Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
13 CRITICAL6 HIGH1 MEDIUM
CVE-2026-23663
HIGH CVSS 7.5
Find Similar
Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network.
microsoft
NVD RRF 0.015
CVE-2026-42901
CRITICAL CVSS 10.0
Find Similar
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.
microsoft
NVD RRF 0.015
CVE-2024-43477
HIGH CVSS 7.5
Find Similar
Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.
microsoft
NVD RRF 0.015
CVE-2026-0948
MEDIUM CVSS 6.5
Find Similar
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 be
jaseerkinangattil
NVD RRF 0.015
CVE-2026-26148
HIGH CVSS 8.1
Find Similar
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.
microsoft
NVD RRF 0.014
CVE-2026-33843
CRITICAL CVSS 9.8
Find Similar
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
microsoft
NVD RRF 0.014
CVE-2026-22048
HIGH CVSS 7.1
Find Similar
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible
NVD RRF 0.013
CVE-2026-32173
HIGH CVSS 7.5
Find Similar
Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
microsoft
NVD RRF 0.013
CVE-2026-3224
CRITICAL CVSS 9.8
Find Similar
Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID use
devolutions
NVD RRF 0.013
CVE-2025-29813
CRITICAL CVSS 9.8
Find Similar
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
microsoft
NVD RRF 0.013
Page 1+ Next →