HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-33833

Jun 5, 2026 16:39:14 UTC

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-33112

Jun 5, 2026 16:39:14 UTC

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-33110

Jun 5, 2026 16:39:13 UTC

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-47294

Jun 5, 2026 16:39:13 UTC

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-45585

Jun 5, 2026 16:39:12 UTC

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We ...

CVE-2026-41091

Jun 5, 2026 16:39:11 UTC

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

CVE-2026-45498

Jun 5, 2026 16:39:11 UTC

Microsoft Defender Denial of Service Vulnerability

CVE-2026-41615

Jun 5, 2026 16:39:10 UTC

Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.

CVE-2026-42897

Jun 5, 2026 16:39:10 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-42899

Jun 5, 2026 16:39:09 UTC

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

CVE-2026-42898

Jun 5, 2026 16:39:09 UTC

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

CVE-2026-42896

Jun 5, 2026 16:39:08 UTC

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-35429

Jun 5, 2026 16:39:07 UTC

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-42891

Jun 5, 2026 16:39:07 UTC

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-41107

Jun 5, 2026 16:39:06 UTC

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Page: 8