Bugs & Advisories - Evan Grant

## 2025 Critical Elevation of Privilege in Microsoft Purview Data Governance via Azure DataBricks https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53763 SSRF / Info Disclosure in Microsoft Power Apps https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47733 ## 2024 Microsoft Copilot Studio Critical Info Disclosure via SSRF https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38206 https://www.tenable.com/security/research/tra-2024-32 Microsoft Azure AI/ML Studios: SSRF/Information Disclosure https://www.tenable.com/security/research/tra-2024-22 https://msrc.microsoft.com/blog/2024/06/mitigating-ssrf-vulnerabilities-impacting-azure-machine-learning/ Fluent-Bit (`CVE-2024-4323`) https://www.tenable.com/security/research/tra-2024-17 CData Products (`CVE-2024-31848, CVE-2024-31849, CVE-2024-31850, CVE-2024-31851`) https://www.tenable.com/security/research/tra-2024-09 ## 2023 Microsoft Power Platform: Unauthorized access to cross-tenant applications/secrets https://www.tenable.com/security/research/tra-2023-25 Microsoft Teams: XSS in Web/Desktop via Trusted Domains https://www.tenable.com/security/research/tra-2023-6 https://www.tenable.com/security/research/tra-2023-22 TP-Link Unauth Command Injection (`CVE-2023-1389`) https://www.tenable.com/security/research/tra-2023-11 ## 2022 Microsoft Kaizala: https://www.tenable.com/security/research/tra-2022-08 https://www.tenable.com/security/research/tra-2022-15 https://www.tenable.com/security/research/tra-2022-16 Rustici Software SCORM Engine XSS https://www.tenable.com/security/research/tra-2022-21 ## 2021 Buffalo / Arcadyan Routers: (`CVE-2021-20090, CVE-2021-20091, CVE-2021-20092`) https://www.tenable.com/security/research/tra-2021-13 Telus / Arcadyan: Post Auth RCE (`CVE-2021-20121, CVE-2021-20122`) https://www.tenable.com/security/research/tra-2021-41 Netgear (`CVE-2021-20166,CVE-2021-20167`) https://www.tenable.com/security/research/tra-2021-55 Gryphon Networks: Multiple Unauth RCE https://www.tenable.com/security/research/tra-2021-51 https://www.tenable.com/security/research/tra-2022-12 Microsoft Teams: XSS and other issues https://www.tenable.com/security/research/tra-2021-09 https://www.tenable.com/security/research/tra-2021-12 https://www.tenable.com/security/research/tra-2021-23 LandAirSea GPS https://www.tenable.com/security/research/tra-2021-36 Spytec GPS https://www.tenable.com/security/research/tra-2021-37 Optimus Tracker GPS https://www.tenable.com/security/research/tra-2021-38 Tracki/Trackimo GPS https://www.tenable.com/security/research/tra-2021-39 ## 2020 Umbraco CMS : XSS, path traversal, cloud platform information disclosures https://www.tenable.com/security/research/tra-2020-59 ## 2019 Microsoft Teams: client-side template injection https://www.tenable.com/security/research/tra-2019-54 ## 2018 Checkpoint: https://www.tenable.com/security/research/tra-2018-04 Jenkins: https://www.tenable.com/security/research/tra-2018-29 https://www.tenable.com/security/research/tra-2018-43 ## 2017 Check_MK https://www.tenable.com/security/research/tra-2017-20 https://www.tenable.com/security/research/tra-2017-21