Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-53795

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-21 Aug, 2025 | 19:49
Updated At-26 Feb, 2026 | 17:48
Rejected At-
Credits

Microsoft PC Manager Elevation of Privilege Vulnerability

Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:21 Aug, 2025 | 19:49
Updated At:26 Feb, 2026 | 17:48
Rejected At:
ā–¼CVE Numbering Authority (CNA)
Microsoft PC Manager Elevation of Privilege Vulnerability

Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft PC Manager
Versions
Affected
  • -
Problem Types
TypeCWE IDDescription
CWECWE-285CWE-285: Improper Authorization
Type: CWE
CWE ID: CWE-285
Description: CWE-285: Improper Authorization
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53795
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53795
Resource:
vendor-advisory
patch
ā–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:21 Aug, 2025 | 20:15
Updated At:22 Aug, 2025 | 18:08

Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-285Primarysecure@microsoft.com
CWE ID: CWE-285
Type: Primary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53795secure@microsoft.com
N/A
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53795
Source: secure@microsoft.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

79Records found
CVE-2026-48579
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.01% / 58.75%
||
7 Day CHG+0.44%
Published-04 Jun, 2026 | 22:00
Updated-23 Jun, 2026 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Online Information Disclosure Vulnerability

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_onlineMicrosoft Exchange Online
CWE ID-CWE-285
Improper Authorization
CVE-2025-53792
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.73% / 49.60%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 21:01
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Portal Elevation of Privilege Vulnerability

Azure Portal Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_portalAzure Portal
CWE ID-CWE-285
Improper Authorization
CVE-2026-32211
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.83% / 52.70%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 23:27
Updated-19 Jun, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure MCP Server Information Disclosure Vulnerability

Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_web_appsAzure Web Apps
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-26855
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-100.00% / 100.00%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 23:55
Updated-30 Oct, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 2Microsoft Exchange Server 2016 Cumulative Update 18Microsoft Exchange Server 2019 Cumulative Update 6Microsoft Exchange Server 2019 Cumulative Update 8Microsoft Exchange Server 2019 Cumulative Update 5Microsoft Exchange Server 2016 Cumulative Update 16Microsoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2016 Cumulative Update 12Microsoft Exchange Server 2019 Cumulative Update 7Microsoft Exchange Server 2016 Cumulative Update 15Microsoft Exchange Server 2019Microsoft Exchange Server 2016 Cumulative Update 14Microsoft Exchange Server 2016 Cumulative Update 8Microsoft Exchange Server 2013 Cumulative Update 21Microsoft Exchange Server 2016 Cumulative Update 11Microsoft Exchange Server 2016 Cumulative Update 13Microsoft Exchange Server 2019 Cumulative Update 4Microsoft Exchange Server 2019 Cumulative Update 3Microsoft Exchange Server 2016 Cumulative Update 10Microsoft Exchange Server 2019 Cumulative Update 1Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2013 Cumulative Update 22Microsoft Exchange Server 2016 Cumulative Update 9Microsoft Exchange Server 2016 Cumulative Update 17Exchange Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-45602
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.37% / 28.28%
||
7 Day CHG-0.08%
Published-09 Jun, 2026 | 17:05
Updated-23 Jun, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability

No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1607windows_server_2025windows_server_2012windows_server_2016windows_server_2022windows_10_22h2windows_11_23h2windows_11_24h2windows_11_25h2windows_11_26h1windows_server_2019windows_10_1809Windows Server 2016Windows 11 Version 25H2Windows Server 2012Windows 10 Version 1607Windows 11 version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows Server 2025Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows 11 Version 23H2Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 26H1Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-229
Improper Handling of Values
CWE ID-CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CVE-2024-43106
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.1||HIGH
EPSS-0.72% / 49.14%
||
7 Day CHG+0.01%
Published-18 Dec, 2024 | 22:41
Updated-22 Aug, 2025 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Action-Not Available
Vendor-Microsoft Corporation
Product-excelExcel
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-42220
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.1||HIGH
EPSS-0.72% / 49.14%
||
7 Day CHG+0.01%
Published-18 Dec, 2024 | 22:40
Updated-22 Aug, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Action-Not Available
Vendor-Microsoft Corporation
Product-outlookOutlook
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-41165
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.1||HIGH
EPSS-0.72% / 49.14%
||
7 Day CHG+0.01%
Published-18 Dec, 2024 | 22:39
Updated-22 Aug, 2025 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Action-Not Available
Vendor-Microsoft Corporation
Product-wordWord
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-39804
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.1||HIGH
EPSS-0.86% / 53.89%
||
7 Day CHG+0.01%
Published-18 Dec, 2024 | 22:37
Updated-25 Aug, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Action-Not Available
Vendor-Microsoft Corporation
Product-powerpointPowerPoint
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-38200
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-19.69% / 97.05%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 20:45
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Spoofing Vulnerability

