Security Vulnerabilities
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
CVSS Score
9.9
EPSS Score
0.001
Published
2026-05-22
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
CVSS Score
10.0
EPSS Score
0.004
Published
2026-05-22
Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-05-22
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-05-22
Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.
CVSS Score
10.0
EPSS Score
0.001
Published
2026-05-22
Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-05-22
Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
CVSS Score
7.7
EPSS Score
0.001
Published
2026-05-22
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow (out-of-bounds read) in the SampleAuxInfoReader constructor. The SampleAuxInfoReader constructor iterates over saiz->get_num_samples() samples but doesn't validate that this count is consistent with the number of chunks in the chunks vector. When saiz declares more samples than the chunks cover, the loop increments current_chunk past chunks.size(), causing an out-of-bounds read on the chunks vector. The vulnerability is triggered during file parsing (heif_context_read_from_file) without any additional user interaction. Any application using libheif to open untrusted HEIF files is affected. This issue has been fixed in version 1.22.0.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-05-22
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection (updated in 4.1.0) inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attackers could trigger server spawn (but not access the server) and if the attacker is a JupyterHub user permitted to share access to their server, cause a user to accept a share and have access to the attacker's server. This issue has been fixed in version 5.4.5. If developers are unable to immediately upgrade, they can temporarily mitigate this issue by dropping requests to JupyterHub with Sec-Fetch-Mode: no-cors if they are using a reverse proxy.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-05-22
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry_count == 0 (creating no chunks) while still passing validation because saio.entry_count == 0 matches, but with saiz.sample_count > 0 the SampleAuxInfoReader constructor still enters its loop. This leads to an out-of-bounds dereference on the empty chunks[0] in chunked mode.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-05-22