Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.
Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.
Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-47280
CRITICAL CVSS 9.8
Find Similar
Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-33843
CRITICAL CVSS 9.8
Find Similar
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to i
CVE-2026-21515
CRITICAL CVSS 9.9
Find Similar
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by sup
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to
CVE-2026-33105
CRITICAL CVSS 9.8
Find Similar
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
CVE-2024-38194
CRITICAL CVSS 9.9
Find Similar
An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Page 1+ Next →