5024 matches found
CVE-2026-35430
Authorization bypass through user-controlled key in Azure Privileged Identity Management PIM allows an authorized attacker to elevate privileges over a network...
CVE-2026-23663
Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-23663
Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...
EUVD-2026-31522
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...
PT-2026-42849
Name of the Vulnerable Software and Affected Versions Microsoft Entra ID affected versions not specified Description An origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about ...
PT-2026-42839
Name of the Vulnerable Software and Affected Versions Azure Entra ID affected versions not specified Description Improper privilege management allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...
Microsoft Entra ID Elevation of Privilege Vulnerability
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-42822
Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network...
EUVD-2026-30787
Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network...
Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability
Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network...
Kite 代码问题漏洞
Kite is an AI code development tool developed by the Kite company in the United States. Version Kite 4.2.0.1 U1 contains a code vulnerability. This vulnerability stems from an unresolved service path in the KiteService Windows service, which may allow local attackers to gain elevated privileges b...
CVE-2026-20209
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability exists because sensitive...
Security Updates for Microsoft Windows Admin Center (May 2026)
The Microsoft Windows Admin Center installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. CVE-2026-35438 - Improper access...
CVE-2026-41086
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network...
CVE-2026-40407
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-40417
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally...
CVE-2026-40369
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-35417
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...
CVE-2026-34347
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...
CVE-2026-34338
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally...