org.springframework.ai:spring-ai-starter-vector-store-azure-cosmos-db (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40978 via org.springframework.ai:spring-ai-azure-cosmos-db-store (>=1.0.0 <=1.0.5)

org.springframework.ai:spring-ai-azure-cosmos-db-store MAVEN version =1.0.0, =1.0.0, =1.0.5 Source cves: CVE-2026-40978 Source advisory: OSV:GHSA-63C8-M9M2-CVR3...

org.springframework.ai:spring-ai-starter-vector-store-azure-cosmos-db (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40978 via org.springframework.ai:spring-ai-azure-cosmos-db-store (>=1.1.0 <=1.1.4)

org.springframework.ai:spring-ai-azure-cosmos-db-store MAVEN version =1.1.0, =1.1.0, =1.1.4 Source cves: CVE-2026-40978 Source advisory: OSV:GHSA-63C8-M9M2-CVR3...

EUVD-2026-26011

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

org.springframework.ai:spring-ai-azure-cosmos-db-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6), org.springframework.ai:spring-ai-starter-vector-store-azure-cosmos-db (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40978 via org.springframework.ai:spring-ai-azure-cosmos-db-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-azure-cosmos-db-store MAVEN version =1.0.0-M5, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40978 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316419...

CVE-2025-64675

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-64675

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-64675 Azure Cosmos DB Spoofing Vulnerability

...

CVE-2025-64675 Azure Cosmos DB Spoofing Vulnerability

...

CVE-2025-64675

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-64675

Microsoft Azure Cosmos DB is affected by CVE-2025-64675, a cross-site scripting (XSS) issue caused by improper input neutralization during web page generation. This enables spoofing over a network and, per Kaspersky, there are public exploits. The provided documents do not specify affected versio...

Azure Cosmos DB Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network...

KLA90827 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Azure Cosmos DB can...

Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data

Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 CVSS score: 8.5, the vulnerability has been described as an information disclosure bug stemming from a...

Center for Internet Security (CIS) unveils Azure Foundations Benchmark v2.0.0

The Center for Internet Security CIS recently unveiled the latest version of their Azure Foundations Benchmark—Version 2.0.0. This is the first major release since the benchmark was originally released more than 4 years ago, which could lead you to believe that this update would come with a bunch...

Spring Cloud Azure 5.0 is now Generally Available

Were very pleased to announce that Spring Cloud Azure 5.0 is now generally available. This major release includes the following features, improvements, and documentation updates: Compatible with Spring Boot 3 and Spring Cloud 2022.0.0 Supports Passwordless Connections Updated Azure for Spring...

Spring Cloud Azure 5.0 is now Generally Available

We're very pleased to announce that Spring Cloud Azure 5.0 is now generally available. This major release includes the following features, improvements, and documentation updates: Compatible with Spring Boot 3 and Spring Cloud 2022.0.0 Supports Passwordless Connections Updated Azure for Spring...

Spring Cloud Azure 5.0 is now Generally Available

We're very pleased to announce that Spring Cloud Azure 5.0 is now generally available. This major release includes the following features, improvements, and documentation updates: Compatible with Spring Boot 3 and Spring Cloud 2022.0.0 Supports Passwordless Connections Updated Azure for Spring...

マイクロソフト、Jupyter Notebooks for Azure Cosmos DB の脆弱性を修正

本ブログは、Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB の抄訳版です。最新の情報は原文を参照してください。 概...

Researchers Disclose Details of Critical 'CosMiss' RCE Flaw Affecting Azure Cosmos DB

Microsoft on Tuesday said it addressed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB that enabled full read and write access. The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide on October 6, 2022, two days after responsible...

Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB

Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB currently in preview reported by Orca Security. Customers not using Jupyter Notebooks 99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks were not susceptible to this...