CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability

...

CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability

...

Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the notification API. An attacker can access issue and pull request titles from private repositories by querying notification details after their collaborator permissions have been revoked. Remediation Upgrad...

CVE-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

CVE-2022-38269

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/modstudent/index.php?view=edit=...

EUVD-2025-33938

Malicious code in scr-notification-system npm...

Malicious Package

Overview scr-notification-system is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Malicious code in scr-notification-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14d05f282e7a70683de50d4006c1836acb08cf541a4ff5070fb01ad3697a9875 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48344 Malicious code in scr-notification-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14d05f282e7a70683de50d4006c1836acb08cf541a4ff5070fb01ad3697a9875 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2018-1113

Malware in sbrugna...

EUVD-2024-53018

Malicious code in bioql PyPI...

CVE-2025-38102 VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify

In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify During our test, it is found that a warning can be trigger in trygrabfolio as follow: ------------ cut here ------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147...

GHSA-MJ2C-8HXF-FFVQ Cocotais Bot has builtin .echo command injection

Summary A command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized user can use the /echo command to cause the bot to send a message that mentions all members in the chat, bypassing any...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2025:1157-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1157-1 advisory. - Mozilla Thunderbird ESR 128.9 MFSA 2025-24 bsc1240083 CVE-2025-3028: Use-after-free triggered ...

SUSE-SU-2025:1157-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird ESR 128.9 MFSA 2025-24 bsc1240083 CVE-2025-3028: Use-after-free triggered by XSLTProcessor CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters CVE-2025-3030: Memory safety bugs fixed in Firefox 137,...

CVE-2025-22818

creationtimestamp| type| source ---|---|--- 2025-01-09 16:18:25+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfd3dxj6uc2e 2025-01-09 17:46:06+00:00| seen| https://t.me/cvedetector/14864 2025-01-10 21:04:11+00:00| published-proof-of-concept|...

movies4u.com Cross Site Scripting vulnerability OBB-3947835

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2023-28111 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 774 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows an attacker to carry out XSS attacks when a user opens...

PT-2023-29574 · Golden · Golden

Name of the Vulnerable Software and Affected Versions: Golden version 13.6.1 Description: An issue in Golden allows attackers to send crafted notifications via leakage of the channel access token. Recommendations: For Golden version 13.6.1, consider restricting access to the notification system...