Microsoft: Security Vulnerabilities
Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations.
To remediate this issue, users should upgrade to version 2.1.0.0.
CVSS Score
8.7
EPSS Score
0.004
Published
2026-04-03
Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during user-initiated authentication.
To remediate this issue, users should upgrade to version 2.1.0.0.
CVSS Score
7.3
EPSS Score
0.003
Published
2026-04-03
Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations.
To remediate this issue, users should upgrade to version 2.1.0.0.
CVSS Score
7.1
EPSS Score
0.003
Published
2026-04-03
Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.007
Published
2026-04-03
The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem.
CVSS Score
9.6
EPSS Score
0.004
Published
2026-04-03
Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse.
An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory.
This issue affects TETRA connectivity Server: 7.0.
Vulnerability fix is available and delivered to impacted customers.
CVSS Score
5.6
EPSS Score
0.001
Published
2026-04-03
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.007
Published
2026-04-03
Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.007
Published
2026-04-03
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.6
EPSS Score
0.006
Published
2026-04-03
Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
CVSS Score
8.6
EPSS Score
0.009
Published
2026-04-03