23986 matches found
CVE-2026-54998 Microsoft Exchange Online Elevation of Privilege Vulnerability
...
CVE-2026-54998
CVE-2026-54998 describes an incorrect authorization in Microsoft Exchange Online that enables an authorized attacker to elevate privileges over a network. This vulnerability impacts Exchange Online’s authorization checks, allowing escalation of access from an existing authorized state. The CVSS 3...
CVE-2026-41106 Microsoft 365 Copilot Elevation of Privilege Vulnerability
...
CVE-2026-45499
Technical details for CVE-2026-45499 are not publicly available in the provided documents. Monitor for updates; current sources only reiterate the SSRF elevation in Azure OpenAI without specification of affected products, versions, or fixes.
CVE-2026-26145
Technical details (affected product/component, root cause, impact, versions, or remediation) are not publicly provided in the supplied documents. Monitor updates from official sources for concrete information.
CVE-2026-45499 Azure OpenAI Elevation of Privilege Vulnerability
...
CVE-2026-57100
Technical details on affected products/versions, root cause, exploit scenarios, or mitigations are not publicly provided in the supplied documents. Monitor official sources for updates.
CVE-2026-57100 Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability
...
BIT-DOTNET-SDK-2026-35433 .NET Elevation of Privilege Vulnerability
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally...
BIT-DOTNET-2026-35433 .NET Elevation of Privilege Vulnerability
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally...
CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
...
CVE-2026-47645
Summary: CVE-2026-47645 is an open redirect vulnerability in Microsoft 365 Copilot’s Business Chat that can lead to privilege escalation over a network. The issue is described across sources (NVD/MSRC/CVE records) as a url redirection to an untrusted site, with a CVSS v3.1 base score of 8.8 (HIGH...
CVE-2026-48582
This CVE affects Microsoft Exchange Online. Missing authorization could allow an attacker with low privileges and network access (no user interaction) to elevate privileges (impact: high confidentiality and integrity, no availability impact) per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N, base...
CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability
...
CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability
...
CVE-2026-48584
CVE-2026-48584 affects Microsoft Azure Synapse. An authorized attacker with low privileges and network access can execute with unnecessary privileges to elevate to higher privileges across the system, with potential impact to confidentiality, integrity and availability (CVSS 3.1: CRITICAL, AV:N/A...
CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability
...
CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability
...
CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability
...
CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability
...