| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method. |
| Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. |
| Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. |
| Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. |
| Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.
Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.
Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. |
| Azure Portal Elevation of Privilege Vulnerability |
| Azure OpenAI Elevation of Privilege Vulnerability |
| Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. |
| Azure Bot Service Elevation of Privilege Vulnerability |
| Azure Networking Elevation of Privilege Vulnerability |
| Azure Entra ID Elevation of Privilege Vulnerability |
| A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted. |
| Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. |
| Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network. |
| Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19. |
| Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) |
| Azure Entra ID Elevation of Privilege Vulnerability |
| Azure Entra ID Elevation of Privilege Vulnerability |
| Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an unauthorized attacker to perform spoofing over a network. |
