Search
Search Results (358 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29973 | 1 Microsoft | 1 Azure File Sync | 2025-09-10 | 7 High |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-21380 | 1 Microsoft | 1 Azure Marketplace | 2025-09-09 | 8.8 High |
| Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-21415 | 1 Microsoft | 1 Azure Ai Face Service | 2025-09-09 | 9.9 Critical |
| Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2020-17145 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2025-08-28 | 5.4 Medium |
| Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | ||||
| CVE-2020-17135 | 1 Microsoft | 1 Azure Devops Server | 2025-08-28 | 6.4 Medium |
| Azure DevOps Server Spoofing Vulnerability | ||||
| CVE-2020-16971 | 1 Microsoft | 1 Azure Sdk For Java | 2025-08-28 | 7.4 High |
| Azure SDK for Java Security Feature Bypass Vulnerability | ||||
| CVE-2025-21188 | 1 Microsoft | 1 Azure Network Watcher | 2025-08-25 | 6 Medium |
| Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | ||||
| CVE-2025-47988 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Agent | 2025-08-23 | 7.5 High |
| Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network. | ||||
| CVE-2025-47158 | 1 Microsoft | 2 Azure Devops, Azure Devops Server | 2025-08-23 | 9 Critical |
| Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-47995 | 1 Microsoft | 1 Azure Machine Learning | 2025-08-23 | 6.5 Medium |
| Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49746 | 1 Microsoft | 1 Azure Machine Learning | 2025-08-23 | 9.9 Critical |
| Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49747 | 1 Microsoft | 1 Azure Machine Learning | 2025-08-23 | 9.9 Critical |
| Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-21195 | 1 Microsoft | 2 Azure Service Fabric, Service Fabric | 2025-08-23 | 6 Medium |
| Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2021-38645 | 1 Microsoft | 12 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics and 9 more | 2025-07-30 | 7.8 High |
| Open Management Infrastructure Elevation of Privilege Vulnerability | ||||
| CVE-2021-38647 | 1 Microsoft | 12 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics and 9 more | 2025-07-30 | 9.8 Critical |
| Open Management Infrastructure Remote Code Execution Vulnerability | ||||
| CVE-2021-38648 | 1 Microsoft | 12 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics and 9 more | 2025-07-30 | 7.8 High |
| Open Management Infrastructure Elevation of Privilege Vulnerability | ||||
| CVE-2021-38649 | 1 Microsoft | 12 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics and 9 more | 2025-07-30 | 7 High |
| Open Management Infrastructure Elevation of Privilege Vulnerability | ||||
| CVE-2023-44487 | 32 Akka, Amazon, Apache and 29 more | 367 Http Server, Opensearch Data Prepper, Apisix and 364 more | 2025-07-30 | 7.5 High |
| The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | ||||
| CVE-2022-24468 | 1 Microsoft | 1 Azure Site Recovery | 2025-07-24 | 7.2 High |
| Azure Site Recovery Remote Code Execution Vulnerability | ||||
| CVE-2022-44699 | 1 Microsoft | 1 Azure Network Watcher Agent | 2025-07-22 | 5.5 Medium |
| Azure Network Watcher Agent Security Feature Bypass Vulnerability | ||||