HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-21229

Feb 20, 2026 21:52:23 UTC

Improper input validation in Power BI allows an authorized attacker to execute code over a network.

CVE-2026-21523

Feb 20, 2026 21:52:22 UTC

Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.

CVE-2026-23655

Feb 20, 2026 21:52:22 UTC

Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

CVE-2026-21218

Feb 20, 2026 21:52:21 UTC

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-21236

Feb 20, 2026 21:52:20 UTC

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-21234

Feb 20, 2026 21:52:20 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

CVE-2026-21235

Feb 20, 2026 21:52:19 UTC

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

CVE-2026-21242

Feb 20, 2026 21:52:19 UTC

Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

CVE-2026-21246

Feb 20, 2026 21:52:18 UTC

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

CVE-2026-21247

Feb 20, 2026 21:52:17 UTC

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.

CVE-2026-21248

Feb 20, 2026 21:52:16 UTC

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

CVE-2026-21260

Feb 20, 2026 21:52:16 UTC

Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-21258

Feb 20, 2026 21:52:15 UTC

Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-21259

Feb 20, 2026 21:52:14 UTC

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.

CVE-2026-21512

Feb 20, 2026 21:52:13 UTC

Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.

Page: 37