CVE-2026-31957

Himmelblau (interoperability suite for Microsoft Azure Entra ID and Intune) from versions 3.0.0 up to before 3.1.0 is vulnerable when deployed without a configured tenant domain in himmelblau.conf. In this state, authentication is not tenant-scoped, allowing the system to accept authentication at...

CVE-2026-31957 Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...

CVE-2026-31957 Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...

EUVD-2026-5593

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...