HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-23657

Apr 30, 2026 14:41:47 UTC

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-20806

Apr 30, 2026 14:41:47 UTC

Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.

CVE-2026-20928

Apr 30, 2026 14:41:46 UTC

Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2026-33107

Apr 30, 2026 14:41:46 UTC

Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-32186

Apr 30, 2026 14:41:45 UTC

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-32212

Apr 30, 2026 14:41:44 UTC

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

CVE-2026-33826

Apr 30, 2026 14:41:44 UTC

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.

CVE-2026-33822

Apr 30, 2026 14:41:43 UTC

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

CVE-2026-33120

Apr 30, 2026 14:41:42 UTC

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

CVE-2026-33116

Apr 30, 2026 14:41:42 UTC

Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

CVE-2026-33098

Apr 30, 2026 14:41:41 UTC

Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-33096

Apr 30, 2026 14:41:41 UTC

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.

CVE-2026-33095

Apr 30, 2026 14:41:40 UTC

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-32226

Apr 30, 2026 14:41:39 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.

CVE-2026-32224

Apr 30, 2026 14:41:39 UTC

Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.

Page: 37