HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-26107

Apr 9, 2026 23:26:07 UTC

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-26106

Apr 9, 2026 23:26:06 UTC

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-23665

Apr 9, 2026 23:26:06 UTC

Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally.

CVE-2026-23662

Apr 9, 2026 23:26:05 UTC

Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

CVE-2026-23661

Apr 9, 2026 23:26:05 UTC

Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

CVE-2026-23654

Apr 9, 2026 23:26:04 UTC

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.

CVE-2026-32194

Apr 9, 2026 23:26:03 UTC

Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

CVE-2026-26137

Apr 9, 2026 23:26:01 UTC

Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.

CVE-2026-26136

Apr 9, 2026 23:26:01 UTC

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-24299

Apr 9, 2026 23:26:00 UTC

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-23659

Apr 9, 2026 23:25:59 UTC

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.

CVE-2026-26120

Apr 9, 2026 23:25:59 UTC

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network.

CVE-2026-23658

Apr 9, 2026 23:25:58 UTC

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-32191

Apr 9, 2026 23:25:57 UTC

Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

CVE-2026-26138

Apr 9, 2026 23:25:57 UTC

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Page: 2