Filtered by vendor Microsoft
Subscriptions
Filtered by product Azure
Subscriptions
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59273 | 1 Microsoft | 2 Azure, Azure Event Grid System | 2025-10-25 | 7.3 High |
| Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59500 | 1 Microsoft | 2 Azure, Azure Notification Service | 2025-10-25 | 7.7 High |
| Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59503 | 1 Microsoft | 2 Azure, Azure Compute Resource Provider | 2025-10-25 | 9.9 Critical |
| Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59247 | 1 Microsoft | 2 Azure, Azure Playfab | 2025-10-24 | 8.8 High |
| Azure PlayFab Elevation of Privilege Vulnerability | ||||
| CVE-2025-59285 | 1 Microsoft | 2 Azure, Azure Monitor | 2025-10-24 | 7 High |
| Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58724 | 1 Microsoft | 5 Azure, Azure Agent, Azure Arc and 2 more | 2025-10-24 | 7.8 High |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55697 | 1 Microsoft | 5 Azure, Azure Cli, Windows Server and 2 more | 2025-10-24 | 7.8 High |
| Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59494 | 1 Microsoft | 2 Azure, Azure Monitor Agent | 2025-10-24 | 7.8 High |
| Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59292 | 1 Microsoft | 2 Azure, Azure Compute Gallery | 2025-10-24 | 8.2 High |
| External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59291 | 1 Microsoft | 3 Azure, Azure Compute Gallery, Azure Container Instances | 2025-10-24 | 8.2 High |
| External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47989 | 1 Microsoft | 2 Azure, Azure Connected Machine Agent | 2025-10-24 | 7 High |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54914 | 1 Microsoft | 2 Azure, Azure Networking | 2025-10-20 | 10 Critical |
| Azure Networking Elevation of Privilege Vulnerability | ||||
| CVE-2025-55244 | 1 Microsoft | 2 Azure, Azure Ai Bot Service | 2025-10-17 | 9 Critical |
| Azure Bot Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-20286 | 4 Amazon, Cisco, Microsoft and 1 more | 4 Amazon Web Services, Identity Services Engine, Azure and 1 more | 2025-10-15 | 9.9 Critical |
| A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected. | ||||
| CVE-2025-49707 | 1 Microsoft | 24 Azure, Azure Virtual Machine, Dcadsv5-series Azure Vm and 21 more | 2025-10-15 | 7.9 High |
| Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. | ||||
| CVE-2025-53781 | 1 Microsoft | 25 Azure, Azure Virtual Machine, Dcadsv5-series Azure Vm and 22 more | 2025-10-15 | 7.7 High |
| Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-49692 | 1 Microsoft | 2 Azure, Azure Connected Machine Agent | 2025-10-01 | 7.8 High |
| Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55316 | 1 Microsoft | 2 Azure, Azure Connected Machine Agent | 2025-09-25 | 7.8 High |
| External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53767 | 1 Microsoft | 2 Azure, Azure Openai | 2025-09-17 | 10 Critical |
| Azure OpenAI Elevation of Privilege Vulnerability | ||||
| CVE-2025-53792 | 1 Microsoft | 2 Azure, Azure Portal | 2025-09-17 | 9.1 Critical |
| Azure Portal Elevation of Privilege Vulnerability | ||||