HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-42893

Jun 19, 2026 16:13:06 UTC

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

CVE-2026-42838

Jun 19, 2026 16:13:06 UTC

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-40416

Jun 19, 2026 16:13:05 UTC

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-42833

Jun 19, 2026 16:13:05 UTC

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

CVE-2026-42832

Jun 19, 2026 16:13:04 UTC

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

CVE-2026-42830

Jun 19, 2026 16:13:03 UTC

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

CVE-2026-42823

Jun 19, 2026 16:13:03 UTC

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

CVE-2026-41613

Jun 19, 2026 16:13:02 UTC

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-41103

Jun 19, 2026 16:13:02 UTC

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-40381

Jun 19, 2026 16:13:01 UTC

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

CVE-2026-41097

Jun 19, 2026 16:13:01 UTC

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-41086

Jun 19, 2026 16:13:00 UTC

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

CVE-2026-40420

Jun 19, 2026 16:13:00 UTC

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-35436

Jun 19, 2026 16:12:59 UTC

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40418

Jun 19, 2026 16:12:59 UTC

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Page: 37