| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally. |
| Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. |
| Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. |
| Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. |
| Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. |
| Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network. |
| Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. |
| Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. |
| Azure Portal Elevation of Privilege Vulnerability |
| Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. |
| Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. |
| Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. |
| Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network. |
| Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. |
| On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment. |
| Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. |
| Azure Bot Service Elevation of Privilege Vulnerability |
