46 matches found
EUVD-2026-41442
Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...
CVE-2026-57100
Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...
CVE-2026-57100
Technical details on affected products/versions, root cause, exploit scenarios, or mitigations are not publicly provided in the supplied documents. Monitor official sources for updates.
CVE-2026-57100 Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability
...
CVE-2026-57100
Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...
CVE-2026-57100 Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability
...
Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability
Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...
KLA91129 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Microsoft Azure Synapse can be exploited remotely ...
CVE-2025-68644
Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances...
CVE-2025-68644
Yealink RPS before 2025-06-27 allows unauthorized access to information (including AutoP URL addresses) due to an inadequate authentication mechanism. A security update deploying an enhanced authentication mechanism to all cloud instances fixes the issue. Affected product: Yealink RPS prior to 20...
CVE-2025-62219
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally...
EUVD-2021-18873
Malware in sbrugna...
EUVD-2015-0538
Malware in sbrugna...
EUVD-2022-48454
Malicious code in bioql PyPI...
EUVD-2024-30747
Malicious code in bioql PyPI...
CISA Releases Ten Industrial Control Systems Advisories
CISA released ten Industrial Control Systems ICS advisories on August 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-219-01 Delta Electronics DIAView ICSA-25-219-02 Johnson Controls FX80 and FX90...
Yealink IP Phones and RPS (Redirect and Provisioning Service)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in an information disclosure. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...
CVE-2024-33002
Document Service handler obsolete in Data Provisioning Service does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability with low impact on Confidentiality and Integrity of the application...
CVE-2022-45589
All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use ...
CVE-2021-32003
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware...