11952 matches found
CVE-2026-40381
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability
...
CVE-2026-40381
CVE-2026-40381: Improper access control in the Azure Connected Machine Agent enables a locally authenticated attacker to elevate privileges. The vulnerability affects the Azure Connected Machine Agent; attacker must have local access and low privileges, with no user interaction required. The CVSS...
CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability
...
CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability
...
CVE-2026-33833
Azure Machine Learning is affected where the issue occurs in the downstream component’s output handling, described as an improper neutralization of special elements that enables network spoofing. The CVE-2026-33833 entry notes an attacker could exploit this via a network vector with no user inter...
CVE-2025-35979
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some IntelR Processors within VMX non-root guest operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a...
Azure Machine Learning Notebook Spoofing Vulnerability
Improper neutralization of special elements in output used by a downstream component 'injection' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...
Azure Connected Machine Agent Elevation of Privilege Vulnerability
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
MAL-2026-3578 Malicious code in @uipath/tasks-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1924ebd0e25a511d934e9103d324a7e11db5dfad8820ff2a1f71d31ebd8eb8b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3566 Malicious code in @uipath/platform-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89f494a30a8fe1637198b531a2c267ebb3aedf5d0c537afc1f12ea2186ef1d1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MINI-VM63-974G-QP6P
Bulletin has no description...
MAL-2026-3458 Malicious code in @tallyui/connector-vendure (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0283da4a59287c5418e3485a9a642cfbb9cc387f5e1ab4c120af92199daa0970 The package @tallyui/connector-vendure was found to contain malicious code. Source: ghsa-malware...
Malicious code in @squawk/types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3774c2374f8e3ab7673400940dfc50d0826239ac34fd2e1170c7ab4c48de6a7 The package @squawk/types was found to contain malicious code. Source: ghsa-malware 14506d7385d737662e11382d460e176a16e727348a5b09cf27325bfbd4566f83...
KLA91034 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Azure Machine Learning Notebook can be...
Microsoft Azure Connected Machine Agent 访问控制错误漏洞
Microsoft Azure Connected Machine Agent is a core component of Microsoft that connects non-Azure servers to the Azure console. There is an access control vulnerability present in Microsoft Azure Connected Machine Agent. Attackers can exploit this vulnerability to gain higher privileges...
Machine Learning Engineering Open Book 安全漏洞
Machine Learning Engineering Open Book is a collection of methodologies for training and fine-tuning large language models developed by Stas Bekman. There is a security vulnerability in Machine Learning Engineering Open Book. This vulnerability arises from the use of the torch-checkpoint-shrink.p...
Microsoft Azure Machine Learning 注入漏洞
Microsoft Azure Machine Learning is a machine learning service provided by Microsoft Corporation in the United States. There is an injection vulnerability present in Microsoft Azure Machine Learning. Attackers utilize this vulnerability to carry out phishing attacks...
PT-2026-40210
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
PT-2026-40141
Improper neutralization of special elements in output used by a downstream component 'injection' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...