|
121
|
9.8 |
CRITICAL
Network
|
microsoft
|
entra_id
|
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-33843
|
2026-05-28 01:50 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
8.8 |
HIGH
Network
|
microsoft
|
azure_privileged_identity_management
|
Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-35430
|
2026-05-28 01:48 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
8.8 |
HIGH
Network
|
microsoft
|
azure_virtual_network_gateway
|
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-40411
|
2026-05-28 01:47 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
9.8 |
CRITICAL
Network
|
microsoft
|
azure_orbital_spatio
|
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-40412
|
2026-05-28 01:37 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
7.5 |
HIGH
Network
|
microsoft
|
365_copilot
|
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
New
|
CWE-77
Command Injection
|
CVE-2026-42827
|
2026-05-28 01:27 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
9.8 |
CRITICAL
Network
|
microsoft
|
azure_resource_manager
|
Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.
New
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-47280
|
2026-05-28 01:14 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
9.8 |
CRITICAL
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers ca…
New
|
CWE-94
Code Injection
|
CVE-2018-25357
|
2026-05-28 00:56 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
8.1 |
HIGH
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK vari…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-48694
|
2026-05-28 00:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
8.1 |
HIGH
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php…
New
|
CWE-78
OS Command
|
CVE-2026-48695
|
2026-05-28 00:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
6.2 |
MEDIUM
Local
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689.
New
|
CWE-120
CWE-676
Classic Buffer Overflow
Use of Potentially Dangerous Function
|
CVE-2026-48696
|
2026-05-28 00:42 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
