Security Vulnerabilities
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.1
EPSS Score
0.001
Published
2026-05-07
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
CVSS Score
10.0
EPSS Score
0.001
Published
2026-05-07
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVSS Score
9.9
EPSS Score
0.001
Published
2026-05-07
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-05-07
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
CVSS Score
9.6
EPSS Score
0.001
Published
2026-05-07
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVSS Score
9.0
EPSS Score
0.001
Published
2026-05-07
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
8.2
EPSS Score
0.002
Published
2026-05-07
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
9.6
EPSS Score
0.0
Published
2026-05-07
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.6
EPSS Score
0.001
Published
2026-05-07
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-05-07