299 matches found
EUVD-2026-41442
Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...
CVE-2026-57100
Technical details on affected products/versions, root cause, exploit scenarios, or mitigations are not publicly provided in the supplied documents. Monitor official sources for updates.
CVE-2026-57100
Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...
PT-2026-55321
Name of the Vulnerable Software and Affected Versions Microsoft Entra Provisioning Service SyncFabric affected versions not specified Description Server-side request forgery SSRF in the Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a...
CVE-2026-42525
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
CVE-2026-41574
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts...
CVE-2026-45108 Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...
EUVD-2026-32633
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...
CVE-2026-45108 Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...
Himmelblau 安全漏洞
Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions of Himmelblau from 2.0.0 to 3.1.5, as well as versions prior to 2.3.11, contained security vulnerabilities. These vulnerabilities stemmed from the tokenvalidate function, which did not verify wheth...
CVE-2026-42901
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-23663
Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-42901
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-23663
Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-23663
Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...
EUVD-2026-31521
Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-42901 Microsoft Entra ID Elevation of Privilege Vulnerability
...
CVE-2026-42901
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-42901
CVE-2026-42901 affects Microsoft Entra ID. AOrigin validation error allows an unauthenticated attacker to elevate privileges over a network. Metrics indicate a CRITICAL impact (CVSSv3.1: 10.0, AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) with network-based access, no user interaction, and a changed scope...
CVE-2026-42901 Microsoft Entra ID Elevation of Privilege Vulnerability
...