Microsoft Office Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft Office 2019Microsoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Office 2016
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-33843
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.47% / 37.23%
||
7 Day CHG-0.18%
Published-22 May, 2026 | 22:03
Updated-19 Jun, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-entra_idMicrosoft Entra
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2026-41103
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-5.38% / 91.61%
||
7 Day CHG+0.29%
Published-12 May, 2026 | 16:59
Updated-19 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-confluence_saml_ssojira_saml_ssoMicrosoft Confluence SAML SSO pluginMicrosoft JIRA SAML SSO plugin
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CVE-2026-40372
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-10.35% / 95.12%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 19:20
Updated-19 Jun, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASP.NET Core Elevation of Privilege Vulnerability

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-asp.net_coreASP.NET Core 10.0Microsoft Visual Studio 2026 version 18.5
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-33117
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.48% / 37.59%
||
7 Day CHG+0.03%
Published-12 May, 2026 | 16:58
Updated-19 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure SDK for Java Security Feature Bypass Vulnerability

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may bypass integrity verification checks. Operations delegated to the Key Vault service are not affected. The issue is addressed in version 4.10.6.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_sdk_for_javaAzure SDK for Java
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-34473
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-100.00% / 100.00%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-29 Oct, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 9Microsoft Exchange Server 2019 Cumulative Update 8Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2016 Cumulative Update 20Exchange Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-50171
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.91% / 55.24%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-13 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Spoofing Vulnerability

Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_server_2025windows_server_2022_23h2Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2
CWE ID-CWE-862
Missing Authorization
CVE-2025-47733
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.51% / 71.14%
||
7 Day CHG+0.05%
Published-08 May, 2025 | 22:17
Updated-13 Feb, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Power Apps Information Disclosure Vulnerability

Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network

Action-Not Available
Vendor-Microsoft Corporation
Product-power_appsMicrosoft Power Pages
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-17002
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-3.23% / 86.63%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 23:36
Updated-09 Jun, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure SDK for C Security Feature Bypass Vulnerability

Azure SDK for C Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-c_sdk_for_azure_iotAzure-c-shared-utility Release LTS_07_2020_Ref02azure-utpm-cC SDK for Azure IoT Release LTS_02_2020_Ref02azure-uhttp-cazure-c-shared-utilityC SDK for Azure IoTC SDK for Azure IoT Release LTS_07_2020_Ref02azure-utpm-c Release LTS_02_2020_Ref02azure-utpm-c Release LTS_07_2020_Ref02Azure-c-shared-utility Release LTS_02_2020_Ref02azure-umqtt-c Release LTS_02_2020_Ref02azure-uamqp-c Release LTS_02_2020_Ref02azure-uamqp-c Release LTS_07_2020_Ref02azure-umqtt-c Release LTS_07_2020_Ref02azure-uhttp-c Release LTS_07_2020_Ref02azure-uhttp-c Release LTS_02_2020_Ref02azure-uamqp-cazure-umqtt-c
CVE-2020-0654
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-3.48% / 87.57%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 23:11
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka 'Microsoft OneDrive for Android Security Feature Bypass Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-onedriveOne Drive for Android
CVE-2020-16971
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-3.59% / 87.94%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 23:36
Updated-09 Jun, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure SDK for Java Security Feature Bypass Vulnerability

Azure SDK for Java Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_sdk_for_javaAzure SDKAzure SDK for Java
CVE-2024-0057
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-2.78% / 84.50%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 17:56
Updated-03 Jun, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2008windows_11_22h2windows_11_21h2.net_frameworkwindows_11_23h2windows_10_21h2windows_10_1809powershellvisual_studio_2022.netwindows_10_22h2windows_server_2022windows_server_2019windows_10_1607Microsoft Visual Studio 2022 version 17.4Microsoft .NET Framework 3.0 Service Pack 2PowerShell 7.3Microsoft .NET Framework 4.8Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft Visual Studio 2022 version 17.8NUGET 17.6.0Microsoft .NET Framework 2.0 Service Pack 2NuGet 17.4.0.NET 7.0Microsoft .NET Framework 3.5 AND 4.8.1PowerShell 7.4PowerShell 7.2Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.2.NET 8.0Microsoft .NET Framework 3.5 AND 4.7.2Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10).NET 6.0Microsoft .NET Framework 3.5 AND 4.8NuGet 5.11.0NuGet 17.8.0
CWE ID-CWE-20
Improper Input Validation
CVE-2026-27912
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8||HIGH
EPSS-0.24% / 15.10%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:58
Updated-19 Jun, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Elevation of Privilege Vulnerability

Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_server_2025windows_server_2019windows_server_2022_23h2windows_server_2016windows_server_2012Windows Server 2016Windows Server 2012 R2Windows Server 2012Windows Server 2025 (Server Core installation)Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2012 (Server Core installation)
CWE ID-CWE-285
Improper Authorization
CVE-2026-24305
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.50% / 38.67%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 22:47
Updated-01 Apr, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Entra ID Elevation of Privilege Vulnerability

Azure Entra ID Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-entra_idMicrosoft Entra
CWE ID-CWE-285
Improper Authorization
CVE-2026-20960
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8||HIGH
EPSS-0.47% / 36.80%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 21:28
Updated-01 Apr, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PowerApps Desktop Client Remote Code Execution Vulnerability

Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-power_appsMicrosoft Power Apps Desktop Client
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-45490
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 17.78%
||
7 Day CHG+0.05%
Published-09 Jun, 2026 | 17:04
Updated-23 Jun, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET SDK Elevation of Privilege Vulnerability

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-.netwindows.NET 8.0.NET 10.0.NET 9.0
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-43482
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.10% / 61.32%
||
7 Day CHG-0.02%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook for iOS Information Disclosure Vulnerability

Microsoft Outlook for iOS Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-outlookOutlook for iOS
CWE ID-CWE-285
Improper Authorization
CVE-2024-21402
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.48% / 37.71%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 18:02
Updated-09 May, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook Elevation of Privilege Vulnerability

Microsoft Outlook Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsMicrosoft 365 Apps for Enterprise
CWE ID-CWE-285
Improper Authorization
CVE-2024-38231
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.87% / 76.64%
||
7 Day CHG+0.03%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Licensing Service Denial of Service Vulnerability

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-285
Improper Authorization
CVE-2024-38129
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.25% / 65.48%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Elevation of Privilege Vulnerability

Windows Kerberos Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-285
Improper Authorization
CVE-2026-47298
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8||HIGH
EPSS-0.67% / 47.10%
||
7 Day CHG+0.17%
Published-09 Jun, 2026 | 17:05
Updated-23 Jun, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016
CWE ID-CWE-285
Improper Authorization
CVE-2026-45503
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.45% / 36.06%
||
7 Day CHG+0.03%
Published-09 Jun, 2026 | 17:04
Updated-23 Jun, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Information Disclosure Vulnerability

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverexchange_server_subscription_editionMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 15Microsoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server Subscription Edition RTM
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-32213
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.91% / 55.42%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 23:26
Updated-19 Jun, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure AI Foundry Elevation of Privilege Vulnerability

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_ai_foundryAzure AI Foundry
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42902
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 20.60%
||
7 Day CHG+0.02%
Published-09 Jun, 2026 | 17:04
Updated-23 Jun, 2026 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PowerToys Elevation of Privilege Vulnerability

Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-powertoysMicrosoft PowerToys
CWE ID-CWE-285
Improper Authorization
CVE-2026-33823
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.72% / 49.04%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 20:58
Updated-19 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Team Events Portal Information Disclosure Vulnerability

Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-teamsMicrosoft Teams
CWE ID-CWE-285
Improper Authorization
CVE-2026-33105
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.72% / 49.08%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 23:26
Updated-19 Jun, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_kubernetes_serviceAzure Kubernetes Service
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-64655
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.41% / 33.09%
||
7 Day CHG+0.01%
Published-20 Nov, 2025 | 22:18
Updated-26 Feb, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_omnichannel_sdk_storage_containersDynamics OmniChannel SDK Storage Containers
CWE ID-CWE-285
Improper Authorization
CVE-2025-65041
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.70% / 48.50%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 22:02
Updated-16 Apr, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Partner Center Elevation of Privilege Vulnerability

Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-partner_centerMicrosoft Partner Center
CWE ID-CWE-285
Improper Authorization
CVE-2025-59271
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.7||HIGH
EPSS-0.60% / 44.05%
||
7 Day CHG+0.06%
Published-09 Oct, 2025 | 21:04
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Redis Enterprise Elevation of Privilege Vulnerability

Redis Enterprise Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_cache_for_redisazure_managed_redisAzure Cache for Redis EnterpriseAzure Managed Redis
CWE ID-CWE-285
Improper Authorization
CVE-2025-49746
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.69% / 48.02%
||
7 Day CHG+0.03%
Published-18 Jul, 2025 | 17:04
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Machine Learning Elevation of Privilege Vulnerability

Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_machine_learningAzure Machine Learning
CWE ID-CWE-285
Improper Authorization
CVE-2025-49701
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.83% / 52.89%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:58
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Remote Code Execution Vulnerability

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-285
Improper Authorization
CVE-2024-30061
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-1.37% / 68.42%
||
7 Day CHG+0.08%
Published-09 Jul, 2024 | 17:02
Updated-09 Dec, 2025 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics 365 (on-premises) version 9.1
CWE ID-CWE-285
Improper Authorization
CVE-2024-26193
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.85% / 53.52%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Migrate Remote Code Execution Vulnerability

Azure Migrate Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_migrateAzure Migrate
CWE ID-CWE-285
Improper Authorization
CVE-2025-30392
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.88% / 54.36%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 17:14
Updated-26 Feb, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure AI Bot Elevation of Privilege Vulnerability

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_ai_bot_serviceAzure AI Bot Service
CWE ID-CWE-285
Improper Authorization
CVE-2025-30390
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.78% / 51.01%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 17:14
Updated-26 Feb, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure ML Compute Elevation of Privilege Vulnerability

Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_machine_learningAzure Machine Learning
CWE ID-CWE-285
Improper Authorization
CVE-2024-43602
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-2.20% / 80.23%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:53
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure CycleCloud Remote Code Execution Vulnerability

Azure CycleCloud Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_cyclecloudAzure CycleCloud 8.0.2Azure CycleCloud 8.3.0Azure CycleCloud 8.1.1Azure CycleCloud 8.4.1Azure CycleCloudAzure CycleCloud 8.0.1Azure CycleCloud 8.2.1Azure CycleCloud 8.0.0Azure CycleCloud 8.5.0Azure CycleCloud 8.1.0Azure CycleCloud 8.2.2Azure CycleCloud 8.4.0Azure CycleCloud 8.6.0Azure CycleCloud 8.4.2Azure CycleCloud 8.2.0
CWE ID-CWE-285
Improper Authorization
CVE-2024-43460
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.68% / 47.54%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 18:15
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dynamics 365 Business Central Elevation of Privilege Vulnerability

Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365_business_centralDynamics 365 Business Central Online
CWE ID-CWE-285
Improper Authorization
CVE-2025-26683
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.59% / 43.42%
||
7 Day CHG+0.05%
Published-31 Mar, 2025 | 21:51
Updated-26 Feb, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Playwright Elevation of Privilege Vulnerability

Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_playwrightAzure Playwright
CWE ID-CWE-285
Improper Authorization
CVE-2025-21348
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-1.74% / 74.81%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server Subscription EditionMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016
CWE ID-CWE-285
Improper Authorization
CVE-2025-24053
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.70% / 48.34%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 17:25
Updated-13 Feb, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dataverse Elevation of Privilege Vulnerability

Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-dataverseMicrosoft Dataverse
CWE ID-CWE-285
Improper Authorization
CVE-2025-21275
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.61% / 44.33%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows App Package Installer Elevation of Privilege Vulnerability

Windows App Package Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_11_23h2windows_server_2022windows_11_24h2windows_server_2025windows_11_22h2windows_10_21h2windows_server_2022_23h2Windows 11 Version 23H2Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-285
Improper Authorization
  • Previous
  • 1
  • 2
  • Next
Details not found