Search
Search Results (356 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49692 | 1 Microsoft | 2 Azure, Azure Connected Machine Agent | 2025-10-01 | 7.8 High |
| Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55244 | 1 Microsoft | 2 Azure, Azure Ai Bot Service | 2025-09-25 | 9 Critical |
| Azure Bot Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-54914 | 1 Microsoft | 1 Azure | 2025-09-25 | 10 Critical |
| Azure Networking Elevation of Privilege Vulnerability | ||||
| CVE-2025-55316 | 1 Microsoft | 2 Azure, Azure Connected Machine Agent | 2025-09-25 | 7.8 High |
| External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49707 | 1 Microsoft | 24 Azure, Azure Virtual Machine, Dcadsv5-series Azure Vm and 21 more | 2025-09-17 | 7.9 High |
| Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. | ||||
| CVE-2025-53767 | 1 Microsoft | 2 Azure, Azure Openai | 2025-09-17 | 10 Critical |
| Azure OpenAI Elevation of Privilege Vulnerability | ||||
| CVE-2025-53792 | 1 Microsoft | 2 Azure, Azure Portal | 2025-09-17 | 9.1 Critical |
| Azure Portal Elevation of Privilege Vulnerability | ||||
| CVE-2025-53793 | 1 Microsoft | 1 Azure Stack Hub | 2025-09-17 | 7.5 High |
| Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-53765 | 1 Microsoft | 2 Azure App Service On Azure Stack, Azure Stack Hub | 2025-09-17 | 4.4 Medium |
| Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-53763 | 1 Microsoft | 1 Azure | 2025-09-17 | 9.8 Critical |
| Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53781 | 1 Microsoft | 25 Azure, Azure Virtual Machine, Dcadsv5-series Azure Vm and 22 more | 2025-09-17 | 7.7 High |
| Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-53729 | 1 Microsoft | 1 Azure File Sync | 2025-09-17 | 7.8 High |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29813 | 1 Microsoft | 2 Azure Devops, Azure Devops Server | 2025-09-10 | 10 Critical |
| [Spoofable identity claims] Authentication Bypass by Assumed-Immutable Data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-29827 | 1 Microsoft | 1 Azure Automation | 2025-09-10 | 9.9 Critical |
| Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-29972 | 1 Microsoft | 1 Azure Storage Resource Provider | 2025-09-10 | 9.9 Critical |
| Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2025-30387 | 1 Microsoft | 1 Azure Ai Document Intelligence Studio | 2025-09-10 | 9.8 Critical |
| Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-29973 | 1 Microsoft | 1 Azure File Sync | 2025-09-10 | 7 High |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-21380 | 1 Microsoft | 1 Azure Marketplace | 2025-09-09 | 8.8 High |
| Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-21415 | 1 Microsoft | 1 Azure Ai Face Service | 2025-09-09 | 9.9 Critical |
| Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2020-17145 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2025-08-28 | 5.4 Medium |
| Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | ||||