304 matches found
CVE-2026-42525
The CVE-2026-42525 entry concerns the Jenkins Microsoft Entra ID (formerly Azure AD) Plugin, specifically version 666.v6060de32f87d and earlier. The vulnerability is that the plugin does not restrict the redirect URL after login, enabling phishing-style attacks via credential/redirect redirection...
EUVD-2026-26227
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
CVE-2026-42525
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
CVE-2026-42525
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
Jenkins Microsoft Entra ID Plugin 输入验证错误漏洞
The Jenkins Microsoft Entra ID Plugin is an open-source plugin developed for continuous integration systems, providing authentication and single-sign-on capabilities based on the enterprise identity platform. The Jenkins Microsoft Entra ID Plugin versions 666.v6060de32f87d and earlier contain a...
PT-2026-35919
Name of the Vulnerable Software and Affected Versions Jenkins Microsoft Entra ID previously Azure AD Plugin versions prior to 666.v6060de32f87d Description The plugin does not restrict the redirect URL after login, which allows attackers to perform phishing attacks. Recommendations Update the...
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
An administrative role meant for artificial intelligence AI agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agen...
Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation
Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft...
EUVD-2026-25312
Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability
...
CVE-2026-35431
CVE-2026-35431 covers a spoofing vulnerability in Microsoft Entra ID Entitlement Management. The entry indicates a remote, network-exploitable flaw with no user interaction, causing high impact to confidentiality, integrity, and availability (S:C, C:H, I:H, A:H). Exploit code maturity is UNPROVEN...
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability
...
Microsoft Entra ID Entitlement Management Spoofing Vulnerability
Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...
PT-2026-34762
Name of the Vulnerable Software and Affected Versions Microsoft Entra ID Entitlement Management affected versions not specified Description Server-side request forgery SSRF in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. This flaw...
GRC-demo-poc-oscal
GRC-OSCAL — continuous compliance, demonstrated A working pro...
CVE-2026-34397
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...
EUVD-2026-17983
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...
Himmelblau 安全漏洞
Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. There is a security vulnerability in Himmelblau, which stems from conditional local privilege escalation due to name conflicts in edge scenarios. If the mapped CN or short name matches the name of a...
CVE-2026-31979
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...
CVE-2026-31957
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...