93 matches found
CVE-2025-7695
CVE-2025-7695 – Dataverse Integration (WordPress) : The Dataverse Integration plugin versions 2.77–2.81 are vulnerable to privilege escalation via the reset_password_link REST endpoint. The handler accepts a client-supplied id, email, or login and calls get_password_reset_key() after only validat...
CVE-2025-7695 Dataverse Integration 2.77 - 2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_password_link REST Route
The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its resetpasswordlink REST endpoint in versions 2.77 through 2.81. The endpoint’s handler accepts a client-supplied id, email, or login, looks up that user, and calls...
WordPress plugin Dataverse Integration 安全漏洞
WordPress Dataverse Integration is a plugin mainly used to connect WordPress with Dataverse to achieve two-way data synchronization and business application integration. WordPress Dataverse Integration suffers from a lack of authorization vulnerability, which stems from a lack of authorization...
PT-2025-30655 · WordPress · Dataverse Integration
Name of the Vulnerable Software and Affected Versions: Dataverse Integration versions 2.77 through 2.81 Description: The plugin is susceptible to privilege escalation due to missing authorization checks within the reset password link REST endpoint. The endpoint’s handler unconditionally calls get...
The vulnerability of the Microsoft Dataverse data management platform, which arises from incorrect handling of insufficient permissions or privileges, allows a perpetrator to escalate their privileges.
The vulnerability of the Microsoft Dataverse data management platform is related to the improper handling of insufficient permissions or privileges. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of the Microsoft Dataverse data management platform, related to deficiencies in deserialization mechanisms, allows attackers to execute arbitrary code.
The vulnerability of the Microsoft Dataverse data management platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2025-29826
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network...
Vulnerabilities fixed in Microsoft Dynamics Dataverse
Microsoft has fixed vulnerabilities in Dynamics Dataverse. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code with application privileges. For the vulnerability with reference CVE-2025-47732, Microsoft has released updates in th...
CVE-2025-29826
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network...
CVE-2025-29826
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network...
CVE-2025-29826 Microsoft Dataverse Elevation of Privilege Vulnerability
...
CVE-2025-29826
CVE-2025-29826 is reported as a Microsoft Dataverse elevation-of-privilege vulnerability caused by improper handling of permissions. The initial description and multiple connected sources consistently identify Microsoft Dataverse as the affected product and an authorization-based privilege escala...
CVE-2025-29826 Microsoft Dataverse Elevation of Privilege Vulnerability
...
Microsoft Dataverse Elevation of Privilege Vulnerability
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network...
Microsoft Dataverse 安全漏洞
Microsoft Dataverse is a cloud-based data platform from Microsoft Corporation USA. It is used to share, save, cite, explore and analyze research data. Microsoft Dataverse has a security vulnerability. An attacker can elevate privileges by exploiting the vulnerability...
PT-2025-20944 · Microsoft · Dataverse
Name of the Vulnerable Software and Affected Versions: Microsoft Dataverse affected versions not specified Description: The issue is related to the improper handling of insufficient permissions or privileges, allowing an authorized attacker to elevate privileges over a network. Recommendations: A...
KLA83572 PE vulnerability in Microsoft Dynamics
An elevation of privilege vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-29826 Related products Microsoft-Dynamics-365 CVE list CVE-2025-29826 critical KB list Solution Install necessary updates from t...
CVE-2025-47732
Microsoft Dataverse Remote Code Execution Vulnerability...
CVE-2025-47732
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network...
CVE-2025-47732
CVE-2025-47732 is a Microsoft Dataverse remote code execution vulnerability caused by deserialization of untrusted data. The issue enables an authenticated attacker to run arbitrary code over the network. In the ENISA/NCSC and CVE listings, the impact is described as remote code execution with hi...