Export limit exceeded: 19402 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (452 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49752 | 1 Microsoft | 1 Azure Bastion Developer | 2026-02-26 | 10 Critical |
| Azure Bastion Elevation of Privilege Vulnerability | ||||
| CVE-2025-62207 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Control Service | 2026-02-26 | 8.6 High |
| Azure Monitor Elevation of Privilege Vulnerability | ||||
| CVE-2025-64656 | 1 Microsoft | 2 Azure App Gateway, Azure Application Gateway | 2026-02-26 | 9.4 Critical |
| Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-64657 | 1 Microsoft | 2 Azure App Gateway, Azure Application Gateway | 2026-02-26 | 9.8 Critical |
| Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2021-42306 | 1 Microsoft | 4 Azure Active Directory, Azure Active Site Recovery, Azure Automation and 1 more | 2026-02-24 | 8.1 High |
| An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application. Azure AD addressed this vulnerability by preventing disclosure of any private key values added to the application. Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information. For more details on this issue, please refer to the MSRC Blog Entry. | ||||
| CVE-2020-16904 | 1 Microsoft | 1 Azure Functions | 2026-02-23 | 5.3 Medium |
| <p>An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.</p> <p>An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization.</p> <p>This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions.</p> | ||||
| CVE-2025-59247 | 1 Microsoft | 2 Azure, Azure Playfab | 2026-02-22 | 8.8 High |
| Azure PlayFab Elevation of Privilege Vulnerability | ||||
| CVE-2025-59292 | 1 Microsoft | 2 Azure, Azure Compute Gallery | 2026-02-22 | 8.2 High |
| External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59291 | 1 Microsoft | 3 Azure, Azure Compute Gallery, Azure Container Instances | 2026-02-22 | 8.2 High |
| External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59288 | 2 Github, Microsoft | 3 Github, Azure Playwright, Playwright | 2026-02-22 | 5.3 Medium |
| Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network. | ||||
| CVE-2025-21380 | 1 Microsoft | 2 Azure Marketplace, Marketplace Saas | 2026-02-13 | 8.8 High |
| Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-26627 | 1 Microsoft | 1 Azure Arc | 2026-02-13 | 7 High |
| Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24049 | 1 Microsoft | 1 Azure Command-line Interface | 2026-02-13 | 8.4 High |
| Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-21199 | 1 Microsoft | 3 Azure Agent, Azure Agent For Backup, Azure Agent For Site Recovery | 2026-02-13 | 6.7 Medium |
| Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24986 | 1 Microsoft | 2 Azure Promptflow Core, Azure Promptflow Tools | 2026-02-13 | 6.5 Medium |
| Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-29819 | 1 Microsoft | 2 Azure Portal Windows Admin Center, Windows Admin Center | 2026-02-13 | 6.2 Medium |
| External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-27489 | 1 Microsoft | 4 Azure Stack Hci 22h2, Azure Stack Hci 23h2, Azure Stack Hci Os 22h2 and 1 more | 2026-02-13 | 7.8 High |
| Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26628 | 1 Microsoft | 3 Azure, Azure Local, Azure Local Cluster | 2026-02-13 | 7.3 High |
| Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-25002 | 1 Microsoft | 1 Azure Local Cluster | 2026-02-13 | 6.8 Medium |
| Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network. | ||||
| CVE-2025-29827 | 1 Microsoft | 1 Azure Automation | 2026-02-13 | 9.9 Critical |
| Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network. | ||||