Common Vulnerabilities and Exposures (CVE)

CVE-2025-59503

Nov 22, 2025 04:09:57 UTC

Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-59273

Nov 22, 2025 04:09:56 UTC

Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-59286

Nov 22, 2025 04:09:56 UTC

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-55321

Nov 22, 2025 04:09:55 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-59272

Nov 22, 2025 04:09:55 UTC

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-59271

Nov 22, 2025 04:09:54 UTC

Redis Enterprise Elevation of Privilege Vulnerability

CVE-2025-59252

Nov 22, 2025 04:09:53 UTC

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-59247

Nov 22, 2025 04:09:53 UTC

Azure PlayFab Elevation of Privilege Vulnerability

CVE-2025-59246

Nov 22, 2025 04:09:52 UTC

Azure Entra ID Elevation of Privilege Vulnerability

CVE-2025-59218

Nov 22, 2025 04:09:52 UTC

Azure Entra ID Elevation of Privilege Vulnerability

CVE-2025-59497

Nov 22, 2025 04:09:51 UTC

Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.

CVE-2025-59289

Nov 22, 2025 04:09:51 UTC

Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

CVE-2025-59287

Nov 22, 2025 04:09:50 UTC

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

CVE-2025-59285

Nov 22, 2025 04:09:50 UTC

Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

CVE-2025-59278

Nov 22, 2025 04:09:49 UTC

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.