Lucene search
K

50 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.13 views

CVE-2026-42525

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

4.3CVSS5.4AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.17 views

CVE-2026-42901

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00301EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 11:16 p.m.38 views

CVE-2026-42901

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...

10CVSS0.00301EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 10:4 p.m.51 views

CVE-2026-42901

CVE-2026-42901 affects Microsoft Entra ID. AOrigin validation error allows an unauthenticated attacker to elevate privileges over a network. Metrics indicate a CRITICAL impact (CVSSv3.1: 10.0, AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) with network-based access, no user interaction, and a changed scope...

10CVSS5.8AI score0.00301EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/22 10:4 p.m.20 views

CVE-2026-42901 Microsoft Entra ID Elevation of Privilege Vulnerability

...

10CVSS0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 10:4 p.m.14 views

CVE-2026-42901 Microsoft Entra ID Elevation of Privilege Vulnerability

...

10CVSS5.8AI score0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:4 p.m.9 views

CVE-2026-42901

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00301EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

Microsoft Entra ID 访问控制错误漏洞

Microsoft Entra ID is a cloud-based identity and management solution provided by Microsoft Corporation. There is an access control vulnerability in Microsoft Entra ID, which stems from a source verification error. This vulnerability could allow unauthorized attackers to escalate their privileges...

10CVSS5.8AI score0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.22 views

PT-2026-42849

Name of the Vulnerable Software and Affected Versions Microsoft Entra ID affected versions not specified Description An origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about ...

10CVSS5.8AI score0.00301EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2026/05/21 2:0 p.m.16 views

Microsoft Entra ID Elevation of Privilege Vulnerability

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00301EPSS
Exploits0
Kaspersky
Kaspersky
added 2026/05/21 12:0 a.m.18 views

KLA91067 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Microsoft Entra ID can be...

10CVSS7.8AI score0.00579EPSS
Exploits0References13
NVD
NVD
added 2026/05/12 6:17 p.m.17 views

CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS0.00234EPSS
Exploits0References1
OSV
OSV
added 2026/04/29 3:30 p.m.6 views

GHSA-JP6G-G3V3-6GVF Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability

Jenkins Microsoft Entra ID previously Azure AD Plugin versions 666.v6060de32f87d and earlier do not restrict the redirect URL after login. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful...

4.3CVSS5.7AI score0.00212EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/29 3:30 p.m.10 views

Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability

Jenkins Microsoft Entra ID previously Azure AD Plugin versions 666.v6060de32f87d and earlier do not restrict the redirect URL after login. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful...

4.3CVSS5.7AI score0.00212EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/29 2:16 p.m.6 views

CVE-2026-42525

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

4.3CVSS0.00212EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 1:31 p.m.17 views

CVE-2026-42525

The CVE-2026-42525 entry concerns the Jenkins Microsoft Entra ID (formerly Azure AD) Plugin, specifically version 666.v6060de32f87d and earlier. The vulnerability is that the plugin does not restrict the redirect URL after login, enabling phishing-style attacks via credential/redirect redirection...

4.3CVSS5.2AI score0.00212EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/29 1:31 p.m.4 views

CVE-2026-42525

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

5.2AI score0.00212EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/29 1:31 p.m.6 views

CVE-2026-42525

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2026/03/21 12:0 a.m.22 views

March 21, 2026—KB5085516 (OS Builds 26200.8039 and 26100.8039) Out-of-band

March 21, 2026—KB5085516 OS Builds 26200.8039 and 26100.8039 Out-of-band ​​​​This out-of-band update for Windows 11, version 25H2 and 24H2 KB5085516 is cumulative. It includes updates from previous security and non-security releases, along with an additional fix. To learn more about differences...

5.8AI score
Exploits0
CVE
CVE
added 2026/03/03 9:21 p.m.27 views

CVE-2026-3224

Affected software: Devolutions Server (versions 2025.3.15.0 and earlier). Vulnerability: Authentication bypass in Microsoft Entra ID (Azure AD) mode, allowing an unauthenticated user to impersonate any Entra ID user via a forged JWT. Documented behavior points to exploitation via the /api/v1/logi...

9.8CVSS6AI score0.00506EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder