Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.
CVE-2025-30392
CRITICAL CVSS 9.8
Find Similar
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-30389
CRITICAL CVSS 9.8
Find Similar
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2024-49052
CRITICAL CVSS 9.8
Find Similar
Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network.
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-48582
CRITICAL CVSS 9.6
Find Similar
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
CVE-2026-32213
CRITICAL CVSS 9.8
Find Similar
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
CVE-2024-38194
CRITICAL CVSS 9.9
Find Similar
An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.
Page 1+ Next →