CVE-2026-25219 - The `access_key` and `connection_string` connection properties were not marked as sensitive names in

CVE-2026-32192 - Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate pr

CVE-2026-32171 - Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate pr

CVE-2026-32168 - Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges

CVE-2026-33107 - Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate pr

CVE-2026-33105 - Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elev

CVE-2026-32213 - Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges ove

CVE-2026-32211 - Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to

CVE-2026-32173 - Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information o

CVE-2026-26135 - Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an author

CVE-2026-34750 - Payload is a free and open source headless content management system. Prior to version 3.78.0 in @pa

CVE-2026-34397 - Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0