Log inCVE-2026-32210 Microsoft Dynamics 365 (online) Spoofing Vulnerability
23 April 2026 om 16:00
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
Normale weergave
Ontvangen β 23 April 2026
β
Microsoft Security
CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability
23 April 2026 om 16:00
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability
23 April 2026 om 16:00
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
CVE-2026-26150 Microsoft Purview eDiscovery Elevation of Privilege Vulnerability
23 April 2026 om 16:00
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability
23 April 2026 om 16:00
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability
23 April 2026 om 16:00
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32172 Microsoft Power Apps Remote Code Execution Vulnerability
23 April 2026 om 16:00
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
CVE-2026-21515 Azure IoT Central Elevation of Privilege Vulnerability
23 April 2026 om 16:00
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
CVE-2026-5160
23 April 2026 om 10:38
Information published.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
23 April 2026 om 10:38
Information published.
-
Microsoft Security
- CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
23 April 2026 om 10:37
Information published.
-
- CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
23 April 2026 om 10:37
Information published.
-
- CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()
CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()
23 April 2026 om 10:11
Information published.
-
- CVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
CVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
23 April 2026 om 10:11
Information published.
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
23 April 2026 om 10:11
Information published.
-
- CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input
CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input
23 April 2026 om 10:11
Information published.
-
- CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
23 April 2026 om 10:10
Information published.
-
- CVE-2026-6507 Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing
CVE-2026-6507 Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing
23 April 2026 om 10:10
Information published.
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds
23 April 2026 om 10:10
Information published.
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
23 April 2026 om 10:10
Information published.
-
- CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
23 April 2026 om 10:09
Information published.
CVE-2026-31450 ext4: publish jinode after initialization
23 April 2026 om 10:09
Information published.
CVE-2026-31494 net: macb: use the current queue number for stats
23 April 2026 om 10:09
Information published.
-
- CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
23 April 2026 om 10:09
Information published.
CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it
23 April 2026 om 10:09
Information published.
CVE-2026-31467 erofs: add GFP_NOIO in the bio completion if needed
23 April 2026 om 10:09
Information published.
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
23 April 2026 om 10:09
Information published.
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks
23 April 2026 om 10:09
Information published.
CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop
23 April 2026 om 10:09
Information published.
CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2
23 April 2026 om 10:09
Information published.
