Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-48567 | Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.08% | 2026-06-04 | 2026-06-05 |
| CVE-2026-47280 | Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.07% | 2026-05-22 | 2026-05-27 |
| CVE-2026-42901 | Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.03% | 2026-05-22 | 2026-05-27 |
| CVE-2026-42826 | Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network. | 10.0 | 0.09% | 2026-05-07 | 2026-05-08 |
| CVE-2026-42822 | Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.09% | 2026-05-18 | 2026-05-21 |
| CVE-2026-41104 | Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network. | 10.0 | 0.31% | 2026-05-22 | 2026-05-29 |
| CVE-2026-40412 | Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. | 10.0 | 0.40% | 2026-05-22 | 2026-05-27 |
| CVE-2026-35431 | Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. | 10.0 | 0.07% | 2026-04-23 | 2026-04-24 |
| CVE-2026-33819 | Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network. | 10.0 | 0.36% | 2026-04-23 | 2026-05-05 |
| CVE-2026-33107 | Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.06% | 2026-04-03 | 2026-04-06 |
| CVE-2026-33105 | Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.06% | 2026-04-03 | 2026-04-06 |
| CVE-2026-32213 | Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.06% | 2026-04-03 | 2026-04-06 |
| CVE-2026-32186 | Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.06% | 2026-04-03 | 2026-04-13 |
| CVE-2026-32169 | Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.09% | 2026-03-19 | 2026-04-14 |
| CVE-2026-23652 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. | 10.0 | 0.07% | 2026-05-22 | 2026-05-27 |
| CVE-2025-65041 | Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.09% | 2025-12-18 | 2026-01-06 |
| CVE-2025-65037 | Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network. | 10.0 | 0.10% | 2025-12-18 | 2026-01-15 |
| CVE-2025-59503 | Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network. | 10.0 | 0.21% | 2025-10-23 | 2025-12-31 |
| CVE-2025-55241 | Azure Entra ID Elevation of Privilege Vulnerability | 10.0 | 0.89% | 2025-09-04 | 2025-09-24 |
| CVE-2025-54914 | Azure Networking Elevation of Privilege Vulnerability | 10.0 | 1.32% | 2025-09-04 | 2025-10-20 |