Search
Search Results (631 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24304 | 1 Microsoft | 1 Azure Resource Manager | 2026-02-13 | 9.9 Critical |
| Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-29972 | 1 Microsoft | 2 Azure Storage Resouce Provider, Azure Storage Resource Provider | 2026-02-13 | 9.9 Critical |
| Server-side request forgery (ssrf) in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2025-29813 | 1 Microsoft | 2 Azure Devops, Azure Devops Server | 2026-02-13 | 10 Critical |
| Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-21311 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows Server 2022 23h2 and 2 more | 2026-02-13 | 9.8 Critical |
| Windows NTLM V1 Elevation of Privilege Vulnerability | ||||
| CVE-2025-21307 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 9.8 Critical |
| Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | ||||
| CVE-2025-21415 | 1 Microsoft | 1 Azure Ai Face Service | 2026-02-13 | 9.9 Critical |
| Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-21298 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 9.8 Critical |
| Windows OLE Remote Code Execution Vulnerability | ||||
| CVE-2025-21198 | 1 Microsoft | 2 Microsoft Hpc Pack 2016, Microsoft Hpc Pack 2019 | 2026-02-13 | 9 Critical |
| Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability | ||||
| CVE-2025-30392 | 1 Microsoft | 1 Azure Ai Bot Service | 2026-02-13 | 9.8 Critical |
| Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-29814 | 1 Microsoft | 1 Partner Center | 2026-02-13 | 9.3 Critical |
| Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-30390 | 1 Microsoft | 1 Azure Machine Learning | 2026-02-13 | 9.9 Critical |
| Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-47733 | 1 Microsoft | 2 Power Apps, Power Pages | 2026-02-13 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network | ||||
| CVE-2025-29827 | 1 Microsoft | 1 Azure Automation | 2026-02-13 | 9.9 Critical |
| Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-30387 | 1 Microsoft | 1 Azure Ai Document Intelligence Studio | 2026-02-13 | 9.8 Critical |
| Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53770 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-02-13 | 9.8 Critical |
| Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. | ||||
| CVE-2025-47158 | 1 Microsoft | 2 Azure Devops, Azure Devops Server | 2026-02-13 | 9 Critical |
| Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49746 | 1 Microsoft | 1 Azure Machine Learning | 2026-02-13 | 9.9 Critical |
| Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49747 | 1 Microsoft | 1 Azure Machine Learning | 2026-02-13 | 9.9 Critical |
| Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-47981 | 1 Microsoft | 26 Windows, Windows 10, Windows 10 1507 and 23 more | 2026-02-13 | 9.8 Critical |
| Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-53767 | 1 Microsoft | 3 Azure, Azure Open-ai, Azure Openai | 2026-02-13 | 10 Critical |
| Azure OpenAI Elevation of Privilege Vulnerability | ||||