Every CVE whose affected-product data names Microsoft Entra Id, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-35431 — CVSS 10.0 (critical): Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a…
CVE-2026-42901 — CVSS 10.0 (critical): Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-40379 — CVSS 9.3 (critical): Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a…
CVE-2026-33843 — CVSS 9.1 (critical): Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate…
CVE-2024-43477 — CVSS 7.5 (high): Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable…