Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-26627 1 Microsoft 1 Azure Arc 2025-07-13 7 High
Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.
CVE-2022-35798 1 Microsoft 1 Azure Arc Jumpstart 2025-07-08 3.3 Low
Azure Arc Jumpstart Information Disclosure Vulnerability
CVE-2024-28917 1 Microsoft 7 Azure Arc Extension Microsoft.azstackhci.operator, Azure Arc Extension Microsoft.azure.hybridnetwork, Azure Arc Extension Microsoft.azurekeyvaultsecretsprovider and 4 more 2025-05-03 6.2 Medium
Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability
CVE-2022-38007 1 Microsoft 2 Azure Arc, Azure Guest Configuration 2025-03-11 7.8 High
Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability
CVE-2022-37968 1 Microsoft 2 Azure Arc-enabled Kubernetes, Azure Stack Edge 2025-01-02 10 Critical
Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.
CVE-2023-38176 1 Microsoft 1 Azure Arc-enabled Servers 2025-01-01 7 High
Azure Arc-Enabled Servers Elevation of Privilege Vulnerability