987 matches found
CVE-2026-33843 Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability
...
PT-2026-42841
Name of the Vulnerable Software and Affected Versions Microsoft Azure Active Directory B2C affected versions not specified Description An authentication bypass exists via an alternate path or channel, which allows an unauthorized attacker to elevate privileges over a network. Recommendations At t...
Microsoft Azure Virtual Network Gateway 输入验证错误漏洞
Microsoft Azure Virtual Network Gateway is a cloud gateway service provided by Microsoft that supports VPN and cross-network connectivity. There is an input validation vulnerability in Microsoft Azure Virtual Network Gateway, which stems from improper input validation. This vulnerability may allo...
MAL-2026-3876 Malicious code in @antv/dw-random (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
KLA91064 PE vulnerability in Microsoft Azure
An elevation of privilege vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2026-42834 Exploitation Related products Microsoft-Windows Microsoft-Azure CVE list CVE-2026-42834 critical Solution Install necessary...
Microsoft Azure Portal Windows Admin Center 后置链接漏洞
Microsoft Azure Portal Windows Admin Center is a Windows server and hybrid cloud management platform integrated with the Azure Portal by Microsoft Corporation. There is a postback link vulnerability in Microsoft Azure Portal Windows Admin Center, which stems from improper link resolution before...
CLEANSTART-2026-GB83728 Security fixes for CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 1.14.0-r0, 1.14.0-r1, 1.14.0-r2
Multiple security vulnerabilities affect the velero-plugin-for-microsoft-azure-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-4GX5-8RX4-VXMJ vulnerabilities
Vulnerabilities for packages: linux-azure, linux-vmware, linux-qemu, linux-aws, linux-gcp...
GHSA-QJXF-6753-VC9P vulnerabilities
Vulnerabilities for packages: linux-azure, linux-vmware, linux-qemu, linux-aws, linux-gcp...
CVE-2026-43100 vulnerabilities
Vulnerabilities for packages: linux-azure, linux-vmware, linux-qemu, linux-aws, linux-gcp...
GHSA-463M-22HH-CHVM vulnerabilities
Vulnerabilities for packages: linux-azure, linux-vmware, linux-qemu, linux-aws, linux-gcp...
GHSA-R5QW-5M8Q-6774 vulnerabilities
Vulnerabilities for packages: linux-azure, linux-vmware, linux-qemu, linux-aws, linux-gcp...
GHSA-RC8C-94M4-FRFH vulnerabilities
Vulnerabilities for packages: linux-azure, linux-vmware, linux-qemu, linux-aws, linux-gcp...
GHSA-585P-9MG2-6VMM vulnerabilities
Vulnerabilities for packages: linux-azure, linux-vmware, linux-qemu, linux-aws, linux-gcp...
CVE-2026-43929 ssrfcheck: Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs
ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser bui...
Microsoft Azure Connected Machine Agent 访问控制错误漏洞
Microsoft Azure Connected Machine Agent is a core component of Microsoft that connects non-Azure servers to the Azure console. There is an access control vulnerability present in Microsoft Azure Connected Machine Agent. Attackers can exploit this vulnerability to gain higher privileges...
EUVD-2026-28893
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...
GHSA-GR3R-CRP5-QRRM Compromised tag of intercom-php published via GitHub
Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...
PT-2026-38583
Name of the Vulnerable Software and Affected Versions Azure AI Foundry M365 published agents affected versions not specified Description Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network. Recommendations At the...
Microsoft Azure AI Foundry M365 published agents 访问控制错误漏洞
Microsoft Azure AI Foundry M365 Published Agents are a series of enterprise-level intelligent agents provided by the American company Microsoft. There is an access control vulnerability in Microsoft Azure AI Foundry M365 Published Agents. This vulnerability stems from improper access control, whi...