PT-2026-51033

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Online affected versions not specified Description Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. There have been reports of elevated activities targeti...

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability

Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 on-premises allows an authorized attacker to elevate privileges over a network...

Linux Distros Unpatched Vulnerability : CVE-2025-71304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient...

CVE-2026-23663

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...

BIT-POWERSHELL-2026-26171 .NET Denial of Service Vulnerability

Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network...

CVE-2026-33111

Improper neutralization of special elements used in a command 'command injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

CVE-2026-23658

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...

Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network...

EUVD-2026-10691

.NET Denial of Service Vulnerability...

SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2026-20014

A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices...

Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in a command 'command injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2025-24328

CVE-2025-24328 affects Nokia Single RAN baseband OAM service component; a crafted SOAP "set" operation in the MNO internal RAN management network can trigger a stack overflow, causing the OAM service component to restart on software versions earlier than 24R1-SR 1.0 MP. The issue has been fixed i...

CVE-2024-21026

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Zoom Workplace Desktop App < 6.4.0 Multiple Vulnerabilities (ZSB-25022)

The version of Zoom Workplace Desktop App installed on the remote host is prior to 6.4.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-25022 advisory. - Improper neutralization of special elements in some Zoom Workplace Apps may allow an authenticated user to impact app...

CVE-2025-32358

In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This coul...

CVE-2025-29814

Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network...

PT-2024-32497 · Axis · Axis

Name of the Vulnerable Software and Affected Versions: Axis devices affected versions not specified Description: The issue is related to the handling of certain ethernet frames, which could lead to the Axis device becoming unavailable in the network. It is estimated that selected Axis devices are...

SUSE CVE-2024-38796

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage. An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability...