Sin clasificar
Windows
CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-41086
Sin clasificar
Microsoft
CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-45637
Sin clasificar
Microsoft
CVE-2026-46140 Bluetooth: btmtk: validate WMT event SKB length before struct access
Information published.
CVE-2026-46140
Sin clasificar
Microsoft
CVE-2026-11816 Path Traversal in keras-team/keras
Information published.
CVE-2026-11816
Sin clasificar
Microsoft
CVE-2026-4367 Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing
Information published.
CVE-2026-4367
Sin clasificar
Microsoft
CVE-2026-46285 mtd: docg3: fix use-after-free in docg3_release()
Information published.
CVE-2026-46285
Sin clasificar
Windows
CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-42915
Sin clasificar
Exchange Server
CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-45504
Sin clasificar
Microsoft
CVE-2026-33840 Win32k Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-33840
Sin clasificar
Microsoft
CVE-2025-5791 Users: `root` appended to group listings
Information published.
CVE-2025-5791
Sin clasificar
Microsoft
CVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on drop
Information published.
CVE-2025-4574
Sin clasificar
Microsoft
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Information published.
CVE-2026-45445
Sin clasificar
Microsoft
CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler
Information published.
CVE-2026-34183
Baja
Microsoft
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
Information published.
CVE-2026-7383
Sin clasificar
Microsoft
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
Information published.
CVE-2026-42768
Sin clasificar
Microsoft
CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption
Information published.
CVE-2026-9076
Sin clasificar
Microsoft
CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
Information published.
CVE-2026-45446
Sin clasificar
Microsoft
CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption
Information published.
CVE-2026-42766
Sin clasificar
Microsoft
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption
Information published.
CVE-2026-42767
Sin clasificar
Microsoft
CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing
Information published.
CVE-2026-34180
Sin clasificar
Microsoft
CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response
Information published.
CVE-2026-44967
Sin clasificar
Microsoft
CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption
Information published.
CVE-2026-46331
Sin clasificar
Microsoft Office
CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45469
Sin clasificar
Microsoft Office
CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45475
Sin clasificar
Microsoft Office
CVE-2026-45472 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...
CVE-2026-45472
Sin clasificar
Microsoft Office
CVE-2026-45471 Microsoft Word Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45471
Sin clasificar
Microsoft Office
CVE-2026-45474 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...
CVE-2026-45474
Sin clasificar
Microsoft Office
CVE-2026-45486 Microsoft Word Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45486
Sin clasificar
Microsoft Office
CVE-2026-45485 Microsoft Office Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45485
Sin clasificar
Microsoft Office
CVE-2026-44817 Microsoft Excel Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44817
Sin clasificar
Microsoft Office
CVE-2026-44818 Microsoft Excel Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44818
Sin clasificar
Microsoft Office
CVE-2026-44819 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44819
Sin clasificar
Microsoft Office
CVE-2026-44820 Microsoft Excel Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44820
Sin clasificar
Microsoft Office
CVE-2026-44821 Microsoft Office Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44821
Sin clasificar
Microsoft Office
CVE-2026-44823 Microsoft Excel Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44823
Sin clasificar
Microsoft Office
CVE-2026-44824 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44824
Sin clasificar
Microsoft Office
CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45456
Sin clasificar
Microsoft Office
CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45458
Sin clasificar
Microsoft Office
CVE-2026-45460 Microsoft Office Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...
CVE-2026-45460
Sin clasificar
Microsoft Office
CVE-2026-45461 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...
CVE-2026-45461
Sin clasificar
Microsoft Office
CVE-2026-45466 Microsoft Word Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45466
Sin clasificar
Microsoft Office
CVE-2026-45643 Microsoft Word Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45643
Sin clasificar
Microsoft Office
CVE-2026-45645 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45645
Sin clasificar
Microsoft Office
CVE-2026-45649 Office for Android Spoofing Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their ...
CVE-2026-45649
Sin clasificar
Microsoft Office
CVE-2026-44822 Microsoft Excel Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44822
Sin clasificar
Microsoft Office
CVE-2026-45455 Microsoft Excel Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45455
Sin clasificar
Microsoft Office
CVE-2026-45457 Microsoft Word Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45457
Sin clasificar
Microsoft Office
CVE-2026-45459 Microsoft Excel Security Feature Bypass Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45459
Sin clasificar
Microsoft Office
CVE-2026-45463 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...
CVE-2026-45463
Sin clasificar
Microsoft
Chromium: CVE-2026-12439 Use after free in Digital Credentials
Corrected CVE title. This is an informational change only.
CVE-2026-12439
Sin clasificar
Microsoft
Chromium: CVE-2026-12440 Use after free in DigitalCredentials
Corrected CVE title. This is an informational change only.
CVE-2026-12440
Sin clasificar
Microsoft
Chromium: CVE-2026-12445 Use after free in Extensions
Corrected CVE title. This is an informational change only.
CVE-2026-12445
Sin clasificar
Microsoft
Chromium: CVE-2026-12446 Insufficient data validation in Passwords
Corrected CVE title. This is an informational change only.
CVE-2026-12446
Sin clasificar
Microsoft
Chromium: CVE-2026-12451 Use after free in DigitalCredentials
Corrected CVE title. This is an informational change only.
CVE-2026-12451
Sin clasificar
Microsoft
Chromium: CVE-2026-12441 Use after free in File Input
Corrected CVE title. This is an informational change only.
CVE-2026-12441
Baja
Microsoft
Chromium: CVE-2026-12447 Heap buffer overflow in WebRTC
Corrected CVE title. This is an informational change only.
CVE-2026-12447
Sin clasificar
Microsoft
Chromium: CVE-2026-12443 Use after free in Web Authentication
Corrected CVE title. This is an informational change only.
CVE-2026-12443
Sin clasificar
Microsoft
Chromium: CVE-2026-12452 Use after free in Downloads
Corrected CVE title. This is an informational change only.
CVE-2026-12452
Sin clasificar
Microsoft
Chromium: CVE-2026-12453 Insufficient validation of untrusted input in Input
Corrected CVE title. This is an informational change only.
CVE-2026-12453
Sin clasificar
Microsoft
Chromium: CVE-2026-12455 Use after free in Tab Strip
Corrected CVE title. This is an informational change only.
CVE-2026-12455
Sin clasificar
Microsoft
Chromium: CVE-2026-12456 Insufficient validation of untrusted input in Extensions
Corrected CVE title. This is an informational change only.
CVE-2026-12456
Sin clasificar
Microsoft
Chromium: CVE-2026-12458 Incorrect security UI in Passwords
Corrected CVE title. This is an informational change only.
CVE-2026-12458
Sin clasificar
Microsoft
Chromium: CVE-2026-12457 Insufficient data validation in Extensions
Corrected CVE title. This is an informational change only.
CVE-2026-12457
Sin clasificar
Microsoft
Chromium: CVE-2026-12459 Inappropriate implementation in Serial
Corrected CVE title. This is an informational change only.
CVE-2026-12459
Sin clasificar
Microsoft
Chromium: CVE-2026-12460 Insufficient policy enforcement in File System Access
Corrected CVE title. This is an informational change only.
CVE-2026-12460
Media
Microsoft
Chromium: CVE-2026-12462 Use after free in Media
Corrected CVE title. This is an informational change only.
CVE-2026-12462
Sin clasificar
Microsoft
Chromium: CVE-2026-12464 Use after free in Browser
Corrected CVE title. This is an informational change only.
CVE-2026-12464
Sin clasificar
Microsoft
Chromium: CVE-2026-12463 Inappropriate implementation in Views
Corrected CVE title. This is an informational change only.
CVE-2026-12463
Sin clasificar
Microsoft
Chromium: CVE-2026-12465 Insufficient validation of untrusted input in Metrics
Corrected CVE title. This is an informational change only.
CVE-2026-12465
Sin clasificar
Microsoft
Chromium: CVE-2026-12454 Race in Safe Browsing
Corrected CVE title. This is an informational change only.
CVE-2026-12454
Sin clasificar
Microsoft
Chromium: CVE-2026-12467 Use after free in Extensions
Corrected CVE title. This is an informational change only.
CVE-2026-12467
Sin clasificar
Microsoft
Chromium: CVE-2026-12468 Inappropriate implementation in Updater
Corrected CVE title. This is an informational change only.
CVE-2026-12468
Sin clasificar
Microsoft
Chromium: CVE-2026-12449 Use after free in Chromoting
Corrected CVE title. This is an informational change only.
CVE-2026-12449
Sin clasificar
Microsoft
Chromium: CVE-2026-12444 Out of bounds read in Chromoting
Corrected CVE title. This is an informational change only.
CVE-2026-12444
Sin clasificar
Microsoft
Chromium: CVE-2026-12437 Use after free in WebShare
Corrected CVE title. This is an informational change only.
CVE-2026-12437
Sin clasificar
Microsoft
Chromium: CVE-2026-12461 Out of bounds read in WebRTC
Corrected CVE title. This is an informational change only.
CVE-2026-12461
Baja
Microsoft
Chromium: CVE-2026-12466 Heap buffer overflow in WebRTC
Corrected CVE title. This is an informational change only.
CVE-2026-12466
Sin clasificar
Windows
CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-42903
Sin clasificar
Microsoft Office
CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their ...
CVE-2026-44803
Sin clasificar
Microsoft Office
CVE-2026-44812 Windows Graphics Component Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their ...
CVE-2026-44812
Sin clasificar
Microsoft Edge
CVE-2026-12439 Use after free in Digital Credentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12439
Sin clasificar
Microsoft Edge
CVE-2026-12440 Use after free in DigitalCredentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12440
Sin clasificar
Microsoft Edge
CVE-2026-12445 Use after free in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12445
Sin clasificar
Microsoft Edge
CVE-2026-12446 Insufficient data validation in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12446
Sin clasificar
Microsoft Edge
CVE-2026-12451 Use after free in DigitalCredentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12451
Sin clasificar
Microsoft Edge
CVE-2026-12441 Use after free in File Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12441
Baja
Microsoft Edge
CVE-2026-12447 Heap buffer overflow in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12447
Sin clasificar
Microsoft Edge
CVE-2026-12443 Use after free in Web Authentication
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12443
Sin clasificar
Microsoft Edge
CVE-2026-12452 Use after free in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12452
Sin clasificar
Microsoft Edge
CVE-2026-12453 Insufficient validation of untrusted input in Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12453
Sin clasificar
Microsoft Edge
CVE-2026-12455 Use after free in Tab Strip
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12455
Sin clasificar
Microsoft Edge
CVE-2026-12456 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12456
Sin clasificar
Microsoft Edge
CVE-2026-12458 Incorrect security UI in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12458
Sin clasificar
Microsoft Edge
CVE-2026-12457 Insufficient data validation in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12457
Sin clasificar
Microsoft Edge
CVE-2026-12459 Inappropriate implementation in Serial
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12459
Sin clasificar
Microsoft Edge
CVE-2026-12460 Insufficient policy enforcement in File System Access
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12460
Media
Microsoft Edge
CVE-2026-12462 Use after free in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12462
Sin clasificar
Microsoft Edge
CVE-2026-12464 Use after free in Browser
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12464
Sin clasificar
Microsoft Edge
CVE-2026-12463 Inappropriate implementation in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12463
Sin clasificar
Microsoft Edge
CVE-2026-12465 Insufficient validation of untrusted input in Metrics
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12465
Sin clasificar
Microsoft Edge
CVE-2026-12454 Race in Safe Browsing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12454
Sin clasificar
Microsoft Edge
CVE-2026-12467 Use after free in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12467
Sin clasificar
Microsoft Edge
CVE-2026-12468 Inappropriate implementation in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12468
Sin clasificar
Microsoft Edge
CVE-2026-12449 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12449
Sin clasificar
Microsoft Edge
CVE-2026-12444 Out of bounds read in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12444
Sin clasificar
Microsoft Edge
CVE-2026-12437 Use after free in WebShare
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12437
Sin clasificar
Microsoft Edge
CVE-2026-12461 Out of bounds read in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12461
Baja
Microsoft Edge
CVE-2026-12466 Heap buffer overflow in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12466
Sin clasificar
Windows
CVE-2026-24289 Windows Kernel Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-24289
Sin clasificar
Microsoft
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Removed incorrectly added rows from the Security Updates table. This is an informational change only.
CVE-2026-32177
Sin clasificar
Visual Studio
CVE-2025-6965 Integer Truncation on SQLite
Added Visual Studio software to the Security Updates table. Customers that are running supported version of Visual Studio are encouraged to update to the indicated version to be protected from this vulnerability.
CVE-2025-6965
Baja
Microsoft
CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds
Information published.
CVE-2026-8376
Baja
Microsoft
CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling
Information published.
CVE-2026-48914
Sin clasificar
Microsoft
CVE-2026-42014 Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin
Information published.
CVE-2026-42014
Sin clasificar
Microsoft
CVE-2026-53689
Information published.
CVE-2026-53689
Sin clasificar
Microsoft
CVE-2026-12087 Socket versions before 2.041 for Perl have an out-of-bounds heap read
Information published.
CVE-2026-12087
Baja
Microsoft
CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow
Information published.
CVE-2026-9669
Sin clasificar
Microsoft
CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2
Information published.
CVE-2026-43966
Baja
Microsoft
CVE-2026-10275 OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow
Information published.
CVE-2026-10275
Sin clasificar
Microsoft
CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response
Information published.
CVE-2026-44967
Baja
Microsoft
CVE-2026-47633 Microsoft Cost Management Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network.
CVE-2026-47633
Baja
Microsoft Edge
CVE-2026-32208 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network.
CVE-2026-32208
Baja
Azure
CVE-2026-32174 Azure Bot Service Elevation of Privilege Vulnerability
Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-32174
Baja
Azure
CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-45480
Baja
Microsoft
CVE-2026-42895 Microsoft Copilot Tampering Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
CVE-2026-42895
Crítica
Microsoft
CVE-2026-54130 M365 Copilot Information Disclosure Vulnerability
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-54130
Baja
Dynamics
CVE-2026-47647 Dynamics 365 Elevation of Privilege Vulnerability
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
CVE-2026-47647
Baja
Azure
CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
CVE-2026-48584
Baja
Microsoft
CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
CVE-2026-48582
Baja
Microsoft 365
CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-47645
Baja
Dynamics
CVE-2026-47646 Dynamics 365 Customer Voice Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-47646
Sin clasificar
Microsoft
CVE-2025-71073 Input: lkkbd - disable pending work before freeing device
Information published.
CVE-2025-71073
Sin clasificar
Microsoft
CVE-2025-71072 shmem: fix recovery on rename failures
Information published.
CVE-2025-71072
Sin clasificar
Microsoft
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
CVE-2026-28387
Sin clasificar
Microsoft
CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
Information published.
CVE-2026-43308
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
CVE-2026-25680
Sin clasificar
Microsoft
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Information published.
CVE-2026-45445
Sin clasificar
Microsoft
CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function
Information published.
CVE-2026-45447
Sin clasificar
Microsoft
CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc
Information published.
CVE-2026-48854
Sin clasificar
Microsoft
CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd
Information published.
CVE-2026-46292
Sin clasificar
Microsoft
CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()
Information published.
CVE-2026-46274
Sin clasificar
Microsoft
CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key
Information published.
CVE-2026-46291
Sin clasificar
Microsoft
CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration
Information published.
CVE-2026-46293
Sin clasificar
Microsoft
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Information published.
CVE-2026-34182
Baja
Microsoft
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
Information published.
CVE-2026-7383
Sin clasificar
Microsoft
CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption
Information published.
CVE-2026-9076
Sin clasificar
Microsoft
CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption
Information published.
CVE-2026-42766
Sin clasificar
Microsoft
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption
Information published.
CVE-2026-42767
Sin clasificar
Microsoft
CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing
Information published.
CVE-2026-34180
Sin clasificar
Windows
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
This CVE was updated to remove Windows 11 (21H1 and 22H2) as impacted
CVE-2026-35433
Sin clasificar
SharePoint
CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-47636
Sin clasificar
Microsoft Office
CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-45475
Sin clasificar
Windows
CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-42828
Sin clasificar
Dynamics
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
Updated the fixed version information and download link. The fix was previously believed to be included in Dynamics 365 Server (on-premises) version 6.2; however, it has been confirmed that the fix is included in Dyna...
CVE-2026-40371
Sin clasificar
Windows
CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability
Updated CWE value. This is an informational change only.
CVE-2026-45602
Sin clasificar
Defender
CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that ad...
CVE-2026-50656
Sin clasificar
Windows
CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability
Corrected the CVE description and title. This is an informational change only.
CVE-2026-42915
Sin clasificar
Microsoft
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Information published.
CVE-2026-34182
Baja
Microsoft
CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.
Information published.
CVE-2026-54411
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12012 Use after free Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12012
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12008 Use after free DigitalCredentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12008
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12019 Out of bounds write Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12019
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12016 Insufficient validation of untrusted input DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12016
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12015 Use after free Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12015
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11628 Use after free in Ozone
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11628
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11629 Use after free in Ozone
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11629
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11631 Use after free in Aura
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11631
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11630 Use after free in File Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11630
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11632 Use after free in TabStrip
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11632
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11633 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11633
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11634 Use after free in Gamepad
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11634
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11635 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11635
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11639 Use after free in Compositing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11639
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11637 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11637
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11636 Use after free in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11636
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11638 Use after free in Printing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11638
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11641 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11641
Baja
Microsoft Edge
Chromium: CVE-2026-11640 Integer overflow in libyuv
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11640
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11642 Use after free in Web Apps
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11642
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11645 Out of bounds memory access in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11645
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11643 Use after free in Proxy
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11643
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11644 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11644
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11646 Use after free in ViewTransitions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11646
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11657 Use after free in Payments
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11657
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11658 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11658
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11660 Insufficient validation of untrusted input in New Tab Page
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11660
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11661 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11661
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11659 Insufficient validation of untrusted input in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11659
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11663 Use after free in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11663
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11662 Type Confusion in Bindings
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11662
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11664 Use after free in Payments
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11664
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11665 Out of bounds read in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11665
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11666 Insufficient validation of untrusted input in Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11666
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11668 Uninitialized Use in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11668
Media
Microsoft Edge
Chromium: CVE-2026-11669 Integer overflow in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11669
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11667 Out of bounds read in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11667
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11670 Use after free in PDF
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11670
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11671 Use after free in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11671
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11672 Out of bounds write in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11672
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11673 Use after free in InterestGroups
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11673
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11675 Insufficient validation of untrusted input in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11675
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11674 Use after free in Guest View
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11674
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11676 Insufficient validation of untrusted input in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11676
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11677 Race in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11677
Baja
Microsoft Edge
Chromium: CVE-2026-11678 Integer overflow in libyuv
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11678
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11679 Use after free in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11679
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11681 Use after free in Ozone
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11681
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11682 Insufficient validation of untrusted input in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11682
Media
Microsoft Edge
Chromium: CVE-2026-11680 Use after free in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11680
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11683 Use after free in WebCodecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11683
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11684 Insufficient policy enforcement in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11684
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11687 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11687
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11686 Insufficient validation of untrusted input in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11686
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11688 Object lifecycle issue in SVG
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11688
Media
Microsoft Edge
Chromium: CVE-2026-11685 Insufficient data validation in MediaCapture
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11685
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11689 Insufficient validation of untrusted input in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11689
Media
Microsoft Edge
Chromium: CVE-2026-11690 Out of bounds read and write in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11690
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11691 Insufficient validation of untrusted input in New Tab Page
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11691
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11692 Use after free in Read Anything
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11692
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11693 Inappropriate implementation in Plugins
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11693
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11694 Use after free in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11694
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11695 Inappropriate implementation in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11695
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11696 Uninitialized Use in Video
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11696
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11697 Insufficient validation of untrusted input in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11697
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11698 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11698
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11699 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11699
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11700 Use after free in Tracing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11700
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12018 Inappropriate implementation Mojo
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12018
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12007 Use after free Core
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12007
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12017 Insufficient validation of untrusted input Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12017
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12014 Use after free Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12014
Media
Microsoft Edge
Chromium: CVE-2026-12013 Use after free Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12013
Baja
Microsoft Edge
Chromium: CVE-2026-12010 Heap buffer overflow GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12010
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12009 Insufficient validation of untrusted input Accessibility
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12009
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11647 Use after free in Printing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11647
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11648 Use after free in FullScreen
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11648
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11651 Use after free in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11651
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11649 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11649
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11652 Use after free in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11652
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11650 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11650
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11653 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11653
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11654 Use after free in CameraCapture
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11654
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11656 Use after free in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11656
Media
Microsoft Edge
Chromium: CVE-2026-11655 Integer overflow in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11655
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12011 Use after free WebMIDI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12011
Sin clasificar
Microsoft Edge
CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-33118
Sin clasificar
Microsoft
CVE-2026-6429 netrc credential leak with reused proxy connection
Information published.
CVE-2026-6429
Sin clasificar
Microsoft
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
Information published.
CVE-2026-5545
Sin clasificar
Microsoft
CVE-2026-6253 proxy credentials leak over redirect-to proxy
Information published.
CVE-2026-6253
Sin clasificar
Microsoft
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Information published.
CVE-2026-45445
Baja
Microsoft
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
Information published.
CVE-2026-7774
Sin clasificar
Microsoft
CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service
Information published.
CVE-2026-49762
Sin clasificar
Microsoft
CVE-2026-46433 lldpd: Heap OOB Read in VLAN Decapsulation memmove
Information published.
CVE-2026-46433
Sin clasificar
Microsoft
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
Information published.
CVE-2026-42768
Baja
Microsoft
CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle
Information published.
CVE-2026-11526
Sin clasificar
Microsoft
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value
Information published.
CVE-2023-5678
Sin clasificar
Microsoft
CVE-2026-4873 connection reuse ignores TLS requirement
Information published.
CVE-2026-4873
Sin clasificar
Microsoft
CVE-2026-6429 netrc credential leak with reused proxy connection
Information published.
CVE-2026-6429
Sin clasificar
Microsoft
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
Information published.
CVE-2026-5545
Sin clasificar
Microsoft
CVE-2026-6253 proxy credentials leak over redirect-to proxy
Information published.
CVE-2026-6253
Sin clasificar
Microsoft
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Information published.
CVE-2026-5222
Sin clasificar
Microsoft
CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule
Information published.
CVE-2026-40034
Sin clasificar
Microsoft
CVE-2026-6276 stale custom cookie host causes cookie leak
Information published.
CVE-2026-6276
Sin clasificar
Microsoft
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Information published.
CVE-2026-5223
Sin clasificar
Microsoft
CVE-2026-11822 SQLite before 3.53.2 Memory Corruption in FTS5 Extension
Information published.
CVE-2026-11822
Sin clasificar
Microsoft
CVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name
Information published.
CVE-2026-47162
Sin clasificar
Microsoft
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Information published.
CVE-2026-45445
Sin clasificar
Microsoft
CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function
Information published.
CVE-2026-45447
Sin clasificar
Microsoft
CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling
Information published.
CVE-2026-42764
Sin clasificar
Microsoft
CVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
Information published.
CVE-2026-34181
Baja
Microsoft
CVE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate
Information published.
CVE-2026-11824
Sin clasificar
Microsoft
CVE-2026-10846 Insufficient verification that responses belong to a query
Information published.
CVE-2026-10846
Sin clasificar
Microsoft
CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion
Information published.
CVE-2026-52860
Sin clasificar
Microsoft
CVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen Snapshot
Information published.
CVE-2026-52859
Sin clasificar
Microsoft
CVE-2026-47167 Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex
Information published.
CVE-2026-47167
Sin clasificar
Microsoft
CVE-2026-52858 Vim: Arbitrary Code Execution via Python Omni-Completion
Information published.
CVE-2026-52858
Sin clasificar
Microsoft
CVE-2026-44705 tmp: Path Traversal via unsanitized prefix/postfix enables directory escape
Information published.
CVE-2026-44705
Sin clasificar
Microsoft
CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler
Information published.
CVE-2026-34183
Sin clasificar
Microsoft
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Information published.
CVE-2026-34182
Baja
Microsoft
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
Information published.
CVE-2026-7383
Sin clasificar
Microsoft
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
Information published.
CVE-2026-42768
Sin clasificar
Microsoft
CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption
Information published.
CVE-2026-9076
Sin clasificar
Microsoft
CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
Information published.
CVE-2026-45446
Sin clasificar
Microsoft
CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption
Information published.
CVE-2026-42766
Sin clasificar
Microsoft
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption
Information published.
CVE-2026-42767
Sin clasificar
Microsoft
CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate
Information published.
CVE-2026-42769
Sin clasificar
Microsoft
CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing
Information published.
CVE-2026-34180
Sin clasificar
Microsoft
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service
Information published.
CVE-2026-49975
Sin clasificar
Microsoft
CVE-2026-46643 Snappy: Binary path is never shell-escaped due to an inverted is_executable check
Information published.
CVE-2026-46643
Sin clasificar
Microsoft
CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option
Information published.
CVE-2026-46683
Sin clasificar
Microsoft
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-39833
Sin clasificar
Microsoft
CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans
Information published.
CVE-2026-42012
Sin clasificar
Microsoft
CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name
Information published.
CVE-2026-42013
Sin clasificar
Microsoft
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling
Information published.
CVE-2026-42015
Sin clasificar
Microsoft
CVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchange
Information published.
CVE-2026-5260
Baja
Microsoft
CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service
Information published.
CVE-2026-43958
Baja
Microsoft
CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders
Information published.
CVE-2026-10879
Baja
Microsoft
CVE-2026-50256 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch
Information published.
CVE-2026-50256
Sin clasificar
Microsoft
CVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes
Information published.
CVE-2026-50262
Sin clasificar
Microsoft
CVE-2026-50260 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()
Information published.
CVE-2026-50260
Sin clasificar
Microsoft
CVE-2026-50257 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()
Information published.
CVE-2026-50257
Baja
Microsoft
CVE-2026-50258 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels
Information published.
CVE-2026-50258
Sin clasificar
Microsoft
CVE-2026-50263 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()
Information published.
CVE-2026-50263
Sin clasificar
Microsoft
CVE-2026-11822 SQLite before 3.53.2 Memory Corruption in FTS5 Extension
Information published.
CVE-2026-11822
Baja
Microsoft
CVE-2026-42536 Apache HTTP Server: mod_xml2enc heap overflow
Information published.
CVE-2026-42536
Sin clasificar
Microsoft
CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution
Information published.
CVE-2026-11332
Sin clasificar
Microsoft
CVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal
Information published.
CVE-2026-5419
Sin clasificar
Microsoft
CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities
Information published.
CVE-2026-8829
Sin clasificar
Microsoft
CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()
Information published.
CVE-2026-50261
Baja
Microsoft
CVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing
Information published.
CVE-2026-50259
Sin clasificar
Microsoft
CVE-2026-46433 lldpd: Heap OOB Read in VLAN Decapsulation memmove
Information published.
CVE-2026-46433
Baja
Microsoft
CVE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate
Information published.
CVE-2026-11824
Sin clasificar
Microsoft
CVE-2026-10846 Insufficient verification that responses belong to a query
Information published.
CVE-2026-10846
Sin clasificar
Microsoft
CVE-2026-48913 Apache HTTP Server: mod_http2 memory corruption when file handles exhausted
Information published.
CVE-2026-48913
Sin clasificar
Microsoft
CVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules
Information published.
CVE-2026-44119
Sin clasificar
Microsoft
CVE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS
Information published.
CVE-2026-29170
Sin clasificar
Microsoft
CVE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash
Information published.
CVE-2026-43951
Sin clasificar
Microsoft
CVE-2026-29167 Apache HTTP Server: mod_ldap per-dir use-after-free
Information published.
CVE-2026-29167
Sin clasificar
Microsoft
CVE-2026-42535 Apache HTTP Server: mod_dav_fs protected directory access
Information published.
CVE-2026-42535
Baja
Microsoft
CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow
Information published.
CVE-2026-44631
Sin clasificar
Microsoft
CVE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp
Information published.
CVE-2026-44186
Baja
Microsoft
CVE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow
Information published.
CVE-2026-34356
Sin clasificar
Microsoft
CVE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`
Information published.
CVE-2026-44185
Baja
Microsoft
CVE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow
Information published.
CVE-2026-34355
Sin clasificar
SharePoint
CVE-2026-47294 Microsoft SharePoint Server Remote Code Execution Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-47294
Sin clasificar
Windows
CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-42903
Sin clasificar
Visual Studio
CVE-2026-48569 Visual Studio Code Security Feature Bypass Vulnerability
Updated the Security Updates Build Number
CVE-2026-48569
Sin clasificar
Visual Studio
CVE-2026-40376 Visual Studio Code Elevation of Privilege Vulnerability
Updated the Security Updates Build Number
CVE-2026-40376
Sin clasificar
Visual Studio
CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability
Updated the Security Updates Build Number and Title as the Chat extention is now merged into Visual Studio Code
CVE-2026-45482
Sin clasificar
Dynamics
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
The release notes link has been updated to point to the latest available version. Informational change only.
CVE-2026-40371
Sin clasificar
SharePoint
CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-47298
Sin clasificar
Microsoft
CVE-2026-20846 GDI+ Denial of Service Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-20846
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-43059 Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers
Information published.
CVE-2026-43059
Sin clasificar
Microsoft
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service
Information published.
CVE-2026-49975
Sin clasificar
Microsoft
CVE-2026-46275 Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
Information published.
CVE-2026-46275
Sin clasificar
Microsoft
CVE-2026-46285 mtd: docg3: fix use-after-free in docg3_release()
Information published.
CVE-2026-46285
Sin clasificar
Microsoft
CVE-2026-46280 lib: test_hmm: evict device pages on file close to avoid use-after-free
Information published.
CVE-2026-46280
Sin clasificar
Microsoft
CVE-2026-46282 iio: frequency: admv1013: fix NULL pointer dereference on str
Information published.
CVE-2026-46282
Media
Microsoft
CVE-2026-46312 media: videobuf2: Set vma_flags in vb2_dma_sg_mmap
Information published.
CVE-2026-46312
Sin clasificar
Microsoft
CVE-2026-46301 spi: topcliff-pch: fix use-after-free on unbind
Information published.
CVE-2026-46301
Baja
Microsoft
CVE-2026-46302 selinux: allow multiple opens of /sys/fs/selinux/policy
Information published.
CVE-2026-46302
Sin clasificar
Microsoft
CVE-2026-46314 drm/v3d: Reject empty multisync extension to prevent infinite loop
Information published.
CVE-2026-46314
Sin clasificar
Microsoft
CVE-2025-71315 drm/vkms: Convert to DRM's vblank timer
Information published.
CVE-2025-71315
Sin clasificar
Microsoft
CVE-2026-46296 spi: s3c64xx: fix NULL-deref on driver unbind
Information published.
CVE-2026-46296
Sin clasificar
Microsoft
CVE-2026-46287 net: txgbe: fix RTNL assertion warning when remove module
Information published.
CVE-2026-46287
Sin clasificar
Microsoft
CVE-2026-46299 hfsplus: fix held lock freed on hfsplus_fill_super()
Information published.
CVE-2026-46299
Sin clasificar
Microsoft
CVE-2026-46321 tun: free page on short-frame rejection in tun_xdp_one()
Information published.
CVE-2026-46321
Sin clasificar
Microsoft
CVE-2026-46319 net/sched: act_ct: Only release RCU read lock after ct_ft
Information published.
CVE-2026-46319
Sin clasificar
Microsoft
CVE-2026-46323 net: gro: don't merge zcopy skbs
Information published.
CVE-2026-46323
Sin clasificar
Microsoft
CVE-2026-46324 netfilter: nf_tables: use list_del_rcu for netlink hooks
Information published.
CVE-2026-46324
Sin clasificar
Microsoft
CVE-2026-46320 tap: free page on error paths in tap_get_user_xdp()
Information published.
CVE-2026-46320
Sin clasificar
Microsoft
CVE-2026-46289 lib/scatterlist: fix length calculations in extract_kvec_to_sg
Information published.
CVE-2026-46289
Sin clasificar
Microsoft
CVE-2026-46307 wifi: ath5k: do not access array OOB
Information published.
CVE-2026-46307
Sin clasificar
Microsoft
CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd
Information published.
CVE-2026-46292
Sin clasificar
Microsoft
CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()
Information published.
CVE-2026-46274
Sin clasificar
Microsoft
CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key
Information published.
CVE-2026-46291
Sin clasificar
Microsoft
CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration
Information published.
CVE-2026-46293
Baja
Microsoft
CVE-2026-46306 flow_dissector: do not dissect PPPoE PFC frames
Information published.
CVE-2026-46306
Sin clasificar
Microsoft
CVE-2026-46304 nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free
Information published.
CVE-2026-46304
Sin clasificar
Microsoft
CVE-2026-46303 isofs: validate Rock Ridge CE continuation extent against volume size
Information published.
CVE-2026-46303
Sin clasificar
Microsoft
CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service
Information published.
CVE-2026-49762
Sin clasificar
Microsoft
CVE-2026-46322 tun: free page on build_skb failure in tun_xdp_one()
Information published.
CVE-2026-46322
Sin clasificar
Microsoft
CVE-2026-46325 RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE
Information published.
CVE-2026-46325
Sin clasificar
Microsoft
CVE-2026-46330 Revert "net/smc: Introduce TCP ULP support"
Information published.
CVE-2026-46330
Baja
Windows
CVE-2026-41108 Windows DNS Client Elevation of Privilege Vulnerability
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
CVE-2026-41108
Baja
Microsoft Office
CVE-2026-45467 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45467
Baja
Microsoft Office
CVE-2026-45468 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45468
Baja
Microsoft Office
CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-45469
Baja
Microsoft Office
CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45475
Baja
Microsoft Office
CVE-2026-45472 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45472
Baja
Microsoft Office
CVE-2026-45471 Microsoft Word Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45471
Baja
Microsoft Office
CVE-2026-45474 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45474
Baja
Microsoft Office
CVE-2026-45479 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45479
Baja
Microsoft Office
CVE-2026-45486 Microsoft Word Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45486
Baja
Microsoft Office
CVE-2026-45485 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-45485
Baja
Microsoft Office
CVE-2026-45483 Microsoft Office Project Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.
CVE-2026-45483
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10984 Inappropriate implementation in Accessibility
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10984
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11291 Policy bypass in Android Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11291
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11178 Policy bypass in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11178
Baja
Windows
CVE-2025-10263 ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel]
No cwe for this issue in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
CVE-2025-10263
Sin clasificar
Windows
CVE-2026-40409 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
Information published.
CVE-2026-40409
Sin clasificar
Windows
CVE-2026-40404 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
Information published.
CVE-2026-40404
Baja
Windows
CVE-2026-33828 Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.
CVE-2026-33828
Baja
Windows
CVE-2026-34335 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34335
Baja
Microsoft
CVE-2026-42902 Microsoft PowerToys Elevation of Privilege Vulnerability
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.
CVE-2026-42902
Baja
Microsoft Office
CVE-2026-44817 Microsoft Excel Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44817
Baja
Microsoft Office
CVE-2026-44818 Microsoft Excel Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44818
Baja
Microsoft Office
CVE-2026-44819 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-44819
Baja
Microsoft Office
CVE-2026-44820 Microsoft Excel Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44820
Baja
Microsoft Office
CVE-2026-44821 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-44821
Baja
Microsoft Office
CVE-2026-44823 Microsoft Excel Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44823
Baja
Microsoft Office
CVE-2026-44824 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-44824
Baja
Microsoft Office
CVE-2026-45453 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45453
Baja
Microsoft Office
CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45456
Baja
Microsoft Office
CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45458
Baja
Microsoft Office
CVE-2026-45460 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-45460
Baja
Microsoft Office
CVE-2026-45461 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45461
Baja
Microsoft Office
CVE-2026-45466 Microsoft Word Information Disclosure Vulnerability
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-45466
Baja
Windows
CVE-2026-45487 Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability
Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.
CVE-2026-45487
Baja
Microsoft
CVE-2026-45490 .NET SDK Elevation of Privilege Vulnerability
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
CVE-2026-45490
Baja
Microsoft
CVE-2026-45491 .NET Tampering Vulnerability
Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.
CVE-2026-45491
Baja
Exchange Server
CVE-2026-45500 Microsoft Exchange Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-45500
Baja
Exchange Server
CVE-2026-45501 Microsoft Exchange Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-45501
Baja
Exchange Server
CVE-2026-45502 Microsoft Exchange Server Information Disclosure Vulnerability
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
CVE-2026-45502
Baja
Exchange Server
CVE-2026-45503 Microsoft Exchange Server Information Disclosure Vulnerability
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
CVE-2026-45503
Baja
Exchange Server
CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-45504
Baja
Exchange Server
CVE-2026-45583 Microsoft Exchange Server Remote Code Execution Vulnerability
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.
CVE-2026-45583
Baja
Windows
CVE-2026-45605 Windows Bluetooth Service Elevation of Privilege Vulnerability
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2026-45605
Baja
Windows
CVE-2026-45639 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-45639
Baja
Windows
CVE-2026-45640 Windows Bluetooth Port Driver Elevation of Privilege Vulnerability
Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-45640
Baja
Microsoft
CVE-2026-45606 Microsoft UxTheme Library (uxtheme.dll) Denial of Service Vulnerability
Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.
CVE-2026-45606
Baja
Windows
CVE-2026-45607 Windows Hyper-V Remote Code Execution Vulnerability
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-45607
Baja
Windows
CVE-2026-45641 Windows Hyper-V Remote Code Execution Vulnerability
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-45641
Baja
Windows
CVE-2026-45634 Windows DHCP Client Information Disclosure Vulnerability
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
CVE-2026-45634
Baja
Azure
CVE-2026-45642 Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.
CVE-2026-45642
Baja
Microsoft Office
CVE-2026-45643 Microsoft Word Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45643
Baja
Microsoft Office
CVE-2026-45645 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45645
Baja
Windows
CVE-2026-45648 Windows Active Directory Domain Services Remote Code Execution Vulnerability
Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
CVE-2026-45648
Baja
Microsoft
CVE-2026-45649 Office for Android Spoofing Vulnerability
Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
CVE-2026-45649
Crítica
Microsoft
CVE-2026-45650 Microsoft Bing Search Spoofing Vulnerability
User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-45650
Baja
Windows
CVE-2026-45655 Windows BitLocker Security Feature Bypass Vulnerability
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-45655
Baja
Windows
CVE-2026-45656 UEFI Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
CVE-2026-45656
Baja
Windows
CVE-2026-45657 Windows Kernel Remote Code Execution Vulnerability
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
CVE-2026-45657
Baja
Visual Studio
CVE-2026-47287 Visual Studio Code Tampering Vulnerability
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.
CVE-2026-47287
Baja
Windows
CVE-2026-47288 Windows Kerberos Key Distribution Center (KDC) Remote Code Execution
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
CVE-2026-47288
Baja
Microsoft
CVE-2026-47289 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-47289
Baja
Windows
CVE-2026-47291 HTTP.sys Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
CVE-2026-47291
Baja
Visual Studio
CVE-2026-47292 Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.
CVE-2026-47292
Baja
Microsoft
CVE-2026-41092 Microsoft Kinect Elevation of Privilege Vulnerability
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
CVE-2026-41092
Baja
Azure
CVE-2026-32193 Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.
CVE-2026-32193
Baja
Microsoft Office
CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-47298
Baja
Exchange Server
CVE-2026-47631 Microsoft Exchange Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-47631
Baja
Azure
CVE-2026-41098 Azure Stack Edge Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.
CVE-2026-41098
Baja
Microsoft Office
CVE-2026-47635 Microsoft Outlook and Word Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-47635
Baja
Microsoft Office
CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47636
Baja
Microsoft Office
CVE-2026-47637 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47637
Baja
Microsoft Office
CVE-2026-47638 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47638
Baja
Microsoft Office
CVE-2026-47639 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47639
Baja
Microsoft Office
CVE-2026-47641 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47641
Baja
Windows
CVE-2026-45588 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-45588
Baja
Windows
CVE-2026-47648 Windows Storage Elevation of Privilege Vulnerability
Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.
CVE-2026-47648
Baja
Windows
CVE-2026-8863 UEFI Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
CVE-2026-8863
Baja
Microsoft
CVE-2026-47653 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-47653
Baja
Windows
CVE-2026-47652 Windows Hyper-V Remote Code Execution Vulnerability
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-47652
Baja
Microsoft
CVE-2026-47654 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-47654
Baja
Microsoft
CVE-2026-48563 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-48563
Sin clasificar
Windows
CVE-2026-48566 Windows DWM Core Library Information Disclosure Vulnerability
Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who ha...
CVE-2026-48566
Baja
Windows
CVE-2026-48568 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48568
Baja
Windows
CVE-2026-48570 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48570
Baja
Windows
CVE-2026-48573 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48573
Baja
Windows
CVE-2026-48575 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48575
Baja
Windows
CVE-2026-48576 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48576
Baja
Windows
CVE-2026-48578 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48578
Baja
Windows
CVE-2026-48583 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-48583
Sin clasificar
Microsoft
ADV990001 Latest Servicing Stack Updates
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
Baja
Microsoft
CVE-2026-49161 Microsoft PC Manager Security Feature Bypass Vulnerability
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-49161
Baja
Windows
CVE-2026-50508 Windows NTLM Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-50508
Baja
Microsoft
CVE-2026-26142 Nuance PowerScribe Remote Code Execution Vulnerability
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.
CVE-2026-26142
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11012 Use after free in Serial
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11012
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11029 Insufficient validation of untrusted input in Drag and Drop
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11029
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11045 Insufficient validation of untrusted input in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11045
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11065 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11065
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11072 Use after free in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11072
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11080 Use after free in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11080
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11082 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11082
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11108 Inappropriate implementation in NFC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11108
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11119 Insufficient validation of untrusted input in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11119
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11131 Use after free in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11131
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11145 Race in Geolocation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11145
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11148 Inappropriate implementation in Payments
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11148
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11175 Incorrect security UI in Messages
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11175
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11188 Use after free in USB
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11188
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11226 Insufficient policy enforcement in PreviewTab
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11226
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11263 Insufficient policy enforcement in WebAuthentication
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11263
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11287 Insufficient validation of untrusted input in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11287
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11295 Inappropriate implementation in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11295
Baja
Microsoft Office
CVE-2026-33113 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-33113
Baja
Dynamics
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
CVE-2026-40371
Baja
Windows
CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-42828
Baja
Windows
CVE-2026-42829 Windows Administrator Protection Secure Feature Bypass Vulnerability
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
CVE-2026-42829
Baja
Microsoft
CVE-2026-42835 Microsoft Teams for Android Information Disclosure Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
CVE-2026-42835
Baja
Visual Studio
CVE-2026-40376 Visual Studio Code Elevation of Privilege Vulnerability
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-40376
Baja
Microsoft Office
CVE-2026-44822 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-44822
Baja
Microsoft Office
CVE-2026-45454 Microsoft SharePoint Remote Code Execution Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-45454
Baja
Microsoft Office
CVE-2026-45455 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-45455
Baja
Microsoft Office
CVE-2026-45457 Microsoft Word Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45457
Baja
Microsoft Office
CVE-2026-45459 Microsoft Excel Security Feature Bypass Vulnerability
Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-45459
Baja
Microsoft Office
CVE-2026-45462 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45462
Baja
Microsoft Office
CVE-2026-45463 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45463
Baja
Microsoft Office
CVE-2026-45464 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45464
Baja
Microsoft Office
CVE-2026-45465 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45465
Baja
Azure
CVE-2026-45476 Microsoft Azure Network Adapter Elevation of Privilege Vulnerability
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-45476
Baja
Visual Studio
CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-45482
Baja
Windows
CVE-2026-45586 Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.
CVE-2026-45586
Baja
Microsoft
CVE-2026-45591 ASP.NET Core Denial of Service Vulnerability
Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-45591
Baja
Windows
CVE-2026-45592 Windows Internet (wininet.dll) Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-45592
Sin clasificar
Windows
CVE-2026-45593 Windows SDK Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-45593
Baja
Windows
CVE-2026-45594 Windows Application Identity (AppID) Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
CVE-2026-45594
Baja
Windows
CVE-2026-45604 Windows Managed Installer Information Disclosure Vulnerability
Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
CVE-2026-45604
Baja
Windows
CVE-2026-45595 Windows Mark of the Web Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-45595
Sin clasificar
Windows
CVE-2026-45597 Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-45597
Baja
Windows
CVE-2026-45599 Windows UPnP Device Host Remote Code Execution Vulnerability
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
CVE-2026-45599
Baja
Windows
CVE-2026-45601 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45601
Baja
Windows
CVE-2026-45598 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45598
Baja
Windows
CVE-2026-45636 Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-45636
Baja
Windows
CVE-2026-45596 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45596
Baja
Windows
CVE-2026-45600 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-45600
Baja
Windows
CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
CVE-2026-45602
Baja
Windows
CVE-2026-45635 Windows UPnP Device Host Remote Code Execution Vulnerability
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
CVE-2026-45635
Baja
Windows
CVE-2026-45638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45638
Baja
Windows
CVE-2026-45603 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45603
Baja
Windows
CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-45637
Baja
Windows
CVE-2026-45608 Windows DHCP Client Information Disclosure Vulnerability
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
CVE-2026-45608
Baja
Microsoft
CVE-2026-45644 Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.
CVE-2026-45644
Baja
Windows
CVE-2026-45653 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-45653
Baja
Windows
CVE-2026-45654 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-45654
Baja
Defender
CVE-2026-45647 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2026-45647
Baja
Windows
CVE-2026-45658 Windows BitLocker Security Feature Bypass Vulnerability
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-45658
Baja
Visual Studio
CVE-2026-47281 Visual Studio Code Elevation of Privilege Vulnerability
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-47281
Baja
Visual Studio
CVE-2026-47284 Visual Studio Code Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.
CVE-2026-47284
Baja
Microsoft Office
CVE-2026-47293 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-47293
Baja
Windows
CVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability
Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.
CVE-2026-42910
Baja
Microsoft Office
CVE-2026-47634 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47634
Baja
Microsoft Office
CVE-2026-47640 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47640
Baja
Azure
CVE-2026-47643 Azure Stack Edge Remote Code Execution Vulnerability
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
CVE-2026-47643
Baja
Microsoft Office
CVE-2026-45481 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45481
Baja
Microsoft Office
CVE-2026-45484 Microsoft SharePoint Elevation of Privilege Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2026-45484
Baja
Windows
CVE-2026-47656 Windows Boot Manager Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-47656
Baja
Microsoft Office
CVE-2026-48560 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-48560
Baja
Microsoft Office
CVE-2026-48562 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-48562
Baja
Windows
CVE-2026-48565 Windows Narrator Braille Elevation of Privilege Vulnerability
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
CVE-2026-48565
Baja
Visual Studio
CVE-2026-48569 Visual Studio Code Security Feature Bypass Vulnerability
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-48569
Media
Windows
CVE-2026-48574 Windows Media Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-48574
Baja
Microsoft
CVE-2026-49160 HTTP.sys Denial of Service Vulnerability
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
CVE-2026-49160
Baja
Windows
CVE-2026-50507 Windows BitLocker Security Feature Bypass Vulnerability
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-50507
Baja
Microsoft
CVE-2026-50511 Microsoft PC Manager Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-50511
Baja
Microsoft
CVE-2026-50512 Microsoft PC Manager Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-50512
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11297 Insufficient validation of untrusted input in Reader Mode
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11297
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10883 Out of bounds write in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10883
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10892 Out of bounds write in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10892
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10923 Use after free in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10923
Baja
Microsoft Edge
Chromium: CVE-2026-10929 Heap buffer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10929
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10934 Use after free in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10934
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10953 Use after free in Core
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10953
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10959 Use after free in Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10959
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10967 Use after free in SurfaceCapture
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10967
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11007 Insufficient validation of untrusted input in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11007
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11010 Use after free in WebShare
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11010
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11019 Inappropriate implementation in Payments
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11019
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11034 Insufficient validation of untrusted input in Tab Group Sync
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11034
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11064 Uninitialized Use in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11064
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11077 Out of bounds read in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11077
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11127 Inappropriate implementation in WebAPKs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11127
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11163 Use after free in Messages
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11163
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11167 Inappropriate implementation in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11167
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11172 Incorrect security UI in Contact Picker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11172
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11215 Inappropriate implementation in Cronet
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11215
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11247 Insufficient policy enforcement in CustomTabs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11247
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11270 Inappropriate implementation in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11270
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11278 Inappropriate implementation in CustomTabs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11278
Baja
Microsoft Edge
Chromium: CVE-2026-11290 Integer overflow in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11290
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11035 Insufficient validation of untrusted input in Custom Tabs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11035
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11097 Inappropriate implementation in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11097
Baja
Windows
CVE-2026-42836 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-42836
Baja
Windows
CVE-2026-42837 Windows Projected File System Elevation of Privilege Vulnerability
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-42837
Sin clasificar
Windows
CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability
Information published.
CVE-2026-42903
Baja
Windows
CVE-2026-42904 Windows TCP/IP Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-42904
Sin clasificar
Windows
CVE-2026-42905 Windows DWM Core Library Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-42905
Baja
Windows
CVE-2026-42906 Windows Shell Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
CVE-2026-42906
Baja
Windows
CVE-2026-42907 Windows Shell Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
CVE-2026-42907
Baja
Windows
CVE-2026-42908 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-42908
Baja
Windows
CVE-2026-42980 NT OS Kernel Elevation of Privilege Vulnerability
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42980
Baja
Microsoft
CVE-2026-42909 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42909
Baja
Windows
CVE-2026-42916 NT OS Kernel Elevation of Privilege Vulnerability
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42916
Baja
Windows
CVE-2026-42911 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-42911
Baja
Microsoft
CVE-2026-42913 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42913
Baja
Windows
CVE-2026-42912 Windows Telephony Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-42912
Sin clasificar
Windows
CVE-2026-42914 Windows Kerberos Denial of Service Vulnerability
Information published.
CVE-2026-42914
Baja
Windows
CVE-2026-42915 Windows TCP/IP Denial of Service Vulnerability
Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.
CVE-2026-42915
Baja
Windows
CVE-2026-42968 Windows Telephony Server Information Disclosure Vulnerability
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
CVE-2026-42968
Baja
Windows
CVE-2026-42972 Windows Hyper-V Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
CVE-2026-42972
Baja
Windows
CVE-2026-42969 Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42969
Baja
Windows
CVE-2026-42971 Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42971
Baja
Windows
CVE-2026-42970 Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42970
Baja
Windows
CVE-2026-42973 Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42973
Baja
Windows
CVE-2026-42984 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42984
Baja
Windows
CVE-2026-42981 Windows Performance Monitor Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-42981
Baja
Windows
CVE-2026-42974 Windows Performance Monitor Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-42974
Baja
Microsoft
CVE-2026-42986 Microsoft Graphics Component Elevation of Privilege Vulnerability
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-42986
Baja
Windows
CVE-2026-42978 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42978
Baja
Windows
CVE-2026-42977 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42977
Baja
Windows
CVE-2026-42979 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42979
Baja
Windows
CVE-2026-42991 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42991
Baja
Microsoft
CVE-2026-42989 Winlogon Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-42989
Baja
Windows
CVE-2026-44809 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-44809
Baja
Windows
CVE-2026-44810 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
CVE-2026-44810
Baja
Microsoft
CVE-2026-42992 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42992
Baja
Windows
CVE-2026-44805 Windows Network Controller (NC) Host Agent Denial of Service Vulnerability
Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.
CVE-2026-44805
Baja
Windows
CVE-2026-44811 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44811
Baja
Windows
CVE-2026-44808 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44808
Baja
Windows
CVE-2026-44807 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44807
Baja
Microsoft
CVE-2026-44799 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-44799
Baja
Windows
CVE-2026-44815 DHCP Client Service Remote Code Execution Vulnerability
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
CVE-2026-44815
Baja
Windows
CVE-2026-42983 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42983
Baja
Windows
CVE-2026-44802 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44802
Baja
Windows
CVE-2026-44814 Windows DWM Core Library Information Disclosure Vulnerability
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-44814
Baja
Microsoft
CVE-2026-44801 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-44801
Baja
Microsoft
CVE-2026-42985 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42985
Baja
Windows
CVE-2026-42987 Windows Deployment Services (WDS) Remote Code Execution
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
CVE-2026-42987
Baja
Windows
CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-44803
Baja
Windows
CVE-2026-44812 Windows Graphics Component Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-44812
Baja
Microsoft
CVE-2026-42993 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42993
Baja
Windows
CVE-2026-44813 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44813
Baja
Windows
CVE-2026-44804 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44804
Sin clasificar
Exchange Server
CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability
Added links to June 2026 Exchange Server security updates. Microsoft recommends installing this updates as soon as possible.
CVE-2026-42897
Sin clasificar
Microsoft 365
CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability
Added Microsoft Excel for Android, Microsoft Word for Android, Microsoft Loop for Android, Microsoft PowerPoint for Android and Microsoft OneNote for Android softwares to the Security Updates table. Customers that ar...
CVE-2026-41100
Sin clasificar
Windows
CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
Added Office softwares to the Security Updates table. Customers that are running supported versions of Office are encouraged to update to the indicated versions to be protected from this vulnerability.
CVE-2026-21530
Sin clasificar
Windows
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Updated product information in the Software Update table. This is an informational change only.
CVE-2026-45585
Sin clasificar
Windows
CVE-2024-49075 Windows Remote Desktop Services Denial of Service Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...
CVE-2024-49075
Sin clasificar
Windows
CVE-2024-49123 Windows Remote Desktop Services Remote Code Execution Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...
CVE-2024-49123
Sin clasificar
Windows
CVE-2024-49132 Windows Remote Desktop Services Remote Code Execution Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...
CVE-2024-49132
Sin clasificar
Windows
CVE-2025-21330 Windows Remote Desktop Services Denial of Service Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...
CVE-2025-21330
Sin clasificar
Windows
CVE-2024-43582 Remote Desktop Protocol Server Remote Code Execution Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...
CVE-2024-43582
Sin clasificar
Windows
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Added links to June 2026 Windows security updates. Microsoft recommends installing this updates as soon as possible.
CVE-2026-45585
Sin clasificar
Windows
CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
To comprehensively address the vulnerability identified by CVE-2020-17103, Microsoft recommends installing the June 2026 updates for your Windows operating systems.
CVE-2020-17103
Baja
Microsoft
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
Information published.
CVE-2026-27144
Sin clasificar
Microsoft
CVE-2026-32280 Unexpected work during chain building in crypto/x509
Information published.
CVE-2026-32280
Sin clasificar
Microsoft
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Information published.
CVE-2026-27143
Sin clasificar
Microsoft
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
Information published.
CVE-2026-27140
Sin clasificar
Microsoft
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template
Information published.
CVE-2026-27142
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Sin clasificar
Microsoft
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-39833
Sin clasificar
Microsoft
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Information published.
CVE-2026-42250
Sin clasificar
Microsoft
CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory
Information published.
CVE-2026-42496
Sin clasificar
Microsoft
CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification
Information published.
CVE-2026-42790
Sin clasificar
Microsoft
CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
Information published.
CVE-2026-48962
Baja
Microsoft
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Information published.
CVE-2026-25243
Baja
Microsoft
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
Information published.
CVE-2026-23631
Baja
Microsoft
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution
Information published.
CVE-2026-23479
Sin clasificar
Microsoft
CVE-2026-33811 Crash when handling long CNAME response in net
Information published.
CVE-2026-33811
Sin clasificar
Microsoft
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Information published.
CVE-2026-39820
Sin clasificar
Windows
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Information published.
CVE-2026-39836
Sin clasificar
Microsoft
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Information published.
CVE-2026-42499
Sin clasificar
Microsoft
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Information published.
CVE-2026-42501
Sin clasificar
Microsoft
CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c
Information published.
CVE-2026-40528
Baja
Microsoft
CVE-2026-40510 OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c
Information published.
CVE-2026-40510
Media
Microsoft
CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation
Information published.
CVE-2026-42789
Sin clasificar
Microsoft
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
Information published.
CVE-2025-15649
Baja
Microsoft
CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward
Information published.
CVE-2026-48959
Sin clasificar
Microsoft
CVE-2026-46250 MIPS: Work around LLVM bug when gp is used as global register variable
Information published.
CVE-2026-46250
Sin clasificar
Microsoft
CVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime
Information published.
CVE-2026-42504
Sin clasificar
Microsoft
CVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,
Information published.
CVE-2026-50219
Baja
Microsoft
CVE-2026-10722 cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow
Information published.
CVE-2026-10722
Baja
Microsoft
CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service
Information published.
CVE-2026-43958
Sin clasificar
Microsoft
CVE-2026-11463 USCiLab Cereal Shared Pointer type confusion
Information published.
CVE-2026-11463
Sin clasificar
Microsoft
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service
Information published.
CVE-2026-49975
Sin clasificar
Microsoft
CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body
Information published.
CVE-2026-40930
Baja
Microsoft
CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders
Information published.
CVE-2026-10879
Baja
Microsoft
CVE-2026-50256 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch
Information published.
CVE-2026-50256
Sin clasificar
Microsoft
CVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes
Information published.
CVE-2026-50262
Sin clasificar
Microsoft
CVE-2026-50260 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()
Information published.
CVE-2026-50260
Sin clasificar
Microsoft
CVE-2026-50257 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()
Information published.
CVE-2026-50257
Baja
Microsoft
CVE-2026-50258 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels
Information published.
CVE-2026-50258
Sin clasificar
Microsoft
CVE-2026-50263 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()
Information published.
CVE-2026-50263
Sin clasificar
Microsoft
CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory
Information published.
CVE-2026-8643
Baja
Microsoft
CVE-2026-50031 ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Two subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" were found to have exploitable buffer overflows on response messages.
Information published.
CVE-2026-50031
Sin clasificar
Microsoft
CVE-2026-46272 coresight: tmc-etr: Fix race condition between sysfs and perf mode
Information published.
CVE-2026-46272
Sin clasificar
Microsoft
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto
Information published.
CVE-2026-42507
Sin clasificar
Microsoft
CVE-2026-50292 In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution
Information published.
CVE-2026-50292
Sin clasificar
Microsoft
CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509
Information published.
CVE-2026-27145
Baja
Microsoft
CVE-2026-37460 Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Information published.
CVE-2026-37460
Baja
Microsoft
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
Information published.
CVE-2026-7774
Sin clasificar
Microsoft
CVE-2026-50265 Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292
Information published.
CVE-2026-50265
CVE-2026-50292
Sin clasificar
Microsoft
CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()
Information published.
CVE-2026-50261
Baja
Microsoft
CVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing
Information published.
CVE-2026-50259
Sin clasificar
Microsoft Edge
CVE-2026-35429 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-35429
Sin clasificar
Microsoft Edge
CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-33118
Sin clasificar
Microsoft
CVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime
Information published.
CVE-2026-42504
Sin clasificar
Microsoft
CVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,
Information published.
CVE-2026-50219
Baja
Microsoft
CVE-2026-10722 cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow
Information published.
CVE-2026-10722
Baja
Microsoft
CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service
Information published.
CVE-2026-43958
Sin clasificar
Microsoft
CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory
Information published.
CVE-2026-8643
Sin clasificar
Microsoft
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto
Information published.
CVE-2026-42507
Sin clasificar
Microsoft
CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509
Information published.
CVE-2026-27145
Sin clasificar
Microsoft
CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution
Information published.
CVE-2026-11332
Baja
Microsoft
CVE-2026-37460 Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Information published.
CVE-2026-37460
Sin clasificar
Microsoft
CVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal
Information published.
CVE-2026-5419
Sin clasificar
Microsoft
CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities
Information published.
CVE-2026-8829
Sin clasificar
Microsoft
CVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()
Information published.
CVE-2026-3276
Baja
Microsoft
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
Information published.
CVE-2026-7774
Sin clasificar
Windows
CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-33841
Sin clasificar
Windows
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
This CVE was updated to fix the download link for .NET Framework 3.8 & 4.81 for Windows 2025
CVE-2026-32177
Sin clasificar
Windows
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
This CVE was updated to fix the download link for .NET Framework 3.8 & 4.81 for Windows 2025
CVE-2026-35433
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Sin clasificar
Microsoft
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
CVE-2026-25680
Baja
Azure
CVE-2026-48567 Azure HorizonDB Elevation of Privilege Vulnerability
Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-48567
Baja
Microsoft
CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-42824
Baja
Microsoft
CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
CVE-2026-45497
Baja
Microsoft Edge
CVE-2026-47644 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
CVE-2026-47644
Baja
Microsoft
CVE-2026-47655 Microsoft Graph Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network.
CVE-2026-47655
Baja
Microsoft
CVE-2026-48579 Microsoft Exchange Online Information Disclosure Vulnerability
Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.
CVE-2026-48579
Sin clasificar
Microsoft
CVE-2025-1149 GNU Binutils ld xmalloc.c xstrdup memory leak
Information published.
CVE-2025-1149
Sin clasificar
Microsoft
CVE-2026-35414 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
Information published.
CVE-2026-35414
Sin clasificar
Microsoft
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
Information published.
CVE-2026-41140
Sin clasificar
Microsoft
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42506
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Information published.
CVE-2026-27136
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Information published.
CVE-2026-39828
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Baja
Microsoft
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Information published.
CVE-2026-9150
Baja
Microsoft
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
Information published.
CVE-2026-9149
Baja
Microsoft
CVE-2026-43964 Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
Information published.
CVE-2026-43964
Sin clasificar
Microsoft
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
CVE-2026-25680
Sin clasificar
Microsoft
CVE-2024-7598 Network restriction bypass via race condition during namespace termination
Information published.
CVE-2024-7598
Baja
Microsoft
CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
Information published.
CVE-2025-29923
Baja
Microsoft
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve
Information published.
CVE-2026-25541
Baja
Microsoft
CVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).
Information published.
CVE-2025-60876
Sin clasificar
Microsoft
CVE-2020-8561 Webhook redirect in kube-apiserver
Information published.
CVE-2020-8561
Sin clasificar
Microsoft
CVE-2021-25740 Holes in EndpointSlice Validation Enable Host Network Hijack
Information published.
CVE-2021-25740
Sin clasificar
Microsoft
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Information published.
CVE-2025-61729
Sin clasificar
Microsoft
CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Information published.
CVE-2025-61727
Sin clasificar
Microsoft
CVE-2025-5791 Users: `root` appended to group listings
Information published.
CVE-2025-5791
Sin clasificar
Microsoft
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion
Information published.
CVE-2025-9403
Sin clasificar
Microsoft
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
Information published.
CVE-2025-58160
Sin clasificar
Microsoft
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Information published.
CVE-2025-58188
Sin clasificar
Microsoft
CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Information published.
CVE-2025-58183
Sin clasificar
Microsoft
CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
Information published.
CVE-2025-61725
Sin clasificar
Microsoft
CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Information published.
CVE-2025-58186
Sin clasificar
Microsoft
CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
Information published.
CVE-2025-61724
Sin clasificar
Microsoft
CVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
Information published.
CVE-2025-46327
Sin clasificar
Microsoft
CVE-2024-58251 In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.
Information published.
CVE-2024-58251
Sin clasificar
Microsoft
CVE-2025-46394 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
Information published.
CVE-2025-46394
Sin clasificar
Microsoft
CVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leak
Information published.
CVE-2025-3198
Baja
Microsoft
CVE-2013-1633 easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
Information published.
CVE-2013-1633
Baja
Microsoft
CVE-2024-58266 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
Information published.
CVE-2024-58266
Sin clasificar
Microsoft
CVE-2023-27043 The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
Information published.
CVE-2023-27043
Baja
Microsoft
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
Information published.
CVE-2025-1176
Sin clasificar
Microsoft
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
Information published.
CVE-2025-1178
Sin clasificar
Microsoft
CVE-2025-1151 GNU Binutils ld xmemdup.c xmemdup memory leak
Information published.
CVE-2025-1151
Sin clasificar
Microsoft
CVE-2025-1150 GNU Binutils ld libbfd.c bfd_malloc memory leak
Information published.
CVE-2025-1150
Sin clasificar
Microsoft
CVE-2025-1180 GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption
Information published.
CVE-2025-1180
Sin clasificar
Microsoft
CVE-2025-1152 GNU Binutils ld xstrdup.c xstrdup memory leak
Information published.
CVE-2025-1152
Sin clasificar
Microsoft
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Information published.
CVE-2026-29181
Baja
Microsoft
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
Information published.
CVE-2026-27144
Sin clasificar
Microsoft
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
Information published.
CVE-2026-32282
Sin clasificar
Microsoft
CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
Information published.
CVE-2026-40226
Baja
Microsoft
CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal
Information published.
CVE-2026-5928
Sin clasificar
Microsoft
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Information published.
CVE-2026-6357
Sin clasificar
Microsoft
CVE-2026-41607 Apache Thrift: C++ JSON OOB read
Information published.
CVE-2026-41607
Crítica
Microsoft
CVE-2026-41526 In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.
Information published.
CVE-2026-41526
Baja
Microsoft
CVE-2026-40356 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
Information published.
CVE-2026-40356
Sin clasificar
Windows
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
Information published.
CVE-2026-3087
Sin clasificar
Microsoft
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Information published.
CVE-2026-6842
Sin clasificar
Microsoft
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Information published.
CVE-2026-39882
Sin clasificar
Microsoft
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Information published.
CVE-2026-32288
Sin clasificar
Microsoft
CVE-2026-32281 Inefficient policy validation in crypto/x509
Information published.
CVE-2026-32281
Sin clasificar
Microsoft
CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template
Information published.
CVE-2026-32289
Sin clasificar
Microsoft
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
Information published.
CVE-2026-32283
Sin clasificar
Microsoft
CVE-2026-32280 Unexpected work during chain building in crypto/x509
Information published.
CVE-2026-32280
Sin clasificar
Microsoft
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Information published.
CVE-2026-27143
Sin clasificar
Microsoft
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
Information published.
CVE-2026-27140
Sin clasificar
Microsoft
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Information published.
CVE-2026-1502
Sin clasificar
Microsoft
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Information published.
CVE-2026-6100
Sin clasificar
Microsoft
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Information published.
CVE-2026-4786
CVE-2026-4519
Baja
Microsoft
CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal
Information published.
CVE-2026-5358
Baja
Microsoft
CVE-2026-5450 scanf %mc off-by-one heap buffer overflow
Information published.
CVE-2026-5450
Sin clasificar
Microsoft
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Information published.
CVE-2026-3219
Sin clasificar
Microsoft
CVE-2026-40225 In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
Information published.
CVE-2026-40225
Baja
Microsoft
CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path
Information published.
CVE-2026-5435
Sin clasificar
Microsoft
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters
Information published.
CVE-2026-6019
Sin clasificar
Microsoft
CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field
Information published.
CVE-2026-6238
Baja
Microsoft
CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow
Information published.
CVE-2026-41606
Sin clasificar
Microsoft
CVE-2026-40355 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
Information published.
CVE-2026-40355
Sin clasificar
Microsoft
CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file
Information published.
CVE-2026-6845
Sin clasificar
Microsoft
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
Information published.
CVE-2026-6843
Baja
Microsoft
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
Information published.
CVE-2026-3832
Sin clasificar
Microsoft
CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation
Information published.
CVE-2026-6383
Baja
Microsoft
CVE-2024-30896 InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API.
Information published.
CVE-2024-30896
Sin clasificar
Microsoft
CVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on drop
Information published.
CVE-2025-4574
Sin clasificar
Microsoft
CVE-2019-11254 Kubernetes API Server denial of service vulnerability from malicious YAML payloads
Information published.
CVE-2019-11254
Sin clasificar
Microsoft
CVE-2023-1386 Qemu: 9pfs: suid/sgid bits not dropped on file write
Information published.
CVE-2023-1386
Sin clasificar
Microsoft
CVE-2026-2297 SourcelessFileLoader does not use io.open_code()
Information published.
CVE-2026-2297
Sin clasificar
Microsoft
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template
Information published.
CVE-2026-27142
Baja
Microsoft
CVE-2026-4224 Stack overflow parsing XML with deeply nested DTD content models
Information published.
CVE-2026-4224
Sin clasificar
Microsoft
CVE-2026-3644 Incomplete control character validation in http.cookies
Information published.
CVE-2026-3644
Sin clasificar
Microsoft
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
Information published.
CVE-2026-4948
Baja
Microsoft
CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow
Information published.
CVE-2026-3713
Sin clasificar
Microsoft
CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
Information published.
CVE-2025-13462
Sin clasificar
Microsoft
CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message
Information published.
CVE-2026-0968
Baja
Microsoft
CVE-2026-37457 An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.
Information published.
CVE-2026-37457
Sin clasificar
Azure
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Information published.
CVE-2026-42151
Baja
Microsoft
CVE-2026-33846 Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly
Information published.
CVE-2026-33846
Sin clasificar
Microsoft
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Information published.
CVE-2026-33814
Sin clasificar
Microsoft
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Information published.
CVE-2026-39823
Sin clasificar
Microsoft
CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals
Information published.
CVE-2026-41889
Baja
Microsoft
CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro
Information published.
CVE-2026-43894
Baja
Microsoft
CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge
Information published.
CVE-2026-43896
Sin clasificar
Microsoft
CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
Information published.
CVE-2026-43895
Baja
Microsoft
CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains
Information published.
CVE-2026-40612
Sin clasificar
Microsoft
CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f
Information published.
CVE-2026-41256
Sin clasificar
Microsoft
CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences
Information published.
CVE-2026-8177
Baja
Microsoft
CVE-2026-44777 jq: stack overflow in module loading on mutual `include`
Information published.
CVE-2026-44777
Sin clasificar
Microsoft
CVE-2026-4873 connection reuse ignores TLS requirement
Information published.
CVE-2026-4873
Sin clasificar
Microsoft
CVE-2026-6429 netrc credential leak with reused proxy connection
Information published.
CVE-2026-6429
Sin clasificar
Microsoft
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
Information published.
CVE-2026-5545
Sin clasificar
Microsoft
CVE-2026-6253 proxy credentials leak over redirect-to proxy
Information published.
CVE-2026-6253
Sin clasificar
Microsoft
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Information published.
CVE-2026-42304
Sin clasificar
Microsoft
CVE-2026-4893 CVE-2026-4893
Information published.
CVE-2026-4893
Sin clasificar
Microsoft
CVE-2026-2291 CVE-2026-2291
Information published.
CVE-2026-2291
Sin clasificar
Microsoft
CVE-2026-5172 CVE-2026-5172
Information published.
CVE-2026-5172
Sin clasificar
Microsoft
CVE-2026-4890 CVE-2026-4890
Information published.
CVE-2026-4890
Sin clasificar
Microsoft
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
Information published.
CVE-2026-34956
Sin clasificar
Microsoft
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Information published.
CVE-2026-7210
Sin clasificar
Microsoft
CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
Information published.
CVE-2026-43969
Baja
Microsoft
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
Information published.
CVE-2026-45803
Sin clasificar
Microsoft
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
Information published.
CVE-2026-42009
Sin clasificar
Microsoft
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42506
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Information published.
CVE-2026-27136
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39829
Sin clasificar
Microsoft
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
Information published.
CVE-2026-39830
Baja
Microsoft
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Information published.
CVE-2026-46597
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
Information published.
CVE-2026-39834
Sin clasificar
Microsoft
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Information published.
CVE-2026-39828
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Sin clasificar
Microsoft
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-39833
Sin clasificar
Microsoft
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Information published.
CVE-2026-5222
Baja
Microsoft
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Information published.
CVE-2026-25243
Baja
Microsoft
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
Information published.
CVE-2026-23631
Baja
Microsoft
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution
Information published.
CVE-2026-23479
Sin clasificar
Microsoft
CVE-2026-33811 Crash when handling long CNAME response in net
Information published.
CVE-2026-33811
Sin clasificar
Microsoft
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Information published.
CVE-2026-39817
Baja
Microsoft
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Information published.
CVE-2026-39819
Sin clasificar
Microsoft
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Information published.
CVE-2026-39820
Sin clasificar
Microsoft
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Information published.
CVE-2026-39825
Sin clasificar
Microsoft
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Information published.
CVE-2026-39826
Sin clasificar
Windows
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Information published.
CVE-2026-39836
Sin clasificar
Microsoft
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Information published.
CVE-2026-42499
Sin clasificar
Microsoft
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Information published.
CVE-2026-42501
Baja
Microsoft
CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)
Information published.
CVE-2026-41257
Sin clasificar
Microsoft
CVE-2026-6276 stale custom cookie host causes cookie leak
Information published.
CVE-2026-6276
Sin clasificar
Microsoft
CVE-2026-7168 cross-proxy Digest auth state leak
Information published.
CVE-2026-7168
Sin clasificar
Microsoft
CVE-2026-4891 CVE-2026-4891
Information published.
CVE-2026-4891
Sin clasificar
Microsoft
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username
Information published.
CVE-2026-42010
Sin clasificar
Microsoft
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
Information published.
CVE-2026-7790
Sin clasificar
Microsoft
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Information published.
CVE-2026-43968
Sin clasificar
Microsoft
CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects
Information published.
CVE-2026-8368
Sin clasificar
Microsoft
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
Information published.
CVE-2026-8328
Sin clasificar
Microsoft
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Information published.
CVE-2026-39821
Sin clasificar
Microsoft
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
CVE-2026-25680
Sin clasificar
Microsoft
CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
Information published.
CVE-2026-8466
Sin clasificar
Microsoft
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Information published.
CVE-2026-5223
Sin clasificar
Microsoft
CVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directive
Information published.
CVE-2026-44896
Sin clasificar
Microsoft
CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability
Information published.
CVE-2026-44899
Baja
Microsoft
CVE-2025-55551 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
Information published.
CVE-2025-55551
Baja
Microsoft
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
Information published.
CVE-2025-11083
Baja
Microsoft
CVE-2025-55554 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
Information published.
CVE-2025-55554
Sin clasificar
Microsoft
CVE-2026-40361 Microsoft Outlook and Word Remote Code Execution Vulnerability
Updated CVE title. This is an informational change only.
CVE-2026-40361
Sin clasificar
Microsoft
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference
Information published.
CVE-2025-15504
Sin clasificar
Microsoft
CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
Information published.
CVE-2017-3736
Baja
Microsoft
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Information published.
CVE-2026-31789
Sin clasificar
Microsoft
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
CVE-2026-28387
Sin clasificar
Microsoft
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Information published.
CVE-2026-28388
Sin clasificar
Microsoft
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Information published.
CVE-2026-34757
Sin clasificar
Microsoft
CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
Information published.
CVE-2026-41080
Sin clasificar
Microsoft
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Information published.
CVE-2026-28389
Sin clasificar
Microsoft
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
CVE-2026-28390
Baja
Microsoft
CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
Information published.
CVE-2026-34875
Baja
Microsoft
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Information published.
CVE-2026-34874
Baja
Microsoft
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Information published.
CVE-2026-34876
Sin clasificar
Microsoft
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Information published.
CVE-2026-25835
Sin clasificar
Microsoft
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Information published.
CVE-2025-66442
Sin clasificar
Microsoft
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Information published.
CVE-2026-34873
Sin clasificar
Microsoft
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Information published.
CVE-2026-34871
Sin clasificar
Microsoft
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Information published.
CVE-2026-34872
Baja
Microsoft
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Information published.
CVE-2026-25834
Baja
Microsoft
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Information published.
CVE-2026-25833
Baja
Microsoft
CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`.
This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.
The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.
Impact:
* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
Information published.
CVE-2025-23167
Sin clasificar
Microsoft
CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.
The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.
This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
Information published.
CVE-2026-21717
Sin clasificar
Microsoft
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Information published.
CVE-2026-2673
Sin clasificar
Microsoft
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Information published.
CVE-2026-33671
Sin clasificar
Microsoft
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Information published.
CVE-2026-33672
Baja
Microsoft
CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.
As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.
This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.
Information published.
CVE-2026-21711
Sin clasificar
Microsoft
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
Information published.
CVE-2026-35579
Sin clasificar
Microsoft
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault
Information published.
CVE-2026-7261
Baja
Microsoft
CVE-2026-7568 Signed integer overflow in metaphone()
Information published.
CVE-2026-7568
Sin clasificar
Microsoft
CVE-2026-3592 Amplification vulnerabilities via self-pointed glue records
Information published.
CVE-2026-3592
Sin clasificar
Microsoft
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
Information published.
CVE-2026-42009
Sin clasificar
Microsoft
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Information published.
CVE-2026-8723
Baja
Microsoft
CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading
Information published.
CVE-2025-14575
Sin clasificar
Microsoft
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42506
Baja
Windows
CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows
Information published.
CVE-2026-39824
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Information published.
CVE-2026-27136
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39829
Sin clasificar
Microsoft
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
Information published.
CVE-2026-39830
Baja
Microsoft
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Information published.
CVE-2026-46597
Sin clasificar
Microsoft
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
Information published.
CVE-2026-39831
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
Information published.
CVE-2026-39834
Sin clasificar
Microsoft
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Information published.
CVE-2026-39828
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Sin clasificar
Microsoft
CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
Information published.
CVE-2026-46595
Sin clasificar
Microsoft
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-39833
Sin clasificar
Microsoft
CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
Information published.
CVE-2026-42508
Sin clasificar
Microsoft
CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Information published.
CVE-2026-6402
Sin clasificar
Microsoft
CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments
Information published.
CVE-2026-44844
Sin clasificar
Microsoft
CVE-2026-44708 Mistune Math Plugin XSS Escape Bypass
Information published.
CVE-2026-44708
Sin clasificar
Microsoft
CVE-2026-44897 Mistune Heading ID Attribute Injection XSS
Information published.
CVE-2026-44897
Sin clasificar
Microsoft
CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()
Information published.
CVE-2026-47104
Sin clasificar
Microsoft
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Information published.
CVE-2026-42250
Sin clasificar
Microsoft
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
Information published.
CVE-2026-46232
Media
Microsoft
CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups
Information published.
CVE-2026-46235
Sin clasificar
Microsoft
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
Information published.
CVE-2026-46157
Baja
Microsoft
CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Information published.
CVE-2026-9538
Baja
Microsoft
CVE-2026-10028 Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain
Information published.
CVE-2026-10028
Sin clasificar
Microsoft
CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error
Information published.
CVE-2026-6324
Baja
Microsoft
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Information published.
CVE-2026-7598
Sin clasificar
Microsoft
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD
Information published.
CVE-2026-7258
Sin clasificar
Microsoft
CVE-2026-6722 Use-After-Free in SOAP using Apache map
Information published.
CVE-2026-6722
Sin clasificar
Microsoft
CVE-2026-6735 XSS within PHP-FPM status endpoint
Information published.
CVE-2026-6735
Sin clasificar
Microsoft
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing
Information published.
CVE-2026-7262
Sin clasificar
Microsoft
CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings
Information published.
CVE-2025-14179
Sin clasificar
Microsoft
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
Information published.
CVE-2026-7259
Sin clasificar
Microsoft
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Information published.
CVE-2026-39821
Sin clasificar
Microsoft
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
CVE-2026-25680
Sin clasificar
Microsoft
CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-39832
Sin clasificar
Microsoft
CVE-2026-44898 Mistune TOC Anchor Injection XSS
Information published.
CVE-2026-44898
Sin clasificar
Microsoft
CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()
Information published.
CVE-2026-23679
Sin clasificar
Microsoft
CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually
Information published.
CVE-2026-46148
Sin clasificar
Microsoft
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback
Information published.
CVE-2026-46194
Baja
Microsoft
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams
Information published.
CVE-2026-46179
Sin clasificar
Microsoft
CVE-2026-46143 ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens
Information published.
CVE-2026-46143
Sin clasificar
Microsoft
CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size
Information published.
CVE-2026-46169
Sin clasificar
Microsoft
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
Information published.
CVE-2026-46121
Sin clasificar
Microsoft
CVE-2026-46184 sound: ua101: fix division by zero at probe
Information published.
CVE-2026-46184
Sin clasificar
Microsoft
CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs
Information published.
CVE-2026-41184
Sin clasificar
Microsoft
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling
Information published.
CVE-2026-42015
Sin clasificar
Microsoft
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
Information published.
CVE-2025-15649
Baja
Microsoft
CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI
Information published.
CVE-2026-44839
Baja
Microsoft
CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward
Information published.
CVE-2026-48959
Sin clasificar
Microsoft Edge
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-45495
Sin clasificar
Microsoft Edge
CVE-2026-45494 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-45494
Sin clasificar
Windows
CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability
Updated Hotpatch links. This is in informational change only.
CVE-2026-42825
Sin clasificar
Microsoft
CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption
Updated Hotpatch links. This is in informational change only.
CVE-2025-54518
Sin clasificar
Visual Studio
CVE-2025-6965 Integer Truncation on SQLite
Added Visual Studio software to the Security Updates table. Customers that are running supported version of Visual Studio are encouraged to update to the indicated version to be protected from this vulnerability.
CVE-2025-6965
Sin clasificar
Microsoft
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39829
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Information published.
CVE-2026-39821
Baja
Microsoft
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Information published.
Baja
Microsoft
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Information published.
Baja
Microsoft
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Information published.
Sin clasificar
Microsoft
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference
Information published.
CVE-2025-15504
Baja
Microsoft
CVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.
Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.
Information published.
CVE-2024-36137
Baja
Microsoft
CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.
This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.
This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
Information published.
CVE-2024-22018
Sin clasificar
Microsoft
CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
Information published.
CVE-2017-3736
Baja
Microsoft
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Information published.
CVE-2026-31789
Sin clasificar
Microsoft
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
CVE-2026-28387
Sin clasificar
Microsoft
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Information published.
CVE-2026-28388
Sin clasificar
Microsoft
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Information published.
CVE-2026-28389
Sin clasificar
Microsoft
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
CVE-2026-28390
Baja
Microsoft
CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
Information published.
CVE-2026-34875
Baja
Microsoft
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Information published.
CVE-2026-34874
Baja
Microsoft
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Information published.
CVE-2026-34876
Sin clasificar
Microsoft
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Information published.
CVE-2026-25835
Sin clasificar
Microsoft
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Information published.
CVE-2025-66442
Sin clasificar
Microsoft
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Information published.
CVE-2026-34873
Sin clasificar
Microsoft
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Information published.
CVE-2026-34871
Sin clasificar
Microsoft
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Information published.
CVE-2026-34872
Baja
Microsoft
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Information published.
CVE-2026-25834
Baja
Microsoft
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Information published.
CVE-2026-25833
Baja
Microsoft
CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`.
This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.
The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.
Impact:
* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
Information published.
CVE-2025-23167
Sin clasificar
Microsoft
CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.
The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.
This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
Information published.
CVE-2026-21717
Sin clasificar
Microsoft
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Information published.
CVE-2026-2673
Sin clasificar
Microsoft
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Information published.
CVE-2026-33671
Sin clasificar
Microsoft
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Information published.
CVE-2026-33672
Baja
Microsoft
CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.
As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.
This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.
Information published.
CVE-2026-21711
Sin clasificar
Microsoft
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Information published.
CVE-2026-42250
Sin clasificar
Microsoft
CVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAF
Information published.
CVE-2026-46242
Sin clasificar
Microsoft
CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification
Information published.
CVE-2026-42790
Sin clasificar
Microsoft
CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans
Information published.
CVE-2026-42012
Sin clasificar
Microsoft
CVE-2026-9804 Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read
Information published.
CVE-2026-9804
Baja
Microsoft
CVE-2026-48864 Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data
Information published.
CVE-2026-48864
Sin clasificar
Microsoft
CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
Information published.
CVE-2026-48962
Sin clasificar
Microsoft
CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule
Information published.
CVE-2026-40034
Sin clasificar
Microsoft
CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c
Information published.
CVE-2026-40528
Baja
Microsoft
CVE-2026-40510 OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c
Information published.
CVE-2026-40510
Media
Microsoft
CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation
Information published.
CVE-2026-42789
Sin clasificar
Microsoft
CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name
Information published.
CVE-2026-42013
Sin clasificar
Microsoft
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling
Information published.
CVE-2026-42015
Sin clasificar
Microsoft
CVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchange
Information published.
CVE-2026-5260
Baja
Microsoft
CVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability
Information published.
CVE-2026-7374
Sin clasificar
Microsoft
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
Information published.
CVE-2025-15649
Baja
Microsoft
CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI
Information published.
CVE-2026-44839
Sin clasificar
Microsoft
CVE-2026-46219 spi: mpc52xx: fix use-after-free on unbind
Information published.
CVE-2026-46219
Sin clasificar
Microsoft
CVE-2026-46214 vsock/virtio: fix accept queue count leak on transport mismatch
Information published.
CVE-2026-46214
Sin clasificar
Microsoft
CVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-race
Information published.
CVE-2026-46137
Sin clasificar
Microsoft
CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length
Information published.
CVE-2026-46186
Sin clasificar
Microsoft
CVE-2026-46172 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()
Information published.
CVE-2026-46172
Sin clasificar
Microsoft
CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt
Information published.
CVE-2026-46168
Sin clasificar
Microsoft
CVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX path
Information published.
CVE-2026-46163
Baja
Microsoft
CVE-2026-46131 KVM: x86: check for nEPT/nNPT in slow flush hypercalls
Information published.
CVE-2026-46131
Sin clasificar
Microsoft
CVE-2026-46128 ipmi: Check event message buffer response for bad data
Information published.
CVE-2026-46128
Sin clasificar
Microsoft
CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails
Information published.
CVE-2026-46191
Sin clasificar
Microsoft
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
Information published.
CVE-2026-46232
Sin clasificar
Microsoft
CVE-2026-46220 drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
Information published.
CVE-2026-46220
Baja
Microsoft
CVE-2026-46107 dm-thin: fix metadata refcount underflow
Information published.
CVE-2026-46107
Sin clasificar
Microsoft
CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
Information published.
CVE-2026-46149
Sin clasificar
Microsoft
CVE-2026-46116 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
Information published.
CVE-2026-46116
Media
Microsoft
CVE-2026-46236 media: rc: xbox_remote: heed DMA restrictions
Information published.
CVE-2026-46236
Media
Microsoft
CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups
Information published.
CVE-2026-46235
Sin clasificar
Microsoft
CVE-2026-46177 ipmi: Add limits to event and receive message requests
Information published.
CVE-2026-46177
Sin clasificar
Microsoft
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
Information published.
CVE-2026-46157
Sin clasificar
Microsoft
CVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if last
Information published.
CVE-2026-46170
Sin clasificar
Microsoft
CVE-2026-46230 drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg
Information published.
CVE-2026-46230
Sin clasificar
Microsoft
CVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_put
Information published.
CVE-2026-46123
Sin clasificar
Microsoft
CVE-2026-46108 ipmi:si: Return state to normal if message allocation fails
Information published.
CVE-2026-46108
Sin clasificar
Microsoft
CVE-2026-46152 wifi: mac80211: drop stray 'static' from fast-RX rx_result
Information published.
CVE-2026-46152
Sin clasificar
Microsoft
CVE-2026-46112 RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
Information published.
CVE-2026-46112
Sin clasificar
Microsoft
CVE-2026-46114 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads
Information published.
CVE-2026-46114
Sin clasificar
Microsoft
CVE-2026-46125 wifi: mac80211: remove station if connection prep fails
Information published.
CVE-2026-46125
Sin clasificar
Microsoft
CVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
Information published.
CVE-2026-46227
Sin clasificar
Microsoft
CVE-2026-46153 8021q: delete cleared egress QoS mappings
Information published.
CVE-2026-46153
Sin clasificar
Microsoft
CVE-2026-46150 fanotify: fix false positive on permission events
Information published.
CVE-2026-46150
Sin clasificar
Microsoft
CVE-2026-46241 spi: mpc52xx: fix use-after-free on registration failure
Information published.
CVE-2026-46241
Sin clasificar
Microsoft
CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()
Information published.
CVE-2026-46147
Sin clasificar
Microsoft
CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown
Information published.
CVE-2026-46135
Sin clasificar
Microsoft
CVE-2026-46189 RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
Information published.
CVE-2026-46189
Sin clasificar
Microsoft
CVE-2026-46199 drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg
Information published.
CVE-2026-46199
Sin clasificar
Microsoft
CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response
Information published.
CVE-2026-46151
Sin clasificar
Microsoft
CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget
Information published.
CVE-2026-46124
Sin clasificar
Microsoft
CVE-2026-46106 eventfs: Hold eventfs_mutex and SRCU when remount walks events
Information published.
CVE-2026-46106
Sin clasificar
Microsoft
CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
Information published.
CVE-2026-46181
Sin clasificar
Microsoft
CVE-2026-46178 RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()
Information published.
CVE-2026-46178
Sin clasificar
Microsoft
CVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insert
Information published.
CVE-2026-46231
Sin clasificar
Microsoft
CVE-2026-46200 spi: mpc52xx: fix controller deregistration
Information published.
CVE-2026-46200
Sin clasificar
Microsoft
CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
Information published.
CVE-2026-46209
Sin clasificar
Microsoft
CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually
Information published.
CVE-2026-46148
Baja
Microsoft
CVE-2026-46198 batman-adv: fix integer overflow on buff_pos
Information published.
CVE-2026-46198
Sin clasificar
Microsoft
CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync
Information published.
CVE-2026-46111
Sin clasificar
Microsoft
CVE-2026-46195 smb: client: validate dacloffset before building DACL pointers
Information published.
CVE-2026-46195
Sin clasificar
Microsoft
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback
Information published.
CVE-2026-46194
Sin clasificar
Microsoft
CVE-2026-46109 usb: ulpi: fix memory leak on ulpi_register() error paths
Information published.
CVE-2026-46109
Sin clasificar
Microsoft
CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
Information published.
CVE-2026-46229
Sin clasificar
Microsoft
CVE-2026-46173 exit: prevent preemption of oopsing TASK_DEAD task
Information published.
CVE-2026-46173
Sin clasificar
Microsoft
CVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directory
Information published.
CVE-2026-46160
Sin clasificar
Microsoft
CVE-2026-46180 wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task
Information published.
CVE-2026-46180
Sin clasificar
Microsoft
CVE-2026-46185 smb/client: fix out-of-bounds read in symlink_data()
Information published.
CVE-2026-46185
Sin clasificar
Microsoft
CVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
Information published.
CVE-2026-46161
Sin clasificar
Microsoft
CVE-2026-46212 batman-adv: bla: prevent use-after-free when deleting claims
Information published.
CVE-2026-46212
Sin clasificar
Microsoft
CVE-2026-46234 vsock: fix buffer size clamping order
Information published.
CVE-2026-46234
Baja
Microsoft
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams
Information published.
CVE-2026-46179
Sin clasificar
Microsoft
CVE-2026-46196 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()
Information published.
CVE-2026-46196
Sin clasificar
Microsoft
CVE-2026-46133 RDMA/rxe: Reject unknown opcodes before ICRC processing
Information published.
CVE-2026-46133
Sin clasificar
Microsoft
CVE-2026-46129 btrfs: fix double free in create_space_info() error path
Information published.
CVE-2026-46129
Sin clasificar
Microsoft
CVE-2026-46204 drm/amdgpu/vcn4: Prevent OOB reads when parsing IB
Information published.
CVE-2026-46204
Sin clasificar
Microsoft
CVE-2026-46156 LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()
Information published.
CVE-2026-46156
Sin clasificar
Microsoft
CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt
Information published.
CVE-2026-46138
Sin clasificar
Microsoft
CVE-2026-46187 wifi: rsi: fix kthread lifetime race between self-exit and external-stop
Information published.
CVE-2026-46187
Sin clasificar
Microsoft
CVE-2026-46167 usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl
Information published.
CVE-2026-46167
Sin clasificar
Microsoft
CVE-2026-46113 KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
Information published.
CVE-2026-46113
Sin clasificar
Microsoft
CVE-2026-46206 batman-adv: reject new tp_meter sessions during teardown
Information published.
CVE-2026-46206
Sin clasificar
Microsoft
CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3)
Information published.
CVE-2026-46130
Sin clasificar
Microsoft
CVE-2026-46119 libceph: Fix slab-out-of-bounds access in auth message processing
Information published.
CVE-2026-46119
Sin clasificar
Microsoft
CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size
Information published.
CVE-2026-46169
Sin clasificar
Microsoft
CVE-2026-46142 net: libwx: fix VF illegal register access
Information published.
CVE-2026-46142
Sin clasificar
Microsoft
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
Information published.
CVE-2026-46121
Sin clasificar
Microsoft
CVE-2026-46144 RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()
Information published.
CVE-2026-46144
Sin clasificar
Microsoft
CVE-2026-46184 sound: ua101: fix division by zero at probe
Information published.
CVE-2026-46184
Sin clasificar
Microsoft
CVE-2026-46174 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache
Information published.
CVE-2026-46174
Sin clasificar
Microsoft
CVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacks
Information published.
CVE-2026-46193
Sin clasificar
Microsoft
CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs
Information published.
CVE-2026-41184
Sin clasificar
Windows
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-26168
Sin clasificar
Windows
CVE-2026-24293 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-24293
Sin clasificar
Windows
CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-41088
Sin clasificar
Dynamics
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-42898
Baja
Microsoft
CVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary check
Information published.
CVE-2026-46062
Sin clasificar
Microsoft
CVE-2026-45930 net: mctp: ensure our nlmsg responses are initialised
Information published.
CVE-2026-45930
Sin clasificar
Microsoft
CVE-2026-46021 thermal: core: Fix thermal zone governor cleanup issues
Information published.
CVE-2026-46021
Sin clasificar
Microsoft
CVE-2026-46084 RDMA/mana_ib: Disable RX steering on RSS QP destroy
Information published.
CVE-2026-46084
Sin clasificar
Microsoft
CVE-2026-46004 ALSA: caiaq: Handle probe errors properly
Information published.
CVE-2026-46004
Sin clasificar
Microsoft
CVE-2026-46080 ocfs2: split transactions in dio completion to avoid credit exhaustion
Information published.
CVE-2026-46080
Sin clasificar
Microsoft
CVE-2026-45894 iommu/vt-d: Clear Present bit before tearing down PASID entry
Information published.
CVE-2026-45894
Sin clasificar
Microsoft
CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies
Information published.
CVE-2026-45840
Sin clasificar
Microsoft
CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks
Information published.
CVE-2026-46054
Sin clasificar
Microsoft
CVE-2026-45991 udf: fix partition descriptor append bookkeeping
Information published.
CVE-2026-45991
Sin clasificar
Microsoft
CVE-2026-46053 net: rds: fix MR cleanup on copy error
Information published.
CVE-2026-46053
Sin clasificar
Microsoft
CVE-2026-45835 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()
Information published.
CVE-2026-45835
Sin clasificar
Microsoft
CVE-2026-45834 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()
Information published.
CVE-2026-45834
Sin clasificar
Microsoft
CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given
Information published.
CVE-2026-45932
Sin clasificar
Microsoft
CVE-2026-45839 bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()
Information published.
CVE-2026-45839
Sin clasificar
Microsoft
CVE-2026-45940 net: stmmac: fix oops when split header is enabled
Information published.
CVE-2026-45940
Sin clasificar
Microsoft
CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory
Information published.
CVE-2026-45893
Sin clasificar
Microsoft
CVE-2026-46017 mm: fix deferred split queue races during migration
Information published.
CVE-2026-46017
Sin clasificar
Microsoft
CVE-2026-45986 crypto: ccree - fix a memory leak in cc_mac_digest()
Information published.
CVE-2026-45986
Sin clasificar
Microsoft
CVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()
Information published.
CVE-2026-46047
Sin clasificar
Microsoft
CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks
Information published.
CVE-2026-45850
Sin clasificar
Microsoft
CVE-2026-46052 ceph: only d_add() negative dentries when they are unhashed
Information published.
CVE-2026-46052
Sin clasificar
Microsoft
CVE-2026-46009 PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown
Information published.
CVE-2026-46009
Sin clasificar
Microsoft
CVE-2026-46043 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
Information published.
CVE-2026-46043
Sin clasificar
Microsoft
CVE-2026-46069 wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()
Information published.
CVE-2026-46069
Sin clasificar
Microsoft
CVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation
Information published.
CVE-2026-45859
Sin clasificar
Microsoft
CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT
Information published.
CVE-2026-46032
Sin clasificar
Microsoft
CVE-2026-46086 net: bridge: use a stable FDB dst snapshot in RCU readers
Information published.
CVE-2026-46086
Sin clasificar
Microsoft
CVE-2026-45861 gfs2: Fix slab-use-after-free in qd_put
Information published.
CVE-2026-45861
Sin clasificar
Microsoft
CVE-2026-46056 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
Information published.
CVE-2026-46056
Sin clasificar
Microsoft
CVE-2026-45998 rxrpc: Fix potential UAF after skb_unshare() failure
Information published.
CVE-2026-45998
Baja
Microsoft
CVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()
Information published.
CVE-2026-46023
Baja
Microsoft
CVE-2026-46006 drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
Information published.
CVE-2026-46006
Sin clasificar
Microsoft
CVE-2026-46219 spi: mpc52xx: fix use-after-free on unbind
Information published.
CVE-2026-46219
Sin clasificar
Microsoft
CVE-2026-46214 vsock/virtio: fix accept queue count leak on transport mismatch
Information published.
CVE-2026-46214
Sin clasificar
Microsoft
CVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-race
Information published.
CVE-2026-46137
Sin clasificar
Microsoft
CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length
Information published.
CVE-2026-46186
Sin clasificar
Microsoft
CVE-2026-46172 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()
Information published.
CVE-2026-46172
Sin clasificar
Microsoft
CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt
Information published.
CVE-2026-46168
Sin clasificar
Microsoft
CVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX path
Information published.
CVE-2026-46163
Baja
Microsoft
CVE-2026-46131 KVM: x86: check for nEPT/nNPT in slow flush hypercalls
Information published.
CVE-2026-46131
Sin clasificar
Microsoft
CVE-2026-46110 net: stmmac: Prevent NULL deref when RX memory exhausted
Information published.
CVE-2026-46110
Sin clasificar
Microsoft
CVE-2026-46128 ipmi: Check event message buffer response for bad data
Information published.
CVE-2026-46128
Sin clasificar
Microsoft
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Information published.
CVE-2026-42250
Sin clasificar
Microsoft
CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails
Information published.
CVE-2026-46191
Sin clasificar
Microsoft
CVE-2026-46159 btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak
Information published.
CVE-2026-46159
Sin clasificar
Microsoft
CVE-2026-46226 spi: fsl: fix controller deregistration
Information published.
CVE-2026-46226
Sin clasificar
Microsoft
CVE-2026-46165 openvswitch: vport: fix self-deadlock on release of tunnel ports
Information published.
CVE-2026-46165
Sin clasificar
Microsoft
CVE-2026-46158 mptcp: pm: ADD_ADDR rtx: always decrease sk refcount
Information published.
CVE-2026-46158
Sin clasificar
Microsoft
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
Information published.
CVE-2026-46232
Sin clasificar
Microsoft
CVE-2026-46197 drm/amdkfd: validate SVM ioctl nattr against buffer size
Information published.
CVE-2026-46197
Sin clasificar
Microsoft
CVE-2026-46220 drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
Information published.
CVE-2026-46220
Baja
Microsoft
CVE-2026-46107 dm-thin: fix metadata refcount underflow
Information published.
CVE-2026-46107
Sin clasificar
Microsoft
CVE-2026-46176 RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()
Information published.
CVE-2026-46176
Sin clasificar
Microsoft
CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
Information published.
CVE-2026-46149
Sin clasificar
Microsoft
CVE-2026-46208 batman-adv: stop tp_meter sessions during mesh teardown
Information published.
CVE-2026-46208
Sin clasificar
Microsoft
CVE-2026-46116 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
Information published.
CVE-2026-46116
Sin clasificar
Microsoft
CVE-2026-46225 spi: rspi: fix controller deregistration
Information published.
CVE-2026-46225
Media
Microsoft
CVE-2026-46236 media: rc: xbox_remote: heed DMA restrictions
Information published.
CVE-2026-46236
Sin clasificar
Microsoft
CVE-2026-46164 btrfs: fix double free in create_space_info_sub_group() error path
Information published.
CVE-2026-46164
Media
Microsoft
CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups
Information published.
CVE-2026-46235
Sin clasificar
Microsoft
CVE-2026-46127 RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()
Information published.
CVE-2026-46127
Sin clasificar
Microsoft
CVE-2026-46177 ipmi: Add limits to event and receive message requests
Information published.
CVE-2026-46177
Sin clasificar
Microsoft
CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()
Information published.
CVE-2026-46155
Sin clasificar
Microsoft
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
Information published.
CVE-2026-46157
Baja
Microsoft
CVE-2026-46136 wifi: mt76: mt7921: fix a potential clc buffer length underflow
Information published.
CVE-2026-46136
Sin clasificar
Microsoft
CVE-2026-46132 net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo
Information published.
CVE-2026-46132
Sin clasificar
Microsoft
CVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if last
Information published.
CVE-2026-46170
Sin clasificar
Microsoft
CVE-2026-46190 mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
Information published.
CVE-2026-46190
Sin clasificar
Microsoft
CVE-2026-46230 drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg
Information published.
CVE-2026-46230
Sin clasificar
Microsoft
CVE-2026-46175 f2fs: fix fsck inconsistency caused by FGGC of node block
Information published.
CVE-2026-46175
Sin clasificar
Microsoft
CVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_put
Information published.
CVE-2026-46123
Sin clasificar
Microsoft
CVE-2026-46238 batman-adv: stop caching unowned originator pointers in BAT IV
Information published.
CVE-2026-46238
Sin clasificar
Microsoft
CVE-2026-46120 ip6_gre: Use cached t->net in ip6erspan_changelink().
Information published.
CVE-2026-46120
Sin clasificar
Microsoft
CVE-2026-46108 ipmi:si: Return state to normal if message allocation fails
Information published.
CVE-2026-46108
Sin clasificar
Microsoft
CVE-2026-46152 wifi: mac80211: drop stray 'static' from fast-RX rx_result
Information published.
CVE-2026-46152
Sin clasificar
Microsoft
CVE-2026-46112 RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
Information published.
CVE-2026-46112
Sin clasificar
Microsoft
CVE-2026-46114 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads
Information published.
CVE-2026-46114
Sin clasificar
Microsoft
CVE-2026-46122 wifi: b43: enforce bounds check on firmware key index in b43_rx()
Information published.
CVE-2026-46122
Sin clasificar
Microsoft
CVE-2026-46146 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()
Information published.
CVE-2026-46146
Sin clasificar
Microsoft
CVE-2026-46125 wifi: mac80211: remove station if connection prep fails
Information published.
CVE-2026-46125
Sin clasificar
Microsoft
CVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
Information published.
CVE-2026-46227
Sin clasificar
Microsoft
CVE-2026-46153 8021q: delete cleared egress QoS mappings
Information published.
CVE-2026-46153
Sin clasificar
Microsoft
CVE-2026-46150 fanotify: fix false positive on permission events
Information published.
CVE-2026-46150
Sin clasificar
Microsoft
CVE-2026-46241 spi: mpc52xx: fix use-after-free on registration failure
Information published.
CVE-2026-46241
Sin clasificar
Microsoft
CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()
Information published.
CVE-2026-46147
Sin clasificar
Microsoft
CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown
Information published.
CVE-2026-46135
Sin clasificar
Microsoft
CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory
Information published.
CVE-2026-42496
Sin clasificar
Microsoft
CVE-2026-46189 RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
Information published.
CVE-2026-46189
Baja
Microsoft
CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Information published.
CVE-2026-9538
Sin clasificar
Microsoft
CVE-2026-46199 drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg
Information published.
CVE-2026-46199
Sin clasificar
Microsoft
CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response
Information published.
CVE-2026-46151
Sin clasificar
Microsoft
CVE-2026-42497 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory
Information published.
CVE-2026-42497
Sin clasificar
Microsoft
CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget
Information published.
CVE-2026-46124
Sin clasificar
Microsoft
CVE-2026-46106 eventfs: Hold eventfs_mutex and SRCU when remount walks events
Information published.
CVE-2026-46106
Sin clasificar
Microsoft
CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
Information published.
CVE-2026-46181
Sin clasificar
Microsoft
CVE-2026-46178 RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()
Information published.
CVE-2026-46178
Sin clasificar
Microsoft
CVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()
Information published.
CVE-2026-45989
Media
Microsoft
CVE-2026-46091 media: rc: igorplugusb: heed coherency rules
Information published.
CVE-2026-46091
Sin clasificar
Microsoft
CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()
Information published.
CVE-2026-45846
Sin clasificar
Microsoft
CVE-2026-46089 zram: do not forget to endio for partial discard requests
Information published.
CVE-2026-46089
Sin clasificar
Microsoft
CVE-2026-46033 crypto: authencesn - reject short ahash digests during instance creation
Information published.
CVE-2026-46033
Sin clasificar
Microsoft
CVE-2026-46044 ipmi:ssif: Clean up kthread on errors
Information published.
CVE-2026-46044
Sin clasificar
Microsoft
CVE-2026-46072 ntfs3: add buffer boundary checks to run_unpack()
Information published.
CVE-2026-46072
Sin clasificar
Microsoft
CVE-2026-46099 net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
Information published.
CVE-2026-46099
Sin clasificar
Microsoft
CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation
Information published.
CVE-2026-45934
Sin clasificar
Microsoft
CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop
Information published.
CVE-2026-46090
Sin clasificar
Microsoft
CVE-2026-45993 LoongArch: Add spectre boundry for syscall dispatch table
Information published.
CVE-2026-45993
Sin clasificar
Microsoft
CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
Information published.
CVE-2026-46076
Sin clasificar
Microsoft
CVE-2026-46094 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access
Information published.
CVE-2026-46094
Sin clasificar
Microsoft
CVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insert
Information published.
CVE-2026-46231
Sin clasificar
Microsoft
CVE-2026-46200 spi: mpc52xx: fix controller deregistration
Information published.
CVE-2026-46200
Sin clasificar
Microsoft
CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
Information published.
CVE-2026-46209
Sin clasificar
Microsoft
CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually
Information published.
CVE-2026-46148
Baja
Microsoft
CVE-2026-46198 batman-adv: fix integer overflow on buff_pos
Information published.
CVE-2026-46198
Sin clasificar
Microsoft
CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync
Information published.
CVE-2026-46111
Sin clasificar
Microsoft
CVE-2026-46195 smb: client: validate dacloffset before building DACL pointers
Information published.
CVE-2026-46195
Sin clasificar
Microsoft
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback
Information published.
CVE-2026-46194
Sin clasificar
Microsoft
CVE-2026-46109 usb: ulpi: fix memory leak on ulpi_register() error paths
Information published.
CVE-2026-46109
Sin clasificar
Microsoft
CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
Information published.
CVE-2026-46229
Sin clasificar
Microsoft
CVE-2026-46173 exit: prevent preemption of oopsing TASK_DEAD task
Information published.
CVE-2026-46173
Sin clasificar
Microsoft
CVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directory
Information published.
CVE-2026-46160
Sin clasificar
Microsoft
CVE-2026-46180 wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task
Information published.
CVE-2026-46180
Sin clasificar
Microsoft
CVE-2026-46115 block: add pgmap check to biovec_phys_mergeable
Information published.
CVE-2026-46115
Sin clasificar
Microsoft
CVE-2026-46185 smb/client: fix out-of-bounds read in symlink_data()
Information published.
CVE-2026-46185
Sin clasificar
Microsoft
CVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
Information published.
CVE-2026-46161
Sin clasificar
Microsoft
CVE-2026-46212 batman-adv: bla: prevent use-after-free when deleting claims
Information published.
CVE-2026-46212
Media
Microsoft
CVE-2026-46205 staging: media: atomisp: Disallow all private IOCTLs
Information published.
CVE-2026-46205
Sin clasificar
Microsoft
CVE-2026-46234 vsock: fix buffer size clamping order
Information published.
CVE-2026-46234
Sin clasificar
Microsoft
CVE-2026-46171 riscv: kvm: fix vector context allocation leak
Information published.
CVE-2026-46171
Baja
Microsoft
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams
Information published.
CVE-2026-46179
Sin clasificar
Microsoft
CVE-2026-46196 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()
Information published.
CVE-2026-46196
Sin clasificar
Microsoft
CVE-2026-46143 ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens
Information published.
CVE-2026-46143
Sin clasificar
Microsoft
CVE-2026-46145 RDMA/mana: Validate rx_hash_key_len
Information published.
CVE-2026-46145
Sin clasificar
Microsoft
CVE-2026-46133 RDMA/rxe: Reject unknown opcodes before ICRC processing
Information published.
CVE-2026-46133
Sin clasificar
Microsoft
CVE-2026-46129 btrfs: fix double free in create_space_info() error path
Information published.
CVE-2026-46129
Sin clasificar
Microsoft
CVE-2026-46218 drm/amdgpu: Add bounds checking to ib_{get,set}_value
Information published.
CVE-2026-46218
Sin clasificar
Microsoft
CVE-2026-46204 drm/amdgpu/vcn4: Prevent OOB reads when parsing IB
Information published.
CVE-2026-46204
Sin clasificar
Microsoft
CVE-2026-46233 batman-adv: bla: only purge non-released claims
Information published.
CVE-2026-46233
Sin clasificar
Microsoft
CVE-2026-46156 LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()
Information published.
CVE-2026-46156
Sin clasificar
Microsoft
CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt
Information published.
CVE-2026-46138
Sin clasificar
Microsoft
CVE-2026-46187 wifi: rsi: fix kthread lifetime race between self-exit and external-stop
Information published.
CVE-2026-46187
Sin clasificar
Microsoft
CVE-2026-46167 usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl
Information published.
CVE-2026-46167
Sin clasificar
Microsoft
CVE-2026-46113 KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
Information published.
CVE-2026-46113
Sin clasificar
Microsoft
CVE-2026-46206 batman-adv: reject new tp_meter sessions during teardown
Information published.
CVE-2026-46206
Sin clasificar
Microsoft
CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3)
Information published.
CVE-2026-46130
Sin clasificar
Microsoft
CVE-2026-46119 libceph: Fix slab-out-of-bounds access in auth message processing
Information published.
CVE-2026-46119
Sin clasificar
Microsoft
CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size
Information published.
CVE-2026-46169
Sin clasificar
Microsoft
CVE-2026-46142 net: libwx: fix VF illegal register access
Information published.
CVE-2026-46142
Sin clasificar
Microsoft
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
Information published.
CVE-2026-46121
Sin clasificar
Microsoft
CVE-2026-46144 RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()
Information published.
CVE-2026-46144
Sin clasificar
Microsoft
CVE-2026-46184 sound: ua101: fix division by zero at probe
Information published.
CVE-2026-46184
Sin clasificar
Microsoft
CVE-2026-46174 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache
Information published.
CVE-2026-46174
Sin clasificar
Microsoft
CVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacks
Information published.
CVE-2026-46193
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Information published.
CVE-2026-27136
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Baja
Microsoft
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Information published.
CVE-2026-46597
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Information published.
CVE-2026-39828
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Baja
Microsoft
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Information published.
CVE-2026-9150
Baja
Microsoft
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
Information published.
CVE-2026-9149
Sin clasificar
Microsoft
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Information published.
CVE-2026-5222
Sin clasificar
Microsoft
CVE-2026-46050 md/raid10: fix deadlock with check operation and nowait requests
Information published.
CVE-2026-46050
Media
Microsoft
CVE-2026-46011 media: mtk-jpeg: fix use-after-free in release path due to uncancelled work
Information published.
CVE-2026-46011
Sin clasificar
Microsoft
CVE-2026-45877 HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients
Information published.
CVE-2026-45877
Sin clasificar
Microsoft
CVE-2026-45917 ipvs: do not keep dest_dst if dev is going down
Information published.
CVE-2026-45917
Sin clasificar
Microsoft
CVE-2026-45841 netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO
Information published.
CVE-2026-45841
Baja
Microsoft
CVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary check
Information published.
CVE-2026-46062
Sin clasificar
Microsoft
CVE-2026-46005 xfs: fix a resource leak in xfs_alloc_buftarg()
Information published.
CVE-2026-46005
Sin clasificar
Microsoft
CVE-2026-45930 net: mctp: ensure our nlmsg responses are initialised
Information published.
CVE-2026-45930
Sin clasificar
Microsoft
CVE-2026-46021 thermal: core: Fix thermal zone governor cleanup issues
Information published.
CVE-2026-46021
Sin clasificar
Microsoft
CVE-2026-46037 ipv4: icmp: validate reply type before using icmp_pointers
Information published.
CVE-2026-46037
Sin clasificar
Microsoft
CVE-2026-46084 RDMA/mana_ib: Disable RX steering on RSS QP destroy
Information published.
CVE-2026-46084
Sin clasificar
Microsoft
CVE-2026-46012 rxrpc: Fix memory leaks in rxkad_verify_response()
Information published.
CVE-2026-46012
Sin clasificar
Microsoft
CVE-2026-46085 rxrpc: Fix rxkad crypto unalignment handling
Information published.
CVE-2026-46085
Sin clasificar
Microsoft
CVE-2026-46059 KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN
Information published.
CVE-2026-46059
Sin clasificar
Microsoft
CVE-2026-46004 ALSA: caiaq: Handle probe errors properly
Information published.
CVE-2026-46004
Sin clasificar
Microsoft
CVE-2026-45901 netfilter: nf_tables: revert commit_mutex usage in reset path
Information published.
CVE-2026-45901
Sin clasificar
Microsoft
CVE-2026-46080 ocfs2: split transactions in dio completion to avoid credit exhaustion
Information published.
CVE-2026-46080
Sin clasificar
Microsoft
CVE-2026-45894 iommu/vt-d: Clear Present bit before tearing down PASID entry
Information published.
CVE-2026-45894
Sin clasificar
Microsoft
CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies
Information published.
CVE-2026-45840
Sin clasificar
Microsoft
CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks
Information published.
CVE-2026-46054
Sin clasificar
Microsoft
CVE-2026-45991 udf: fix partition descriptor append bookkeeping
Information published.
CVE-2026-45991
Sin clasificar
Microsoft
CVE-2026-46027 net/smc: avoid early lgr access in smc_clc_wait_msg
Information published.
CVE-2026-46027
Sin clasificar
Microsoft
CVE-2026-46088 ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()
Information published.
CVE-2026-46088
Sin clasificar
Microsoft
CVE-2026-46051 md/raid5: fix soft lockup in retry_aligned_read()
Information published.
CVE-2026-46051
Sin clasificar
Microsoft
CVE-2026-46053 net: rds: fix MR cleanup on copy error
Information published.
CVE-2026-46053
Sin clasificar
Microsoft
CVE-2026-46018 ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES
Information published.
CVE-2026-46018
Sin clasificar
Microsoft
CVE-2026-45835 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()
Information published.
CVE-2026-45835
Sin clasificar
Microsoft
CVE-2026-45834 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()
Information published.
CVE-2026-45834
Sin clasificar
Microsoft
CVE-2026-45944 iommu/vt-d: Clear Present bit before tearing down context entry
Information published.
CVE-2026-45944
Sin clasificar
Microsoft
CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given
Information published.
CVE-2026-45932
Sin clasificar
Microsoft
CVE-2026-45836 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()
Information published.
CVE-2026-45836
Sin clasificar
Microsoft
CVE-2026-45961 gfs2: fix memory leaks in gfs2_fill_super error path
Information published.
CVE-2026-45961
Sin clasificar
Microsoft
CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments
Information published.
CVE-2026-44844
Sin clasificar
Microsoft
CVE-2026-45839 bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()
Information published.
CVE-2026-45839
Sin clasificar
Microsoft
CVE-2026-45940 net: stmmac: fix oops when split header is enabled
Information published.
CVE-2026-45940
Sin clasificar
Microsoft
CVE-2026-44708 Mistune Math Plugin XSS Escape Bypass
Information published.
CVE-2026-44708
Sin clasificar
Microsoft
CVE-2026-44897 Mistune Heading ID Attribute Injection XSS
Information published.
CVE-2026-44897
Sin clasificar
Microsoft
CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory
Information published.
CVE-2026-45893
Sin clasificar
Microsoft
CVE-2026-45943 erofs: fix inline data read failure for ztailpacking pclusters
Information published.
CVE-2026-45943
Sin clasificar
Microsoft
CVE-2026-46017 mm: fix deferred split queue races during migration
Information published.
CVE-2026-46017
Sin clasificar
Microsoft
CVE-2026-45897 netfilter: nft_counter: serialize reset with spinlock
Information published.
CVE-2026-45897
Sin clasificar
Microsoft
CVE-2026-45997 scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails
Information published.
CVE-2026-45997
Sin clasificar
Microsoft
CVE-2026-45986 crypto: ccree - fix a memory leak in cc_mac_digest()
Information published.
CVE-2026-45986
Sin clasificar
Microsoft
CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()
Information published.
CVE-2026-47104
Sin clasificar
Microsoft
CVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()
Information published.
CVE-2026-46047
Sin clasificar
Microsoft
CVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directories
Information published.
CVE-2026-45571
Sin clasificar
Microsoft
CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks
Information published.
CVE-2026-45850
Sin clasificar
Microsoft
CVE-2026-46052 ceph: only d_add() negative dentries when they are unhashed
Information published.
CVE-2026-46052
Sin clasificar
Microsoft
CVE-2026-46009 PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown
Information published.
CVE-2026-46009
Sin clasificar
Microsoft
CVE-2026-46070 md/raid5: validate payload size before accessing journal metadata
Information published.
CVE-2026-46070
Sin clasificar
Microsoft
CVE-2026-46043 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
Information published.
CVE-2026-46043
Sin clasificar
Microsoft
CVE-2026-45994 ibmasm: fix OOB reads in command_file_write due to missing size checks
Information published.
CVE-2026-45994
Sin clasificar
Microsoft
CVE-2026-46069 wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()
Information published.
CVE-2026-46069
Sin clasificar
Microsoft
CVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation
Information published.
CVE-2026-45859
Sin clasificar
Microsoft
CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT
Information published.
CVE-2026-46032
Sin clasificar
Microsoft
CVE-2026-46101 netfilter: reject zero shift in nft_bitwise
Information published.
CVE-2026-46101
Sin clasificar
Microsoft
CVE-2026-46014 KVM: SVM: Add missing save/restore handling of LBR MSRs
Information published.
CVE-2026-46014
Sin clasificar
Microsoft
CVE-2026-45845 net/sched: taprio: fix NULL pointer dereference in class dump
Information published.
CVE-2026-45845
Sin clasificar
Microsoft
CVE-2026-46086 net: bridge: use a stable FDB dst snapshot in RCU readers
Information published.
CVE-2026-46086
Sin clasificar
Microsoft
CVE-2026-46065 fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info
Information published.
CVE-2026-46065
Sin clasificar
Microsoft
CVE-2026-46098 net: caif: clear client service pointer on teardown
Information published.
CVE-2026-46098
Sin clasificar
Microsoft
CVE-2026-45861 gfs2: Fix slab-use-after-free in qd_put
Information published.
CVE-2026-45861
Sin clasificar
Microsoft
CVE-2026-46077 crypto: atmel-tdes - fix DMA sync direction
Information published.
CVE-2026-46077
Sin clasificar
Microsoft
CVE-2026-46063 x86/shstk: Prevent deadlock during shstk sigreturn
Information published.
CVE-2026-46063
Sin clasificar
Microsoft
CVE-2026-46056 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
Information published.
CVE-2026-46056
Sin clasificar
Microsoft
CVE-2026-45956 drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()
Information published.
