Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-13 | CVE-2025-30387 | Path Traversal vulnerability in Microsoft Azure AI Document Intelligence Studio Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network. | 9.8 |
| 2025-05-08 | CVE-2025-29813 | Improper Authentication vulnerability in Microsoft Azure Devops [Spoofable identity claims] Authentication Bypass by Assumed-Immutable Data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | 9.8 |
| 2025-05-08 | CVE-2025-29972 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Storage Resource Provider Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network. | 9.8 |
| 2025-05-08 | CVE-2025-47732 | Deserialization of Untrusted Data vulnerability in Microsoft Dataverse Microsoft Dataverse Remote Code Execution Vulnerability | 9.8 |
| 2025-04-30 | CVE-2025-30389 | Improper Authorization vulnerability in Microsoft Azure AI BOT Service Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. | 9.8 |
| 2025-04-30 | CVE-2025-30392 | Improper Authorization vulnerability in Microsoft Azure AI BOT Service Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. | 9.8 |
| 2025-02-19 | CVE-2025-21355 | Missing Authentication for Critical Function vulnerability in Microsoft Bing Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network | 9.8 |
| 2025-02-19 | CVE-2025-24989 | Unspecified vulnerability in Microsoft Power Pages An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. | 9.8 |
| 2025-01-14 | CVE-2025-21311 | Unspecified vulnerability in Microsoft products Windows NTLM V1 Elevation of Privilege Vulnerability | 9.8 |
| 2024-12-12 | CVE-2024-49147 | Deserialization of Untrusted Data vulnerability in Microsoft Update Catalog Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver. | 9.8 |