Filtered by vendor Microsoft
Subscriptions
Filtered by product Azure
Subscriptions
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59500 | 1 Microsoft | 2 Azure, Azure Notification Service | 2025-11-22 | 7.7 High |
| Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59503 | 1 Microsoft | 2 Azure, Azure Compute Resource Provider | 2025-11-22 | 10 Critical |
| Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59273 | 1 Microsoft | 3 Azure, Azure Event Grid, Azure Event Grid System | 2025-11-22 | 7.3 High |
| Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59247 | 1 Microsoft | 2 Azure, Azure Playfab | 2025-11-22 | 8.8 High |
| Azure PlayFab Elevation of Privilege Vulnerability | ||||
| CVE-2025-59285 | 1 Microsoft | 3 Azure, Azure Monitor, Azure Monitor Agent | 2025-11-22 | 7 High |
| Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58724 | 1 Microsoft | 6 Arc Enabled Servers Azure Connected Machine Agent, Azure, Azure Agent and 3 more | 2025-11-22 | 7.8 High |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55697 | 1 Microsoft | 7 Azure, Azure Cli, Windows Server and 4 more | 2025-11-22 | 7.8 High |
| Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59494 | 1 Microsoft | 2 Azure, Azure Monitor Agent | 2025-11-22 | 7.8 High |
| Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59292 | 1 Microsoft | 2 Azure, Azure Compute Gallery | 2025-11-22 | 8.2 High |
| External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59291 | 1 Microsoft | 3 Azure, Azure Compute Gallery, Azure Container Instances | 2025-11-22 | 8.2 High |
| External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47989 | 1 Microsoft | 3 Arc Enabled Servers Azure Connected Machine Agent, Azure, Azure Connected Machine Agent | 2025-11-22 | 7 High |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55244 | 1 Microsoft | 3 Azure, Azure Ai Bot Service, Azure Bot Service | 2025-11-20 | 9 Critical |
| Azure Bot Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-54914 | 1 Microsoft | 2 Azure, Azure Networking | 2025-11-20 | 10 Critical |
| Azure Networking Elevation of Privilege Vulnerability | ||||
| CVE-2025-49692 | 1 Microsoft | 2 Azure, Azure Connected Machine Agent | 2025-11-20 | 7.8 High |
| Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55316 | 1 Microsoft | 2 Azure, Azure Connected Machine Agent | 2025-11-20 | 7.8 High |
| External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49707 | 1 Microsoft | 24 Azure, Azure Virtual Machine, Dcadsv5-series Azure Vm and 21 more | 2025-11-10 | 7.9 High |
| Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. | ||||
| CVE-2025-53767 | 1 Microsoft | 2 Azure, Azure Openai | 2025-11-10 | 10 Critical |
| Azure OpenAI Elevation of Privilege Vulnerability | ||||
| CVE-2025-53792 | 1 Microsoft | 2 Azure, Azure Portal | 2025-11-10 | 9.1 Critical |
| Azure Portal Elevation of Privilege Vulnerability | ||||
| CVE-2025-53763 | 1 Microsoft | 1 Azure | 2025-11-10 | 9.8 Critical |
| Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53781 | 1 Microsoft | 25 Azure, Azure Virtual Machine, Dcadsv5-series Azure Vm and 22 more | 2025-11-10 | 7.7 High |
| Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. | ||||