Lucene search
K

304 matches found

CVE
CVE
added 2026/04/29 1:31 p.m.18 views

CVE-2026-42525

The CVE-2026-42525 entry concerns the Jenkins Microsoft Entra ID (formerly Azure AD) Plugin, specifically version 666.v6060de32f87d and earlier. The vulnerability is that the plugin does not restrict the redirect URL after login, enabling phishing-style attacks via credential/redirect redirection...

4.3CVSS5.2AI score0.00212EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/29 1:31 p.m.11 views

EUVD-2026-26227

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

4.3CVSS5.2AI score0.00212EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 1:31 p.m.4 views

CVE-2026-42525

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

5.2AI score0.00212EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/29 1:31 p.m.6 views

CVE-2026-42525

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

Jenkins Microsoft Entra ID Plugin 输入验证错误漏洞

The Jenkins Microsoft Entra ID Plugin is an open-source plugin developed for continuous integration systems, providing authentication and single-sign-on capabilities based on the enterprise identity platform. The Jenkins Microsoft Entra ID Plugin versions 666.v6060de32f87d and earlier contain a...

4.3CVSS5.9AI score0.00212EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.8 views

PT-2026-35919

Name of the Vulnerable Software and Affected Versions Jenkins Microsoft Entra ID previously Azure AD Plugin versions prior to 666.v6060de32f87d Description The plugin does not restrict the redirect URL after login, which allows attackers to perform phishing attacks. Recommendations Update the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2026/04/28 6:37 a.m.10 views

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

An administrative role meant for artificial intelligence AI agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agen...

6AI score
Exploits0
HackRead
HackRead
added 2026/04/26 7:21 p.m.12 views

Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation

Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft...

5.3AI score
Exploits0
EUVD
EUVD
added 2026/04/24 12:31 a.m.8 views

EUVD-2026-25312

Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...

10CVSS5.8AI score0.00511EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 9:37 p.m.33 views

CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability

...

10CVSS0.00511EPSS
Exploits0References1
CVE
CVE
added 2026/04/23 9:37 p.m.81 views

CVE-2026-35431

CVE-2026-35431 covers a spoofing vulnerability in Microsoft Entra ID Entitlement Management. The entry indicates a remote, network-exploitable flaw with no user interaction, causing high impact to confidentiality, integrity, and availability (S:C, C:H, I:H, A:H). Exploit code maturity is UNPROVEN...

10CVSS5.8AI score0.00511EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/23 9:37 p.m.4 views

CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability

...

10CVSS5.1AI score0.00511EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/04/23 2:0 p.m.10 views

Microsoft Entra ID Entitlement Management Spoofing Vulnerability

Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...

10CVSS5.8AI score0.00511EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.9 views

PT-2026-34762

Name of the Vulnerable Software and Affected Versions Microsoft Entra ID Entitlement Management affected versions not specified Description Server-side request forgery SSRF in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. This flaw...

10CVSS5.2AI score0.00511EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2026/04/19 7:34 a.m.132 views

GRC-demo-poc-oscal

GRC-OSCAL — continuous compliance, demonstrated A working pro...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/01 5:25 p.m.3 views

CVE-2026-34397

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...

6.3CVSS5.8AI score0.00158EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/04/01 5:25 p.m.5 views

EUVD-2026-17983

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...

6.3CVSS5.8AI score0.00158EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

Himmelblau 安全漏洞

Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. There is a security vulnerability in Himmelblau, which stems from conditional local privilege escalation due to name conflicts in edge scenarios. If the mapped CN or short name matches the name of a...

7CVSS5.8AI score0.00158EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.7 views

CVE-2026-31979

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

8.8CVSS5.9AI score0.00196EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.4 views

CVE-2026-31957

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...

10CVSS6AI score0.00501EPSS
Exploits0References1
Rows per page
Query Builder