50 matches found
CVE-2026-42525
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
CVE-2026-42901
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-42901
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-42901
CVE-2026-42901 affects Microsoft Entra ID. AOrigin validation error allows an unauthenticated attacker to elevate privileges over a network. Metrics indicate a CRITICAL impact (CVSSv3.1: 10.0, AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) with network-based access, no user interaction, and a changed scope...
CVE-2026-42901 Microsoft Entra ID Elevation of Privilege Vulnerability
...
CVE-2026-42901 Microsoft Entra ID Elevation of Privilege Vulnerability
...
CVE-2026-42901
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...
Microsoft Entra ID 访问控制错误漏洞
Microsoft Entra ID is a cloud-based identity and management solution provided by Microsoft Corporation. There is an access control vulnerability in Microsoft Entra ID, which stems from a source verification error. This vulnerability could allow unauthorized attackers to escalate their privileges...
PT-2026-42849
Name of the Vulnerable Software and Affected Versions Microsoft Entra ID affected versions not specified Description An origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about ...
Microsoft Entra ID Elevation of Privilege Vulnerability
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...
KLA91067 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Microsoft Entra ID can be...
CVE-2026-42177
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
GHSA-JP6G-G3V3-6GVF Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability
Jenkins Microsoft Entra ID previously Azure AD Plugin versions 666.v6060de32f87d and earlier do not restrict the redirect URL after login. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful...
Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability
Jenkins Microsoft Entra ID previously Azure AD Plugin versions 666.v6060de32f87d and earlier do not restrict the redirect URL after login. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful...
CVE-2026-42525
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
CVE-2026-42525
The CVE-2026-42525 entry concerns the Jenkins Microsoft Entra ID (formerly Azure AD) Plugin, specifically version 666.v6060de32f87d and earlier. The vulnerability is that the plugin does not restrict the redirect URL after login, enabling phishing-style attacks via credential/redirect redirection...
CVE-2026-42525
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
CVE-2026-42525
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
March 21, 2026—KB5085516 (OS Builds 26200.8039 and 26100.8039) Out-of-band
March 21, 2026—KB5085516 OS Builds 26200.8039 and 26100.8039 Out-of-band This out-of-band update for Windows 11, version 25H2 and 24H2 KB5085516 is cumulative. It includes updates from previous security and non-security releases, along with an additional fix. To learn more about differences...
CVE-2026-3224
Affected software: Devolutions Server (versions 2025.3.15.0 and earlier). Vulnerability: Authentication bypass in Microsoft Entra ID (Azure AD) mode, allowing an unauthenticated user to impersonate any Entra ID user via a forged JWT. Documented behavior points to exploitation via the /api/v1/logi...