Lucene search
K

298 matches found

EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-41442

Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday11 views

CVE-2026-57100

Technical details on affected products/versions, root cause, exploit scenarios, or mitigations are not publicly provided in the supplied documents. Monitor official sources for updates.

9.9CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-57100

Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.9 views

CVE-2026-42525

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

4.3CVSS5.4AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41574

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts...

9.8CVSS5.4AI score0.00809EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/27 6:53 p.m.8 views

CVE-2026-45108 Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

8.4CVSS5.8AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 6:53 p.m.14 views

EUVD-2026-32633

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

8.4CVSS5.8AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 6:53 p.m.42 views

CVE-2026-45108 Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

8.4CVSS0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Himmelblau 安全漏洞

Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions of Himmelblau from 2.0.0 to 3.1.5, as well as versions prior to 2.3.11, contained security vulnerabilities. These vulnerabilities stemmed from the tokenvalidate function, which did not verify wheth...

8.4CVSS5.8AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.16 views

CVE-2026-42901

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.18 views

CVE-2026-23663

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...

7.5CVSS5.8AI score0.00551EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 11:16 p.m.37 views

CVE-2026-42901

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...

10CVSS0.00301EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 11:16 p.m.21 views

CVE-2026-23663

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...

7.5CVSS0.00551EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:4 p.m.7 views

CVE-2026-23663

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...

7.5CVSS5.8AI score0.00551EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/22 10:4 p.m.9 views

EUVD-2026-31521

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...

7.5CVSS5.8AI score0.00551EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 10:4 p.m.14 views

CVE-2026-42901 Microsoft Entra ID Elevation of Privilege Vulnerability

...

10CVSS5.8AI score0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:4 p.m.9 views

CVE-2026-42901

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00301EPSS
Exploits0References2
CVE
CVE
added 2026/05/22 10:4 p.m.47 views

CVE-2026-42901

CVE-2026-42901 affects Microsoft Entra ID. AOrigin validation error allows an unauthenticated attacker to elevate privileges over a network. Metrics indicate a CRITICAL impact (CVSSv3.1: 10.0, AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) with network-based access, no user interaction, and a changed scope...

10CVSS5.8AI score0.00301EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/22 10:4 p.m.16 views

CVE-2026-42901 Microsoft Entra ID Elevation of Privilege Vulnerability

...

10CVSS0.00301EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 10:4 p.m.9 views

EUVD-2026-31522

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00301EPSS
Exploits0References1
Rows per page
Query Builder