Search
Search Results (382 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29973 | 1 Microsoft | 1 Azure File Sync | 2025-09-10 | 7 High |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-21380 | 1 Microsoft | 1 Azure Marketplace | 2025-09-09 | 8.8 High |
| Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-21415 | 1 Microsoft | 1 Azure Ai Face Service | 2025-09-09 | 9.9 Critical |
| Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2020-17145 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2025-08-28 | 5.4 Medium |
| Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | ||||
| CVE-2020-17135 | 1 Microsoft | 1 Azure Devops Server | 2025-08-28 | 6.4 Medium |
| Azure DevOps Server Spoofing Vulnerability | ||||
| CVE-2020-16971 | 1 Microsoft | 1 Azure Sdk For Java | 2025-08-28 | 7.4 High |
| Azure SDK for Java Security Feature Bypass Vulnerability | ||||
| CVE-2025-47988 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Agent | 2025-08-23 | 7.5 High |
| Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network. | ||||
| CVE-2025-47158 | 1 Microsoft | 2 Azure Devops, Azure Devops Server | 2025-08-23 | 9 Critical |
| Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-47995 | 1 Microsoft | 1 Azure Machine Learning | 2025-08-23 | 6.5 Medium |
| Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49746 | 1 Microsoft | 1 Azure Machine Learning | 2025-08-23 | 9.9 Critical |
| Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49747 | 1 Microsoft | 1 Azure Machine Learning | 2025-08-23 | 9.9 Critical |
| Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-21195 | 1 Microsoft | 2 Azure Service Fabric, Service Fabric | 2025-08-23 | 6 Medium |
| Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2022-44699 | 1 Microsoft | 1 Azure Network Watcher Agent | 2025-07-22 | 5.5 Medium |
| Azure Network Watcher Agent Security Feature Bypass Vulnerability | ||||
| CVE-2024-38175 | 1 Microsoft | 1 Azure Managed Instance For Apache Cassandra | 2025-07-10 | 9.6 Critical |
| An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network. | ||||
| CVE-2024-38109 | 1 Microsoft | 1 Azure Health Bot | 2025-07-10 | 9.1 Critical |
| An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. | ||||
| CVE-2024-38195 | 1 Microsoft | 1 Azure Cyclecloud | 2025-07-10 | 7.8 High |
| Azure CycleCloud Remote Code Execution Vulnerability | ||||
| CVE-2024-38162 | 1 Microsoft | 1 Azure Connected Machine Agent | 2025-07-10 | 7.8 High |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability | ||||
| CVE-2024-38158 | 1 Microsoft | 1 Azure Iot Hub Device Client Sdk | 2025-07-10 | 7 High |
| Azure IoT SDK Remote Code Execution Vulnerability | ||||
| CVE-2024-38157 | 1 Microsoft | 1 Azure Iot Hub Device Client Sdk | 2025-07-10 | 7 High |
| Azure IoT SDK Remote Code Execution Vulnerability | ||||
| CVE-2024-38098 | 1 Microsoft | 1 Azure Connected Machine Agent | 2025-07-10 | 7.8 High |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability | ||||