Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stre
CVE-2025-59287
CRITICAL CVSS 9.8 KEV
Find Similar
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
CVE-2024-49147
CRITICAL CVSS 9.8
Find Similar
Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
CVE-2026-21531
CRITICAL CVSS 9.8
Find Similar
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
Page 1+ Next →