Search Results (452 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-50653 1 Microsoft 2 .net, Azure Active Directory 2026-07-16 7.5 High
Loop with unreachable exit condition ('infinite loop') in Azure Active Directory allows an unauthorized attacker to deny service over a network.
CVE-2026-50652 1 Microsoft 2 .net, Azure Active Directory 2026-07-16 7.5 High
Deserialization of untrusted data in Azure Active Directory allows an unauthorized attacker to deny service over a network.
CVE-2026-57969 1 Microsoft 1 Azure Cyclecloud 2026-07-15 8.8 High
Missing authentication for critical function in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.
CVE-2026-47632 1 Microsoft 1 Azure Monitor Agent Metrics Extension 2026-07-15 8.8 High
Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-50338 1 Microsoft 1 Azure Spring Apps 2026-07-14 8.2 High
Improper authentication in Azure Spring Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-58279 1 Microsoft 1 Azure Cyclecloud 2026-07-14 6.5 Medium
Missing authorization in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.
CVE-2026-26145 1 Microsoft 1 Azure Synapse 2026-07-06 4.8 Medium
Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network.
CVE-2026-45499 1 Microsoft 2 Azure Open-ai, Azure Open-ai 2026-07-06 9.9 Critical
Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.
CVE-2026-32174 1 Microsoft 1 Azure Ai Bot Service 2026-06-23 7.7 High
Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-48584 1 Microsoft 1 Azure Synapse 2026-06-22 9.9 Critical
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
CVE-2026-45480 1 Microsoft 1 Azure Active Directory 2026-06-22 10 Critical
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-47633 1 Microsoft 2 Azure Cost Management, Azure Cost Management 2026-06-22 7.5 High
Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network.
CVE-2026-47643 1 Microsoft 1 Azure Stack Edge 2026-06-10 9.8 Critical
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
CVE-2026-32193 1 Microsoft 1 Azure Kubernetes Service 2026-06-10 8.8 High
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.
CVE-2026-41098 1 Microsoft 1 Azure Stack Edge 2026-06-09 8.4 High
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.
CVE-2024-38179 1 Microsoft 3 Azure Stack Hci, Azure Stack Hci Os 22h2, Azure Stack Hci Os 23h2 2026-06-09 8.8 High
Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability
CVE-2024-38204 1 Microsoft 1 Azure Functions 2026-06-09 7.5 High
Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network.
CVE-2024-43480 2 Linux, Microsoft 2 Linux Kernel, Azure Service Fabric 2026-06-09 6.6 Medium
Azure Service Fabric for Linux Remote Code Execution Vulnerability
CVE-2026-48567 1 Microsoft 3 .azure Horizondb, .azure Horizondb, Azure Horizondb 2026-06-05 10 Critical
Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-33844 1 Microsoft 1 Azure Managed Instance For Apache Cassandra 2026-06-01 9 Critical
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.