Cloud Foundry BOSH Director 安全漏洞

Cloud Foundry BOSH Director is a cloud infrastructure deployment and lifecycle management platform developed by the US Cloud Foundry company. Versions of Cloud Foundry BOSH Director prior to v282.1.12 contained security vulnerabilities. These vulnerabilities stemmed from AgentClient not performin...

CVE-2026-41704 - Compromised VM can make arbitrary blobstore deletes | Cloud Foundry

MEDIUM CVSS 4.0 Score: 6.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:H CVSS 3.1 Score: 5.0 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N Vendor Cloud Foundry Foundation Versions Affected Severity is MEDIUM unless otherwise noted. BOSH Director – All versions prior to v282.1.12...

Malicious Package

Overview foundry-deploy-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-40964 - Read access to CF logs | Cloud Foundry

Severity 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:X/CR:M/IR:X/AR:X/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:N/MA:N Vendor CloudFoundry Foundation Description Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to ga...

MAL-2026-4241 Malicious code in foundry-deploy-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14ad9106b013b6e68056e1afe40a833d89b1c2037aab7b67d4b24bba1dbf4c77 package.json declares a postinstall hook that runs node -e with an inline childprocess.execSync invoking curl -fsSL...

Malicious code in foundry-deploy-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14ad9106b013b6e68056e1afe40a833d89b1c2037aab7b67d4b24bba1dbf4c77 package.json declares a postinstall hook that runs node -e with an inline childprocess.execSync invoking curl -fsSL...

Malicious code in solana-web3-alt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b3846bb2c80cb984e05f37cddc24548b73067be9aaca692e401a06f7c323e7b9 In specific environments, the package triggers silent code execution during installation. The code to execute is not included in the package. --- Category:...

MAL-2026-3835 Malicious code in solana-web3-alt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b3846bb2c80cb984e05f37cddc24548b73067be9aaca692e401a06f7c323e7b9 In specific environments, the package triggers silent code execution during installation. The code to execute is not included in the package. --- Category:...

MAL-2026-3834 Malicious code in foundry-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f62cf5a646cd39640b2be03720a6a2195dc4924813146e9a0d387bafa75c7de In specific environments, the package triggers silent code execution during installation. The code to execute is not included in the package. --- Category:...

Malicious Package

Overview foundry-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in foundry-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 650bf2f76e5aa2fc3b175c4b582ce3c3ee8b9ac6fe433ed925f6e521c619c60b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3727 Malicious code in foundry-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 650bf2f76e5aa2fc3b175c4b582ce3c3ee8b9ac6fe433ed925f6e521c619c60b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2024-37082

When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have...

CVE-2026-35435

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network...

EUVD-2026-28454

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-35435

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-35435 Azure AI Foundry Elevation of Privilege Vulnerability

...

CVE-2026-35435 Azure AI Foundry Elevation of Privilege Vulnerability

...

CVE-2026-35435

CVE-2026-35435 relates to Azure AI Foundry M365 published agents, where improper access control allows an unauthenticated network attacker to elevate privileges within the targeted network. The available sources (NVD, Microsoft MSRC, and related feeds) describe the vulnerability andImpact as Elev...

CVE-2026-35435

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network...