Lucene search
K

304 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.6 views

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2026/03/21 12:0 a.m.22 views

March 21, 2026—KB5085516 (OS Builds 26200.8039 and 26100.8039) Out-of-band

March 21, 2026—KB5085516 OS Builds 26200.8039 and 26100.8039 Out-of-band ​​​​This out-of-band update for Windows 11, version 25H2 and 24H2 KB5085516 is cumulative. It includes updates from previous security and non-security releases, along with an additional fix. To learn more about differences...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/11 7:47 p.m.8 views

EUVD-2026-11332

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

8.8CVSS5.9AI score0.00196EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/11 7:25 p.m.7 views

EUVD-2026-11321

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...

10CVSS5.9AI score0.00501EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 7:25 p.m.34 views

CVE-2026-31957 Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...

10CVSS0.00501EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

Himmelblau 安全漏洞

Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions prior to Himmelblau 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that authentication was not limited by tenant domains, allowing for attempts at...

10CVSS5.8AI score0.00501EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.10 views

Himmelblau 后置链接漏洞

Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions prior to Himmelblau 3.1.0 and 2.3.8 had a post-link vulnerability, which was due to insufficient protection for symbolic links, potentially allowing local privilege escalation...

8.8CVSS5.8AI score0.00196EPSS
Exploits1References1
NCSC
NCSC
added 2026/03/10 8:15 p.m.14 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, grant themselves elevated privileges or gain access to sensitive data. Azure Entra ID: |----------------|------|-------------------------------------| ...

8.8CVSS5.8AI score0.01046EPSS
Exploits0
EUVD
EUVD
added 2026/03/10 6:31 p.m.6 views

EUVD-2026-10702

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 6:18 p.m.11 views

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

8.1CVSS0.00359EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 6:18 p.m.6 views

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

8.1CVSS5.7AI score0.00359EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 5:5 p.m.5 views

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/03/10 2:0 p.m.6 views

Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

8.1CVSS5.8AI score0.00359EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.6 views

Microsoft Azure Entra ID 安全漏洞

Microsoft Azure Entra ID is a cloud-based identity and access management service provided by Microsoft Corporation in the United States. There are security vulnerabilities associated with Microsoft Azure Entra ID. Attackers can exploit these vulnerabilities to gain higher levels of access...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.4 views

PT-2026-24338

Name of the Vulnerable Software and Affected Versions Azure Entra ID affected versions not specified Description An issue exists in Azure Entra ID where external initialization of trusted variables or data stores can allow an unauthorized attacker to elevate privileges locally. Recommendations At...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.4 views

CVE-2026-3224

Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...

9.8CVSS6AI score0.00506EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 12:30 a.m.5 views

EUVD-2026-9338

Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...

9.8CVSS6AI score0.00506EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 10:16 p.m.3 views

CVE-2026-3224

Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...

9.8CVSS5.9AI score0.00506EPSS
Exploits0References1
NVD
NVD
added 2026/03/03 10:16 p.m.15 views

CVE-2026-3224

Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...

9.8CVSS0.00506EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/03 9:21 p.m.4 views

CVE-2026-3224

Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...

6AI score0.00506EPSS
Exploits0References1
Rows per page
Query Builder