a.m.14 views

CVE-2026-27769

Mattermost CVE-2026-27769 affects Mattermost 10.11.x up to 10.11.12 where the Connected Workspaces feature does not validate that users are correctly owned by the target Connected Workspace. This allows a malicious remote server connected via the Connected Workspaces API to change the displayed s...

2.7CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/15 10:11 a.m.3 views

CVE-2026-27769

Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...

2.7CVSS5.8AI score0.00167EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/15 10:11 a.m.28 views

CVE-2026-27769 Connected Workspaces: Malicious remote server can manipulate arbitrary user's status

Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...

2.7CVSS0.00167EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.12 views

PT-2026-33036

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.12 Description Improper validation of user ownership within the Connected Workspaces feature allows a malicious remote server to change the displayed status of local users via the Connected Workspaces...

4CVSS5.8AI score0.00167EPSS
Exploits0References11
Snyk
Snyk
added 2026/04/14 11:32 p.m.7 views

Out-of-bounds Write

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.8CVSS5.8AI score0.00121EPSS
Exploits0References3
Rows per page
Query Builder