Microsoft: Security Vulnerabilities
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
CVSS Score
4.4
EPSS Score
0.001
Published
2026-03-06
Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
CVSS Score
5.5
EPSS Score
0.001
Published
2026-03-06
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124.
CVSS Score
7.3
EPSS Score
0.001
Published
2026-03-06
Payment Orchestrator Service Elevation of Privilege Vulnerability
CVSS Score
8.6
EPSS Score
0.012
Published
2026-03-05
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
CVSS Score
6.7
EPSS Score
0.006
Published
2026-03-05
Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.01
Published
2026-03-05
'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
CVSS Score
6.7
EPSS Score
0.005
Published
2026-03-05
Microsoft Devices Pricing Program Remote Code Execution Vulnerability
CVSS Score
9.8
EPSS Score
0.016
Published
2026-03-05
Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Address book sync, Heartbeat sync loop modules) allows Sniffing Attacks.
The client places the preset address-book password verbatim into the heartbeat sync JSON body (src/hbbs_http/sync.rs). Over an intact HTTPS session it is not exposed in transit, but it is a reusable shared secret rather than a zero-knowledge proof, so it is recovered by any party that becomes the API endpoint - under the automatic invalid-certificate TLS downgrade (CVE-2026-30794) or a re-homed/rogue API server (CVE-2026-30797) - and the leaked credential then authorizes the server-side address book.
This vulnerability is associated with program files src/hbbs_http/sync.rs and program routines heartbeat sync body builder (emits preset-address-book-password).
This issue affects RustDesk Client: through 1.4.8.
CVSS Score
6.9
EPSS Score
0.003
Published
2026-03-05
Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfig() via URI handler.
This issue affects RustDesk Client: through 1.4.5.
CVSS Score
9.3
EPSS Score
0.005
Published
2026-03-05