PT-2026-3085

Name of the Vulnerable Software and Affected Versions Agentflow versions affected versions not specified Windows Admin Center versions affected versions not specified Description Agentflow, developed by Flowring, exhibits a Missing Authentication issue. This allows unauthenticated remote attacker...

CVE-2025-55697

CVE-2025-55697: Heap-based buffer overflow in Azure Local allows an authenticated, local attacker to escalate privileges. The vulnerability is mapped to Windows OS updates (KB5066835) and related advisories; Microsoft states a local elevation of privileges with high impact. Public exploits are no...

CVE-2025-59247

Azure PlayFab Elevation of Privilege Vulnerability...

CVE-2025-53013 Himmelblau offline auth permits authentication with invalid Hello PIN

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...

CVE-2025-30387

Improper limitation of a pathname to a restricted directory 'path traversal' in Azure allows an unauthorized attacker to elevate privileges over a network...

Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability

Improper limitation of a pathname to a restricted directory 'path traversal' in Azure allows an unauthorized attacker to elevate privileges over a network...

PT-2025-20997 · Microsoft · Azure

Name of the Vulnerable Software and Affected Versions: Azure affected versions not specified Description: The issue is related to improper limitation of a pathname to a restricted directory, also known as 'path traversal', which allows an unauthorized attacker to elevate privileges over a network...

CVE-2025-29972

Server-side request forgery ssrf in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network...

Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability

Improper access control in Azure allows an unauthorized attacker to disclose information over a network...

PT-2025-20431 · Microsoft · Azure

Name of the Vulnerable Software and Affected Versions: Azure affected versions not specified Description: The issue is related to improper access control in Azure, allowing an unauthorized attacker to disclose information over a network. Recommendations: At the moment, there is no information abo...

Microsoft Azure 代码问题漏洞

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. A code issue vulnerability exists in Microsoft Azure that stems from server-side request forgery and could lead to spoofing attacks...

PT-2025-18301 · Microsoft · Azure

Name of the Vulnerable Software and Affected Versions: Azure affected versions not specified Description: The issue is related to improper authorization in Azure, which allows an authorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no information abou...

CVE-2025-27489 Azure Local Elevation of Privilege Vulnerability

...

CVE-2025-27489 Azure Local Elevation of Privilege Vulnerability

...

CVE-2025-26628 Azure Local Cluster Information Disclosure Vulnerability

...

CVE-2025-25002 Azure Local Cluster Information Disclosure Vulnerability

...

KLA78851 OSI vulnerability in Microsoft Azure

Information disclosure vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2025-21380 CVE list CVE-2025-21380 critical Solution Install necessary updates from the KB section, that are listed in your...

AuthQuake Flaw Allowed MFA Bypass Across Azure, Office 365 Accounts

SUMMARY Cybersecurity researchers at Oasis Security have identified a vulnerability in Microsoft's Multi-Factor Authentication MFA, known as AuthQuake,…...

Microsoft Azure uAMQP azure-iot-sdks-ci Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of uAMQP. When installed from the official Microsoft GitHub repository,...

A week in security (June 3 – June 9)

Last week on Malwarebytes Labs: Google will start deleting location history Advance Auto Parts customer data posted for sale Husband stalked ex-wife with seven AirTags, indictment says Microsoft Recall snapshots can be easily grabbed with TotalRecall tool Financial sextortion scams on the rise Sa...