126304 matches found
CVE-2026-42895
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
EUVD-2026-38091
Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...
EUVD-2026-38090
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network...
EUVD-2026-38088
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network...
CVE-2026-42895
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
EUVD-2026-38087
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
EUVD-2026-38086
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-45480
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network...
EUVD-2026-38085
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an authorized attacker to perform spoofing over a network...
CVE-2026-32208
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an authorized attacker to perform spoofing over a network...
Quectel Cellular Modem Pivot (Serial AT)
Opens a serial connection to a Quectel cellular modem and registers it as a 'modem' session capable of network pivoting. The Quectel modems have a limited number of sockets available, configurable using MODEMSOCKETS. Once the session is established, it can be routed through using the route comman...
CVE-2026-56209
An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...
CVE-2026-56210
A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows setting a spatiallayerid exceeding the configured number of layers. This causes an out-of-bounds heap rea...
kernel: net: mana: fix use-after-free in add_adev() error path
A flaw was found in the Linux kernel's mana network driver. An issue in the error handling of the addadev function can lead to a use-after-free vulnerability. This occurs when memory is released prematurely but then accessed again, which could allow a local attacker to cause a system crash denial...
kernel: net: mana: fix use-after-free in add_adev() error path
A flaw was found in the Linux kernel's mana network driver. An issue in the error handling of the addadev function can lead to a use-after-free vulnerability. This occurs when memory is released prematurely but then accessed again, which could allow a local attacker to cause a system crash denial...
GHSA-8678-W3JW-XFC2 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247
Summary The NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with default options could still cause external resources to be fetched over the network, potential...
CVE-2026-56210 Libaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id
A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows setting a spatiallayerid exceeding the configured number of layers. This causes an out-of-bounds heap rea...
EUVD-2026-38046
A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows setting a spatiallayerid exceeding the configured number of layers. This causes an out-of-bounds heap rea...
CVE-2026-56209
An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...
MAL-2026-6213 Malicious code in @bytemend/mfebus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3d53776853d18aabf967b0f1882eb45f2164feedd600eeccc927f496002f5e4 The package advertises itself as a small in-memory pubsub library but its main entry dist/index.js eagerly requires dist/bootstrap.js, a 277KB...