CVE-2026-33107 - Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate pr

CVE-2026-33105 - Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elev

CVE-2026-32213 - Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges ove

CVE-2026-32211 - Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to

CVE-2026-32173 - Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information o

CVE-2026-26135 - Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an author

CVE-2026-34750 - Payload is a free and open source headless content management system. Prior to version 3.78.0 in @pa

CVE-2026-34397 - Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0

CVE-2026-33980 - Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants t

CVE-2026-33726 - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to

CVE-2026-32169 - Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate p

CVE-2026-23659 - Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthori

CVE-2026-23658 - Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate priv

CVE-2026-2559 - The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missi

CVE-2026-32268 - The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS

CVE-2026-31979 - Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and

CVE-2026-31957 - Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to befor

CVE-2026-31813 - Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vuln

CVE-2026-26148 - External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized

CVE-2026-26141 - Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.

CVE-2026-26121 - Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform

CVE-2026-26118 - Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate priv

CVE-2026-26117 - Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allo

CVE-2026-23665 - Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate

CVE-2026-23664 - Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an

CVE-2026-23662 - Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker t

CVE-2026-23661 - Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacke

CVE-2026-23660 - Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevat

CVE-2026-26124 - '.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

CVE-2026-26122 - Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized

CVE-2026-23651 - Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate priv

CVE-2026-3224 - Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server

CVE-2026-2628 - The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to a

CVE-2026-27640 - tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports.

CVE-2026-22048 - StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sig

CVE-2026-23655 - Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to

CVE-2026-21531 - Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over

CVE-2026-21529 - Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsi

CVE-2026-21528 - Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to discl

CVE-2026-21522 - Improper neutralization of special elements used in a command ('command injection') in Azure Compute

CVE-2026-21512 - Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform s

CVE-2026-21228 - Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over

CVE-2026-24302 - Azure Arc Elevation of Privilege Vulnerability

CVE-2026-24300 - Azure Front Door Elevation of Privilege Vulnerability

CVE-2026-21532 - Azure Function Information Disclosure Vulnerability

CVE-2026-23889 - pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's tarbal

CVE-2026-24304 - Improper access control in Azure Resource Manager allows an authorized attacker to elevate privilege

CVE-2026-24306 - Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privile

CVE-2026-24305 - Azure Entra ID Elevation of Privilege Vulnerability

CVE-2026-21524 - Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthor

CVE-2026-21227 - Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps a

CVE-2026-23518 - Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2

CVE-2026-21226 - Deserialization of untrusted data in Azure Core shared client library for Python allows an authorize

CVE-2026-21224 - Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevat