HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2025-26684

Feb 13, 2026 19:20:48 UTC

External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

CVE-2025-26646

Feb 13, 2026 19:20:48 UTC

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

CVE-2025-47181

Feb 13, 2026 19:20:47 UTC

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.

CVE-2026-20640

Feb 13, 2026 19:20:00 UTC

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from t...

CVE-2025-40905

Feb 13, 2026 19:16:45 UTC

WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

CVE-2026-20681

Feb 13, 2026 19:14:05 UTC

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.

CVE-2025-47963

Feb 13, 2026 19:13:45 UTC

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-47964

Feb 13, 2026 19:13:45 UTC

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2025-47182

Feb 13, 2026 19:13:44 UTC

Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

CVE-2025-47977

Feb 13, 2026 19:13:44 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-47968

Feb 13, 2026 19:13:43 UTC

Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

CVE-2025-47959

Feb 13, 2026 19:13:43 UTC

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.

CVE-2025-47176

Feb 13, 2026 19:13:42 UTC

'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.

CVE-2025-47175

Feb 13, 2026 19:13:41 UTC

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

CVE-2025-47174

Feb 13, 2026 19:13:41 UTC

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Page: 89