News & Sicurezza

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.

CVE ID :CVE-2026-32211 Published : April 3, 2026, 12:16 a.m. | 5 hours, 38 minutes ago Description :Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-32173 Published : April 3, 2026, 12:16 a.m. | 5 hours, 38 minutes ago Description :Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-33105 Published : April 3, 2026, 12:16 a.m. | 5 hours, 38 minutes ago Description :Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-26135 Published : April 3, 2026, 12:16 a.m. | 5 hours, 38 minutes ago Description :Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network. Severity: 9.6 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-33107 Published : April 3, 2026, 12:16 a.m. | 5 hours, 38 minutes ago Description :Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-32213 Published : April 3, 2026, 12:16 a.m. | 5 hours, 38 minutes ago Description :Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2022-4986 Published : April 2, 2026, 10:16 p.m. | 5 hours, 38 minutes ago Description :Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions to disrupt service availability. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

HiOS Switch Platform contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch.

CVE ID :CVE-2026-30251 Published : April 2, 2026, 9:16 p.m. | 6 hours, 38 minutes ago Description :A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda parameter. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-30252 Published : April 2, 2026, 9:16 p.m. | 6 hours, 38 minutes ago Description :Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda and red_url parameters. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-35466 Published : April 2, 2026, 9:16 p.m. | 6 hours, 38 minutes ago Description :XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...