CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58 matches found

EUVD•added 2026/05/27 6:53 p.m.•9 views

EUVD-2026-32633

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

8.4CVSS5.8AI score0.00072EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•5 views

Himmelblau 安全漏洞

Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions of Himmelblau from 2.0.0 to 3.1.5, as well as versions prior to 2.3.11, contained security vulnerabilities. These vulnerabilities stemmed from the tokenvalidate function, which did not verify wheth...

8.4CVSS5.8AI score0.00072EPSS

Exploits0References1

RedhatCVE•added 2026/05/26 2:12 p.m.•8 views

CVE-2026-23663

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...

7.5CVSS5.8AI score0.00097EPSS

Exploits0References1

Positive Technologies•added 2026/05/22 12:0 a.m.•12 views

PT-2026-42839

Name of the Vulnerable Software and Affected Versions Azure Entra ID affected versions not specified Description Improper privilege management allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...

7.5CVSS5.8AI score0.00097EPSS

Exploits0References5

CNNVD•added 2026/05/22 12:0 a.m.•3 views

Microsoft Azure Entra ID 安全漏洞

Microsoft Azure Entra ID is a cloud-based identity and access management service provided by Microsoft Corporation in the United States. There is a security vulnerability in Microsoft Azure Entra ID, which stems from improper permission management. This vulnerability could allow unauthorized...

7.5CVSS5.8AI score0.00097EPSS

Exploits0References1

Microsoft CVE•added 2026/05/21 2:0 p.m.•8 views

Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...

7.5CVSS5.8AI score0.00097EPSS

Exploits0

EUVD•added 2026/05/12 6:30 p.m.•7 views

EUVD-2026-29655

Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS5.8AI score0.00062EPSS

Exploits0References2

NVD•added 2026/05/12 6:17 p.m.•6 views

CVE-2026-40379

Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS0.00062EPSS

Exploits0References1

ATTACKERKB•added 2026/05/12 4:58 p.m.•9 views

CVE-2026-40379

Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS5.8AI score0.00062EPSS

Exploits0References2

CNNVD•added 2026/05/07 12:0 a.m.•2 views

Microsoft Azure Entra ID 信息泄露漏洞

Microsoft Azure Entra ID is a cloud-based identity and access management service provided by Microsoft Corporation in the United States. There is an information leakage vulnerability in Microsoft Azure Entra ID, which stems from a mixed identity synchronization flaw...

9.3CVSS6AI score0.00062EPSS

Exploits0References2

ATTACKERKB•added 2026/04/01 5:25 p.m.•1 views

CVE-2026-34397

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...

6.3CVSS5.8AI score0.00013EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/04/01 12:0 a.m.•1 views

Himmelblau 安全漏洞

Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. There is a security vulnerability in Himmelblau, which stems from conditional local privilege escalation due to name conflicts in edge scenarios. If the mapped CN or short name matches the name of a...

7CVSS5.8AI score0.00013EPSS

Exploits1References3

RedhatCVE•added 2026/03/26 2:59 p.m.•3 views

CVE-2026-31979

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

8.8CVSS5.9AI score0.00022EPSS

Exploits1References1

RedhatCVE•added 2026/03/26 2:59 p.m.•1 views

CVE-2026-31957

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...

10CVSS6AI score0.00359EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 2:57 p.m.•2 views

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

8.1CVSS5.8AI score0.00059EPSS

Exploits0References1

EUVD•added 2026/03/11 7:47 p.m.•2 views

EUVD-2026-11332

8.8CVSS5.9AI score0.00022EPSS

Exploits1References1

EUVD•added 2026/03/11 7:25 p.m.•3 views