Common Vulnerabilities and Exposures (CVE)
CVE-2026-9150
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA38...
CVE-2026-40165
authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment Injection. Due to how authentik extracted the N...
CVE-2026-9149
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocat...
CVE-2026-41105
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-42826
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
CVE-2026-35435
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-35428
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-34327
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33844
Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-33823
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
CVE-2026-26164
Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-33111
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
CVE-2026-26129
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-42834
Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-45584
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.