CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability

...

CVE-2026-47645

Summary: CVE-2026-47645 is an open redirect vulnerability in Microsoft 365 Copilot’s Business Chat that can lead to privilege escalation over a network. The issue is described across sources (NVD/MSRC/CVE records) as a url redirection to an untrusted site, with a CVSS v3.1 base score of 8.8 (HIGH...

CVE-2026-48582

This CVE affects Microsoft Exchange Online. Missing authorization could allow an attacker with low privileges and network access (no user interaction) to elevate privileges (impact: high confidentiality and integrity, no availability impact) per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N, base...

CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability

...

CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability

...

CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability

...

CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability

...

CVE-2026-48584

CVE-2026-48584 affects Microsoft Azure Synapse. An authorized attacker with low privileges and network access can execute with unnecessary privileges to elevate to higher privileges across the system, with potential impact to confidentiality, integrity and availability (CVSS 3.1: CRITICAL, AV:N/A...

CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability

...

CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability

...

CVE-2016-20094 AnyDesk 2.5.0 Unquoted Service Path Elevation of Privilege

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during applicatio...

CVE-2016-20092 NetDrive 2.6.12 Unquoted Service Path Elevation of Privilege

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2ServiceNetdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or...

CVE-2016-20087

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that enables local privilege escalation by exploiting the service binary path. An attacker can place a malicious executable in the system root, which will run with SYSTEM privileges during service startup or system reboot. Aff...

Astra Linux – Vulnerability in Samba

Netlogon RPC Elevation of Privilege Vulnerability...

Astra Linux – Vulnerability in Samba

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability...

Astra Linux – Vulnerability in Samba

Windows Kerberos Elevation of Privilege Vulnerability...

CVE-2026-47647 Dynamics 365 Elevation of Privilege Vulnerability

...

CVE-2026-47647 Dynamics 365 Elevation of Privilege Vulnerability

...

CVE-2026-47647

CVE-2026-47647 relates to Microsoft Dynamics 365 and involves an improper access control that enables an authorized attacker to perform a network-based privilege escalation. The CVSS 3.1 metrics indicate a high-severity, network-exposed issue with low attack complexity and low privileges required...

CVE-2026-32174 Azure Bot Service Elevation of Privilege Vulnerability

...