HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-41612

Jun 19, 2026 16:12:32 UTC

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.

CVE-2026-41611

Jun 19, 2026 16:12:31 UTC

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

CVE-2026-41610

Jun 19, 2026 16:12:31 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-41109

Jun 19, 2026 16:12:30 UTC

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-41102

Jun 19, 2026 16:12:29 UTC

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

CVE-2026-41101

Jun 19, 2026 16:12:29 UTC

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

CVE-2026-41096

Jun 19, 2026 16:12:28 UTC

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

CVE-2026-41095

Jun 19, 2026 16:12:28 UTC

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

CVE-2026-41094

Jun 19, 2026 16:12:27 UTC

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

CVE-2026-41089

Jun 19, 2026 16:12:26 UTC

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

CVE-2026-41088

Jun 19, 2026 16:12:26 UTC

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-40421

Jun 19, 2026 16:12:25 UTC

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

CVE-2026-40419

Jun 19, 2026 16:12:25 UTC

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40417

Jun 19, 2026 16:12:24 UTC

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

CVE-2026-40415

Jun 19, 2026 16:12:23 UTC

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Page: 37