HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-23655

Feb 13, 2026 22:30:22 UTC

Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

CVE-2026-21218

Feb 13, 2026 22:30:22 UTC

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-21236

Feb 13, 2026 22:30:21 UTC

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-21234

Feb 13, 2026 22:30:20 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

CVE-2026-21235

Feb 13, 2026 22:30:20 UTC

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

CVE-2026-21242

Feb 13, 2026 22:30:19 UTC

Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

CVE-2026-21246

Feb 13, 2026 22:30:19 UTC

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

CVE-2026-21247

Feb 13, 2026 22:30:18 UTC

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.

CVE-2026-21248

Feb 13, 2026 22:30:14 UTC

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

CVE-2026-21260

Feb 13, 2026 22:30:14 UTC

Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-21258

Feb 13, 2026 22:30:12 UTC

Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-21259

Feb 13, 2026 22:30:11 UTC

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.

CVE-2026-21512

Feb 13, 2026 22:30:10 UTC

Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.

CVE-2026-21518

Feb 13, 2026 22:30:08 UTC

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21519

Feb 13, 2026 22:30:07 UTC

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Page: 27