CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23954 matches found

CVE-2026-47645

Summary: CVE-2026-47645 is an open redirect vulnerability in Microsoft 365 Copilot’s Business Chat that can lead to privilege escalation over a network. The issue is described across sources (NVD/MSRC/CVE records) as a url redirection to an untrusted site, with a CVSS v3.1 base score of 8.8 (HIGH...

8.8CVSS5.8AI score

Exploits0References1

CVE•added yesterday•14 views

CVE-2026-48582

This CVE affects Microsoft Exchange Online. Missing authorization could allow an attacker with low privileges and network access (no user interaction) to elevate privileges (impact: high confidentiality and integrity, no availability impact) per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N, base...

9.6CVSS5.8AI score

Exploits0References1

CVE•added yesterday•13 views

CVE-2026-48584

CVE-2026-48584 affects Microsoft Azure Synapse. An authorized attacker with low privileges and network access can execute with unnecessary privileges to elevate to higher privileges across the system, with potential impact to confidentiality, integrity and availability (CVSS 3.1: CRITICAL, AV:N/A...

9.9CVSS5.9AI score

Exploits0References1

CVE•added yesterday•7 views

CVE-2016-20087

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that enables local privilege escalation by exploiting the service binary path. An attacker can place a malicious executable in the system root, which will run with SYSTEM privileges during service startup or system reboot. Aff...

8.5CVSS6.2AI score

Exploits0References4

Cvelist•added 2 days ago•15 views

CVE-2026-47647 Dynamics 365 Elevation of Privilege Vulnerability

...

9.9CVSS

Exploits0References1

CVE•added 2 days ago•21 views

CVE-2026-47647

CVE-2026-47647 relates to Microsoft Dynamics 365 and involves an improper access control that enables an authorized attacker to perform a network-based privilege escalation. The CVSS 3.1 metrics indicate a high-severity, network-exposed issue with low attack complexity and low privileges required...

9.9CVSS5.3AI score

Exploits0References1

Cvelist•added 2 days ago•15 views

CVE-2026-32174 Azure Bot Service Elevation of Privilege Vulnerability

...

7.7CVSS

Exploits0References1

CVE•added 2 days ago•12 views

CVE-2026-32174

CVE-2026-32174 concerns improper authentication in Azure Bot Service , enabling an authorized attacker to achieve privilege elevation over a network . The CVSS v3.1 base score is 7.7 (HIGH) with impact to Integrity (HIGH) and no confidentiality impact, no availability impact. Root cause: flawed a...

7.7CVSS5.3AI score

Exploits0References1

Microsoft CVE•added 2 days ago•6 views

Microsoft Exchange Online Elevation of Privilege Vulnerability

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network...

9.6CVSS5.8AI score

Exploits0

Microsoft CVE•added 2 days ago•5 views

Dynamics 365 Elevation of Privilege Vulnerability

Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score

Exploits0

Microsoft CVE•added 2 days ago•6 views

Azure Active Directory Elevation of Privilege Vulnerability

Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.9AI score

Exploits0

Microsoft CVE•added 2 days ago•5 views

Azure Bot Service Elevation of Privilege Vulnerability

Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network...

7.7CVSS5.9AI score

Exploits0

NVD•added 4 days ago•8 views

CVE-2026-50656

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the...

7.8CVSS0.00343EPSS

Exploits0References2

Cvelist•added 4 days ago•18 views

CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability

...

7.8CVSS0.00343EPSS

Exploits0References1

Vulnrichment•added 4 days ago•6 views

CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability

...

7.8CVSS5.2AI score0.00343EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:0 p.m.•5 views

CVE-2026-40404

Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...

7.8CVSS5.4AI score0.00311EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:0 p.m.•8 views

CVE-2026-40409

Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...

7.8CVSS5.4AI score0.0024EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:0 p.m.•7 views

CVE-2026-34691

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when th...

9.3CVSS5.4AI score0.00238EPSS

Exploits0References1

Qualys Blog•added 2026/06/09 8:52 p.m.•4 views

Microsoft and Adobe Patch Tuesday, June 2026 Security Update Review

Every Patch Tuesday presents a race between defenders applying fixes and attackers seeking opportunities. Microsoft’s June 2026 release is no exception, delivering security updates for vulnerabilities that could significantly impact enterprise environments if left unaddressed. Microsoft Patch...

9.8CVSS8.6AI score0.04297EPSS

Exploits2