Lucene search
K
MicrosoftPurview

5 matches found

CVE
CVE
added 2025/01/09 10:7 p.m.135 views

CVE-2025-21385

Microsoft Purview CVE-2025-21385 is a Server-Side Request Forgery (SSRF) vulnerability that could allow an authenticated attacker to disclose information over the network. Public documents in the connected set confirm the vulnerability in Purview with a base CVSS v3 score of 6.5 (NVD) and a highe...

8.8CVSS6.7AI score0.24441EPSS
CVE
CVE
added 2025/07/18 5:4 p.m.40 views

CVE-2025-53762

CVE-2025-53762 — Microsoft Purview Elevation of Privilege . Affected product: Microsoft Purview. Description in sources: a permissive list of allowed inputs can enable an authorized attacker to elevate privileges over a network. The vulnerability is described as a network-exploitable privilege es...

9.9CVSS6.4AI score0.00738EPSS
CVE
CVE
added 2025/12/18 10:2 p.m.26 views

CVE-2025-64676

CVE-2025-64676 concerns Microsoft Purview eDiscovery Remote Code Execution. A flaw in Purview (via the // path) allows an authorized attacker to execute code over the network. Affected software is Microsoft Purview/eDiscovery; the root cause is a path-related/code-execution flaw that can enable t...

7.2CVSS6.9AI score0.00904EPSS
CVE
CVE
added 2026/03/19 9:6 p.m.10 views

CVE-2026-26138

CVE-2026-26138 describes a server-side request forgery (SSRF) in Microsoft Purview that enables an attacker to achieve a network-based privilege elevation. The connected sources confirm the vulnerable product (Microsoft Purview) and the impact (privilege escalation) via SSRF, but do not provide g...

10CVSS5.8AI score0.00566EPSS
CVE
CVE
added 2026/03/19 9:6 p.m.10 views

CVE-2026-26139

Microsoft Purview contains a server-side request forgery (SSRF) vulnerability that could allow a network-based attacker to elevate privileges within the target environment. Affected component: Microsoft Purview; root cause: SSRF leading to privilege elevation. Impact per CVSS: Confidentiality Hig...

8.6CVSS5.8AI score0.00551EPSS