Search Results (446 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-33117 1 Microsoft 1 Azure Sdk For Java 2026-05-22 9.1 Critical
The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may bypass integrity verification checks. Operations delegated to the Key Vault service are not affected. The issue is addressed in version 4.10.6.
CVE-2026-42822 1 Microsoft 2 Azure Local, Azure Resource Manager 2026-05-22 10 Critical
Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-40379 1 Microsoft 3 Azure Enterprise Security Token Service, Entra Id, Microsoft Entra Id 2026-05-21 9.3 Critical
Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-41086 1 Microsoft 2 Azure Portal Windows Admin Center, Windows Admin Center 2026-05-15 8.8 High
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-41105 1 Microsoft 1 Azure Monitor Action Group Notification System 2026-05-14 8.1 High
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-42830 1 Microsoft 2 Azure Monitor Agent, Azure Monitor Agent Metrics Extension 2026-05-14 6.5 Medium
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-42823 1 Microsoft 1 Azure Logic Apps 2026-05-14 9.9 Critical
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-33833 1 Microsoft 1 Azure Machine Learning 2026-05-13 8.2 High
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32204 1 Microsoft 2 Azure Monitor, Azure Monitor Agent 2026-05-13 7.8 High
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-40381 1 Microsoft 1 Azure Connected Machine Agent 2026-05-13 7.8 High
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2023-44487 33 Akka, Amazon, Apache and 30 more 378 Http Server, Opensearch Data Prepper, Apisix and 375 more 2026-05-12 7.5 High
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2026-35435 1 Microsoft 1 Azure Ai Foundry 2026-05-10 8.6 High
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-35428 1 Microsoft 1 Azure Cloud Shell 2026-05-08 9.6 Critical
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32207 1 Microsoft 1 Azure Machine Learning 2026-05-08 8.8 High
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-42826 1 Microsoft 1 Azure Devops 2026-05-08 10 Critical
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
CVE-2026-33109 1 Microsoft 1 Azure Managed Instance For Apache Cassandra 2026-05-08 9.9 Critical
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-32171 1 Microsoft 1 Azure Logic Apps 2026-04-27 8.8 High
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-21515 1 Microsoft 1 Azure Iot Central 2026-04-27 9.9 Critical
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
CVE-2026-32173 1 Microsoft 3 Azure Sre Agent, Azure Sre Agent Gateway, Azure Sre Agent Gateway Signalr Hub 2026-04-24 8.6 High
Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
CVE-2026-32192 1 Microsoft 2 Azure Monitor, Azure Monitor Agent 2026-04-24 7.8 High
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.