Common Vulnerabilities and Exposures (CVE)
CVE-2025-71178
Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which c...
CVE-2026-0925
Tanium addressed an improper input validation vulnerability in Discover.
CVE-2026-21509
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-21264
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21521
Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-21227
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-24307
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-21524
Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-24306
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-24304
Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.
CVE-2026-21520
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
CVE-2026-21223
Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdEl...
CVE-2026-21226
Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.
CVE-2026-20941
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.