Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-23658
CRITICAL CVSS 9.8
Find Similar
Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with
CVE-2026-47647
CRITICAL CVSS 9.9
Find Similar
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-32201
MEDIUM CVSS 6.5 KEV
Find Similar
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
The StrongDM Windows service incorrectly handled input validation. Authenticated attackers could potentially exploit this leading to privilege escalation.
In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.
CVE-2026-24303
CRITICAL CVSS 9.6
Find Similar
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-33821
CRITICAL CVSS 9.9
Find Similar
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.