HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2025-56352

May 18, 2026 17:27:28 UTC

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, ...

CVE-2025-57282

May 18, 2026 17:23:14 UTC

ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.

CVE-2026-38719

May 18, 2026 17:18:48 UTC

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format (CPF) parser, specifically in CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c. A crafted ENIP/CPF message can supply an att...

CVE-2020-37232

May 18, 2026 17:17:40 UTC

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in ...

CVE-2026-41085

May 18, 2026 17:16:38 UTC

Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation o...

CVE-2020-37238

May 18, 2026 17:12:58 UTC

CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers can upload SVG files containing embedded...

CVE-2026-32185

May 18, 2026 17:11:34 UTC

Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.

CVE-2026-42822

May 18, 2026 17:11:33 UTC

Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-41105

May 18, 2026 17:11:33 UTC

Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.

CVE-2026-42826

May 18, 2026 17:11:32 UTC

Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.

CVE-2026-35435

May 18, 2026 17:11:31 UTC

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-35428

May 18, 2026 17:11:30 UTC

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-34327

May 18, 2026 17:11:30 UTC

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-33844

May 18, 2026 17:11:29 UTC

Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

CVE-2026-33823

May 18, 2026 17:11:29 UTC

Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.

Page: 1