HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-34333

Jun 5, 2026 16:38:31 UTC

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-34331

Jun 5, 2026 16:38:31 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-34330

Jun 5, 2026 16:38:30 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-34329

Jun 5, 2026 16:38:29 UTC

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.

CVE-2026-33840

Jun 5, 2026 16:38:29 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-33839

Jun 5, 2026 16:38:28 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-33834

Jun 5, 2026 16:38:28 UTC

Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.

CVE-2026-33117

Jun 5, 2026 16:38:27 UTC

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local...

CVE-2026-21530

Jun 5, 2026 16:38:26 UTC

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.

CVE-2026-32204

Jun 5, 2026 16:38:25 UTC

External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

CVE-2026-33843

Jun 5, 2026 16:38:24 UTC

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-26147

Jun 5, 2026 16:38:23 UTC

Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

CVE-2026-41090

Jun 5, 2026 16:38:22 UTC

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.

CVE-2026-42827

Jun 5, 2026 16:38:22 UTC

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-47280

Jun 5, 2026 16:38:21 UTC

Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.

Page: 37