HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-34338

Jun 5, 2026 16:39:19 UTC

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

CVE-2026-34337

Jun 5, 2026 16:39:18 UTC

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-34336

Jun 5, 2026 16:39:18 UTC

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-34334

Jun 5, 2026 16:39:17 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2026-34332

Jun 5, 2026 16:39:17 UTC

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

CVE-2026-33838

Jun 5, 2026 16:39:16 UTC

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

CVE-2026-33837

Jun 5, 2026 16:39:16 UTC

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2026-33835

Jun 5, 2026 16:39:15 UTC

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-33833

Jun 5, 2026 16:39:14 UTC

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-33112

Jun 5, 2026 16:39:14 UTC

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-33110

Jun 5, 2026 16:39:13 UTC

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-47294

Jun 5, 2026 16:39:13 UTC

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-45585

Jun 5, 2026 16:39:12 UTC

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We ...

CVE-2026-41091

Jun 5, 2026 16:39:11 UTC

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

CVE-2026-45498

Jun 5, 2026 16:39:11 UTC

Microsoft Defender Denial of Service Vulnerability

Page: 37