HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-49336

Jun 19, 2026 18:19:03 UTC

@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, `@microsoft/kiota-http-fetchlibrary`'s `RedirectHandler` is documented as stripping `A...

CVE-2026-24289

Jun 19, 2026 18:18:14 UTC

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-24293

Jun 19, 2026 18:18:14 UTC

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-26137

Jun 19, 2026 18:18:13 UTC

Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.

CVE-2026-0385

Jun 19, 2026 18:18:12 UTC

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

CVE-2026-26133

Jun 19, 2026 18:18:11 UTC

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-26144

Jun 19, 2026 18:18:11 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

CVE-2026-26141

Jun 19, 2026 18:18:10 UTC

Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.

CVE-2026-26130

Jun 19, 2026 18:18:09 UTC

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

CVE-2026-26123

Jun 19, 2026 18:18:09 UTC

Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.

CVE-2026-26118

Jun 19, 2026 18:18:08 UTC

Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-26117

Jun 19, 2026 18:18:08 UTC

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.

CVE-2026-26110

Jun 19, 2026 18:18:07 UTC

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-26109

Jun 19, 2026 18:18:06 UTC

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-26108

Jun 19, 2026 18:18:06 UTC

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Page: 28