Month: March 2026

Improper neutralization of special elements used in a command (‘command injection’) in Microsoft Bing Images allows an unauthorized attacker to execute code over a network. Continue reading CVE-2026-32194 Microsoft Bing Images Remote Code Execution Vulnerability→

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. Continue reading CVE-2026-26138 Microsoft Purview Elevation of Privilege Vulnerability→

Improper neutralization of special elements used in an os command (‘os command injection’) in Microsoft Bing Images allows an unauthorized attacker to execute code over a network. Continue reading CVE-2026-32191 Microsoft Bing Images Remote Code Execution Vulnerability→

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. Continue reading CVE-2026-23658 Azure DevOps: msazure Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network. Continue reading CVE-2026-23659 Azure Data Factory Information Disclosure Vulnerability→

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network. Continue reading CVE-2026-26120 Microsoft Bing Tampering Vulnerability→

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. Continue reading CVE-2026-26139 Microsoft Purview Elevation of Privilege Vulnerability→

Improper neutralization of special elements used in a command (‘command injection’) in M365 Copilot allows an unauthorized attacker to disclose information over a network. Continue reading CVE-2026-24299 M365 Copilot Information Disclosure Vulnerability→