Security Vulnerabilities
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.0
Published
2026-05-22
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-05-22
Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network.
CVSS Score
10.0
EPSS Score
0.003
Published
2026-05-22
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
CVSS Score
9.3
EPSS Score
0.001
Published
2026-05-22
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
CVSS Score
9.9
EPSS Score
0.001
Published
2026-05-22
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
CVSS Score
10.0
EPSS Score
0.004
Published
2026-05-22
Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-05-22
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-05-22
Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.
CVSS Score
10.0
EPSS Score
0.001
Published
2026-05-22
Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-05-22