Security Vulnerabilities
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.0
Published
2026-04-03
Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.0
Published
2026-04-03
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.6
EPSS Score
0.0
Published
2026-04-03
Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
CVSS Score
8.6
EPSS Score
0.001
Published
2026-04-03
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-04-03
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.0
Published
2026-04-03
A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-04-02
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has been patched in version 1.4.10.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-04-02
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings via the /api/settings endpoint by providing arbitrary headers. This issue has been patched in version 1.4.10.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-04-02
Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service disruption for all connected subscribers. This issue has been patched in version 1.8.0.
CVSS Score
5.8
EPSS Score
0.001
Published
2026-04-02