Nxhoang99

Researcher fromVCSLab of Viettel Cyber Security
#7911of 53,633
34.7Total CVSS
Vulnerabilities · 4
High
3
Critical
1
PT-2025-32860
7.8
2025-08-12
Microsoft · Azure Stack · CVE-2025-53793
Name of the Vulnerable Software and Affected Versions: Azure Stack (affected versions not specified) Description: Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-32316
9.4
2025-08-07
Microsoft · Azure Portal · CVE-2025-53792
**Name of the Vulnerable Software and Affected Versions** Azure Portal (affected versions not specified) **Description** An elevation of privilege issue exists within the Azure Portal. This allows for unauthorized access and potential compromise of resources. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-5953
8.5
2022-12-13
Microsoft · Exchange Server · CVE-2022-41076
**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange versions prior to the fixed version **Description** The vulnerability is related to insufficient input validation in the PowerShell component of Microsoft Exchange, allowing remote attackers to execute arbitrary code. This issue is also associated with a form of Privilege Escalation known as TabShell, which enables breaking out of the restricted PowerShell Sandbox after gaining access through OWASSRF. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-5513
9.0
2022-11-08
Microsoft · Exchange Server · CVE-2022-41080
**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server (affected versions not specified) **Description** The issue is related to insufficient access controls in Microsoft Exchange Server, allowing a remote attacker to elevate their privileges. This vulnerability has been exploited in real-world incidents, such as the attack on the UK electoral commission, where data of approximately 40 million people may have been leaked. The vulnerability was also used in the breach of Rackspace, where the Play ransomware gang gained initial access to the company's email environment using a zero-day exploit. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.