Nixpkgs Security Tracker

Login with GitHub

Dismissed suggestions

These automatic suggestions were dismissed after initial triaging.

to select a suggestion for revision.

View:
Compact
Detailed
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26138
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 days, 7 hours ago
Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

References

Affected products

Microsoft Purview
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26120
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 days, 7 hours ago
Microsoft Bing Tampering Vulnerability

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network.

References

Affected products

Microsoft Bing
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-23658
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 days, 7 hours ago
Azure DevOps: msazure Elevation of Privilege Vulnerability

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

References

Affected products

Azure DevOps: msazure
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26139
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 days, 7 hours ago
Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

References

Affected products

Microsoft Purview
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26136
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 days, 7 hours ago
Microsoft Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.

References

Affected products

Microsoft Copilot
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-24299
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 days, 7 hours ago
M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

References

Affected products

Microsoft 365 Copilot
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-26137
8.9 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 days, 7 hours ago
Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.

References

Affected products

Microsoft 365 Copilot's Business Chat
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-23659
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 days, 7 hours ago
Azure Data Factory Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.

References

Affected products

Azure Data Factory
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-32169
10.0 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 days, 7 hours ago
Azure Cloud Shell Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.

References

Affected products

Azure Cloud Shell
  • ==-
Dismissed
(exclusively hosted service)
Permalink CVE-2026-32194
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 days, 7 hours ago
Microsoft Bing Images Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

References

Affected products

Microsoft Bing Images
  • ==-