9.6

CVSS3.1

CVE-2026-24303 - Microsoft Partner Center Elevation of Privilege Vulnerability

Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

πŸ“… Published: April 23, 2026, 9:37 p.m. πŸ”„ Last Modified: April 24, 2026, 6:19 p.m.

8.6

CVSS3.1

CVE-2026-26150 - Microsoft Purview eDiscovery Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

πŸ“… Published: April 23, 2026, 9:37 p.m. πŸ”„ Last Modified: April 24, 2026, 2:55 p.m.

10

CVSS3.1

CVE-2026-33819 - Microsoft Bing Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

πŸ“… Published: April 23, 2026, 9:35 p.m. πŸ”„ Last Modified: April 24, 2026, 3:05 p.m.

9.3

CVSS3.1

CVE-2026-33102 - Microsoft 365 Copilot Elevation of Privilege Vulnerability

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

πŸ“… Published: April 23, 2026, 9:35 p.m. πŸ”„ Last Modified: April 24, 2026, 6:19 p.m.

9.3

CVSS3.1

CVE-2026-32210 - Microsoft Dynamics 365 (online) Spoofing Vulnerability

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

πŸ“… Published: April 23, 2026, 9:35 p.m. πŸ”„ Last Modified: April 25, 2026, 3:55 a.m.

9.3

CVSS4.0

CVE-2026-26210 - KTransformers Unsafe Deserialization RCE via balance_serve

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can …

πŸ“… Published: April 23, 2026, 9:24 p.m. πŸ”„ Last Modified: April 23, 2026, 10:16 p.m.

9.3

CVSS4.0

CVE-2026-41274 - Flowise: Cypher Injection in GraphCypherQAChain

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are …

πŸ“… Published: April 23, 2026, 9:12 p.m. πŸ”„ Last Modified: April 24, 2026, 6:19 p.m.

8.2

CVSS4.0

CVE-2026-28525 - SWUpdate Integer Underflow in Multipart Upload Parser

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing. Atta…

πŸ“… Published: April 23, 2026, 8:59 p.m. πŸ”„ Last Modified: April 25, 2026, 1:32 a.m.

9.3

CVSS4.0

CVE-2026-6942 - radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass

radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_str(). Attackers can inject shell metacharacters thr…

πŸ“… Published: April 23, 2026, 8:58 p.m. πŸ”„ Last Modified: April 24, 2026, 4:16 p.m.

6.9

CVSS4.0

CVE-2026-6941 - radare2 < 6.1.4 Project Notes Path Traversal via Symlink

radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a s…

πŸ“… Published: April 23, 2026, 8:39 p.m. πŸ”„ Last Modified: April 24, 2026, 4:39 p.m.
Total resulsts: 346556
Page 37 of 34,656
Β« previous page Β» next page
Filters