CVE-2026-45956
Sin clasificar
Microsoft
CVE-2026-46068 crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
Information published.
CVE-2026-46068
Sin clasificar
Microsoft
CVE-2026-45843 slip: bound decode() reads against the compressed packet length
Information published.
CVE-2026-45843
Sin clasificar
Microsoft
CVE-2026-46024 libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()
Information published.
CVE-2026-46024
Sin clasificar
Microsoft
CVE-2026-45963 ASoC: nau8821: Cancel delayed work on component remove
Information published.
CVE-2026-45963
Sin clasificar
Microsoft
CVE-2026-45998 rxrpc: Fix potential UAF after skb_unshare() failure
Information published.
CVE-2026-45998
Baja
Microsoft
CVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()
Information published.
CVE-2026-46023
Sin clasificar
Microsoft
CVE-2026-45844 netfilter: arp_tables: fix IEEE1394 ARP payload parsing
Information published.
CVE-2026-45844
Sin clasificar
Microsoft
CVE-2026-45892 ext4: drop extent cache after doing PARTIAL_VALID1 zeroout
Information published.
CVE-2026-45892
Sin clasificar
Microsoft
CVE-2026-46022 misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()
Information published.
CVE-2026-46022
Sin clasificar
Microsoft
CVE-2026-46102 net: strparser: fix skb_head leak in strp_abort_strp()
Information published.
CVE-2026-46102
Sin clasificar
Microsoft
CVE-2026-46016 remoteproc: xlnx: Only access buffer information if IPI is buffered
Information published.
CVE-2026-46016
Sin clasificar
Microsoft
CVE-2026-46000 rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
Information published.
CVE-2026-46000
Sin clasificar
Microsoft
CVE-2025-71305 drm/display/dp_mst: Add protection against 0 vcpi
Information published.
CVE-2025-71305
Baja
Microsoft
CVE-2026-46006 drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
Information published.
CVE-2026-46006
Sin clasificar
Microsoft
CVE-2026-46003 net: qrtr: ns: Limit the total number of nodes
Information published.
CVE-2026-46003
Sin clasificar
Microsoft
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
CVE-2026-25680
Sin clasificar
Microsoft
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Information published.
CVE-2026-5223
Sin clasificar
Microsoft
CVE-2026-46048 ALSA: caiaq: fix usb_dev refcount leak on probe failure
Information published.
CVE-2026-46048
Sin clasificar
Microsoft
CVE-2026-46002 ext2: reject inodes with zero i_nlink and valid mode in ext2_iget()
Information published.
CVE-2026-46002
Sin clasificar
Microsoft
CVE-2026-46078 erofs: fix the out-of-bounds nameoff handling for trailing dirents
Information published.
CVE-2026-46078
Sin clasificar
Microsoft
CVE-2026-46064 ibmasm: fix heap over-read in ibmasm_send_i2o_message()
Information published.
CVE-2026-46064
Sin clasificar
Microsoft
CVE-2026-46075 crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path
Information published.
CVE-2026-46075
Sin clasificar
Microsoft
CVE-2026-45973 RDMA/mlx5: Fix UMR hang in LAG error state unload
Information published.
CVE-2026-45973
Sin clasificar
Microsoft
CVE-2026-45838 bpf: fix end-of-list detection in cgroup_storage_get_next_key()
Information published.
CVE-2026-45838
Sin clasificar
Microsoft
CVE-2026-45899 ext4: drop extent cache when splitting extent fails
Information published.
CVE-2026-45899
Sin clasificar
Microsoft
CVE-2026-46071 KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12
Information published.
CVE-2026-46071
Sin clasificar
Microsoft
CVE-2026-46049 ALSA: ctxfi: Add fallback to default RSR for S/PDIF
Information published.
CVE-2026-46049
Sin clasificar
Microsoft
CVE-2026-46066 ceph: fix num_ops off-by-one when crypto allocation fails
Information published.
CVE-2026-46066
Sin clasificar
Microsoft
CVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()
Information published.
CVE-2026-45989
Sin clasificar
Microsoft
CVE-2026-45855 ata: libata-scsi: avoid Non-NCQ command starvation
Information published.
CVE-2026-45855
Media
Microsoft
CVE-2026-46058 media: amphion: Fix race between m2m job_abort and device_run
Information published.
CVE-2026-46058
Sin clasificar
Microsoft
CVE-2026-46031 net: ks8851: Reinstate disabling of BHs around IRQ handler
Information published.
CVE-2026-46031
Sin clasificar
Microsoft
CVE-2026-45912 ext4: don't cache extent during splitting extent
Information published.
CVE-2026-45912
Baja
Microsoft
CVE-2026-45999 erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()
Information published.
CVE-2026-45999
Sin clasificar
Microsoft
CVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directive
Information published.
CVE-2026-44896
Media
Microsoft
CVE-2026-46091 media: rc: igorplugusb: heed coherency rules
Information published.
CVE-2026-46091
Sin clasificar
Microsoft
CVE-2026-45958 drm/exynos: vidi: fix to avoid directly dereferencing user pointer
Information published.
CVE-2026-45958
Sin clasificar
Microsoft
CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()
Information published.
CVE-2026-45846
Sin clasificar
Microsoft
CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability
Information published.
CVE-2026-44899
Sin clasificar
Microsoft
CVE-2026-44898 Mistune TOC Anchor Injection XSS
Information published.
CVE-2026-44898
Sin clasificar
Microsoft
CVE-2026-46089 zram: do not forget to endio for partial discard requests
Information published.
CVE-2026-46089
Sin clasificar
Microsoft
CVE-2026-46033 crypto: authencesn - reject short ahash digests during instance creation
Information published.
CVE-2026-46033
Sin clasificar
Microsoft
CVE-2026-46046 ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()
Information published.
CVE-2026-46046
Sin clasificar
Microsoft
CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()
Information published.
CVE-2026-23679
Sin clasificar
Microsoft
CVE-2026-45570 go-git: Improper single-quote escaping in go-git SSH transport
Information published.
CVE-2026-45570
Sin clasificar
Microsoft
CVE-2026-46038 net: qrtr: ns: Free the node during ctrl_cmd_bye()
Information published.
CVE-2026-46038
Sin clasificar
Microsoft
CVE-2026-46040 inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails
Information published.
CVE-2026-46040
Sin clasificar
Microsoft
CVE-2026-45988 rxrpc: Fix re-decryption of RESPONSE packets
Information published.
CVE-2026-45988
Sin clasificar
Microsoft
CVE-2026-45996 spi: imx: fix use-after-free on unbind
Information published.
CVE-2026-45996
Sin clasificar
Microsoft
CVE-2026-45942 ext4: fix e4b bitmap inconsistency reports
Information published.
CVE-2026-45942
Sin clasificar
Microsoft
CVE-2026-46019 crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup
Information published.
CVE-2026-46019
Sin clasificar
Microsoft
CVE-2026-46103 can: ucan: fix devres lifetime
Information published.
CVE-2026-46103
Sin clasificar
Microsoft
CVE-2026-46092 wifi: rtw88: check for PCI upstream bridge existence
Information published.
CVE-2026-46092
Sin clasificar
Microsoft
CVE-2026-45842 slip: reject VJ receive packets on instances with no rstate array
Information published.
CVE-2026-45842
Sin clasificar
Microsoft
CVE-2026-45949 hwrng: core - use RCU and work_struct to fix race condition
Information published.
CVE-2026-45949
Sin clasificar
Microsoft
CVE-2026-46044 ipmi:ssif: Clean up kthread on errors
Information published.
CVE-2026-46044
Sin clasificar
Microsoft
CVE-2026-46072 ntfs3: add buffer boundary checks to run_unpack()
Information published.
CVE-2026-46072
Sin clasificar
Microsoft
CVE-2026-46079 rbd: fix null-ptr-deref when device_add_disk() fails
Information published.
CVE-2026-46079
Sin clasificar
Microsoft
CVE-2026-46099 net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
Information published.
CVE-2026-46099
Sin clasificar
Microsoft
CVE-2026-46083 spi: fix resource leaks on device setup failure
Information published.
CVE-2026-46083
Sin clasificar
Microsoft
CVE-2026-45987 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2
Information published.
CVE-2026-45987
Sin clasificar
Microsoft
CVE-2026-46015 tcp: call sk_data_ready() after listener migration
Information published.
CVE-2026-46015
Sin clasificar
Microsoft
CVE-2026-45858 ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1
Information published.
CVE-2026-45858
Sin clasificar
Microsoft
CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation
Information published.
CVE-2026-45934
Sin clasificar
Microsoft
CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop
Information published.
CVE-2026-46090
Sin clasificar
Microsoft
CVE-2026-46082 KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0
Information published.
CVE-2026-46082
Sin clasificar
Microsoft
CVE-2026-45993 LoongArch: Add spectre boundry for syscall dispatch table
Information published.
CVE-2026-45993
Sin clasificar
Microsoft
CVE-2026-46026 net: qrtr: ns: Limit the maximum number of lookups
Information published.
CVE-2026-46026
Sin clasificar
Microsoft
CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
Information published.
CVE-2026-46076
Sin clasificar
Microsoft
CVE-2026-46094 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access
Information published.
CVE-2026-46094
Sin clasificar
Microsoft
CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
Information published.
CVE-2026-40226
Sin clasificar
Microsoft
CVE-2026-40225 In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
Information published.
CVE-2026-40225
Sin clasificar
Microsoft
CVE-2026-4893 CVE-2026-4893
Information published.
CVE-2026-4893
Sin clasificar
Microsoft
CVE-2026-2291 CVE-2026-2291
Information published.
CVE-2026-2291
Sin clasificar
Microsoft
CVE-2026-5172 CVE-2026-5172
Information published.
CVE-2026-5172
Sin clasificar
Microsoft
CVE-2026-4890 CVE-2026-4890
Information published.
CVE-2026-4890
Sin clasificar
Microsoft
CVE-2026-43503 net: skbuff: propagate shared-frag marker through frag-transfer helpers
Information published.
CVE-2026-43503
Sin clasificar
Microsoft
CVE-2026-46300 net: skbuff: preserve shared-frag marker during coalescing
Information published.
CVE-2026-46300
Sin clasificar
Microsoft
CVE-2026-41401 libyang - Heap Use-After-Free Write in XML Metadata Parsing
Information published.
CVE-2026-41401
Sin clasificar
Microsoft
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42506
Baja
Windows
CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows
Information published.
CVE-2026-39824
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Information published.
CVE-2026-27136
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39829
Sin clasificar
Microsoft
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
Information published.
CVE-2026-39830
Baja
Microsoft
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Information published.
CVE-2026-46597
Sin clasificar
Microsoft
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
Information published.
CVE-2026-39831
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
Information published.
CVE-2026-39834
Sin clasificar
Microsoft
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Information published.
CVE-2026-39828
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Sin clasificar
Microsoft
CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
Information published.
CVE-2026-46595
Sin clasificar
Microsoft
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-39833
Sin clasificar
Microsoft
CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
Information published.
CVE-2026-42508
Baja
Microsoft
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Information published.
CVE-2026-9150
Baja
Microsoft
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
Information published.
CVE-2026-9149
Sin clasificar
Microsoft
CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability
Information published.
CVE-2026-9256
Sin clasificar
Microsoft
CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Information published.
CVE-2026-6402
Sin clasificar
Microsoft
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Information published.
CVE-2026-5222
Sin clasificar
Microsoft
CVE-2026-4891 CVE-2026-4891
Information published.
CVE-2026-4891
Sin clasificar
Microsoft
CVE-2026-8711 NGINX JavaScript vulnerability
Information published.
CVE-2026-8711
Baja
Microsoft
CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds
Information published.
CVE-2026-8376
Sin clasificar
Microsoft
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Information published.
CVE-2026-39821
Sin clasificar
Microsoft
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
CVE-2026-25680
Sin clasificar
Microsoft
CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-39832
Sin clasificar
Microsoft
CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
Information published.
CVE-2026-8466
Sin clasificar
Microsoft
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Information published.
CVE-2026-5223
Sin clasificar
Microsoft Edge
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CWE added. Informational change only.
CVE-2026-45495
Sin clasificar
Defender
CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability
CWE added. Informational change only.
CVE-2026-45498
Sin clasificar
Defender
CVE-2026-41091 Microsoft Defender Elevation of Privilege Vulnerability
In the Security Updates table, added links to the Release Notes. This is an informational change only.
CVE-2026-41091
Sin clasificar
Defender
CVE-2026-45584 Microsoft Defender Remote Code Execution Vulnerability
In the Security Updates table, added links to the Release Notes. This is an informational change only.
CVE-2026-45584
Sin clasificar
SharePoint
CVE-2026-45659 Microsoft SharePoint Remote Code Execution Vulnerability
Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who ha...
CVE-2026-45659
Sin clasificar
Microsoft
CVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leak
Information published.
CVE-2025-3198
Baja
Microsoft
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
Information published.
CVE-2025-1176
Sin clasificar
Microsoft
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
Information published.
CVE-2025-1178
Sin clasificar
Microsoft
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Information published.
CVE-2026-1502
Sin clasificar
Microsoft
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Information published.
CVE-2026-33814
Sin clasificar
Microsoft
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
Information published.
CVE-2026-7790
Sin clasificar
Microsoft
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Information published.
CVE-2026-43968
Sin clasificar
Microsoft
CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks
Information published.
CVE-2026-44283
Sin clasificar
Microsoft
CVE-2026-43029 mptcp: fix soft lockup in mptcp_recvmsg()
Information published.
CVE-2026-43029
Sin clasificar
Microsoft
CVE-2026-43414 scsi: qla2xxx: Completely fix fcport double free
Information published.
CVE-2026-43414
Sin clasificar
Microsoft
CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit
Information published.
CVE-2026-41054
Sin clasificar
Microsoft
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
Information published.
CVE-2025-68768
Sin clasificar
Microsoft
CVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW error
Information published.
CVE-2025-38096
Baja
Microsoft
CVE-2025-51480 Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.
Information published.
CVE-2025-51480
Sin clasificar
Microsoft
CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs
Information published.
CVE-2025-38140
Sin clasificar
Microsoft
CVE-2026-41035 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
Information published.
CVE-2026-41035
Sin clasificar
Microsoft
CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
Information published.
CVE-2026-7246
Baja
Microsoft
CVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflow
Information published.
CVE-2026-44673
Sin clasificar
Microsoft
CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls
Information published.
CVE-2026-43619
Baja
Microsoft
CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure
Information published.
CVE-2026-43618
Sin clasificar
Microsoft
CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
Information published.
CVE-2026-43620
Sin clasificar
Microsoft
CVE-2026-32792 Packet of death with DNSCrypt
Information published.
CVE-2026-32792
Sin clasificar
Microsoft
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section
Information published.
CVE-2026-42960
Sin clasificar
Microsoft
CVE-2026-42959 Crash during DNSSEC validation of malicious content
Information published.
CVE-2026-42959
Sin clasificar
Microsoft
CVE-2026-44608 Use after free and crash under special conditions in RPZ code
Information published.
CVE-2026-44608
Sin clasificar
Microsoft
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation
Information published.
CVE-2026-33278
Sin clasificar
Microsoft
CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations
Information published.
CVE-2026-42923
Sin clasificar
Microsoft
CVE-2026-3039 BIND 9 server memory exhaustion during GSS-API TKEY negotiation
Information published.
CVE-2026-3039
Sin clasificar
Microsoft
CVE-2026-3592 Amplification vulnerabilities via self-pointed glue records
Information published.
CVE-2026-3592
Sin clasificar
Microsoft
CVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
Information published.
CVE-2026-3593
Sin clasificar
Microsoft
CVE-2026-5946 Invalid handling of CLASS != IN
Information published.
CVE-2026-5946
Sin clasificar
Microsoft
CVE-2026-5950 Unbounded resend loop in BIND 9 resolver
Information published.
CVE-2026-5950
Sin clasificar
Microsoft
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
Information published.
CVE-2026-42009
Sin clasificar
Microsoft
CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit
Information published.
CVE-2026-41054
Sin clasificar
Microsoft
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Information published.
CVE-2026-8723
Baja
Microsoft
CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading
Information published.
CVE-2025-14575
Sin clasificar
Microsoft
CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution
Information published.
CVE-2026-43617
Sin clasificar
Microsoft
CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy
Information published.
CVE-2026-45232
Baja
Microsoft
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
Information published.
CVE-2026-29518
Sin clasificar
Microsoft
CVE-2026-41292 Long list of incoming EDNS options degrades performance
Information published.
CVE-2026-41292
Sin clasificar
Microsoft
CVE-2026-42534 Jostle logic bypass degrades resolution performance
Information published.
CVE-2026-42534
Sin clasificar
Microsoft
CVE-2026-40622 Another 'ghost domain names' attack variant
Information published.
CVE-2026-40622
Baja
Microsoft
CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options
Information published.
CVE-2026-42944
Sin clasificar
Microsoft
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service
Information published.
CVE-2026-44390
Sin clasificar
Microsoft
CVE-2026-5947 SIG(0) validation during query flood may lead to undefined behavior
Information published.
CVE-2026-5947
Sin clasificar
Microsoft
CVE-2026-8711 NGINX JavaScript vulnerability
Information published.
CVE-2026-8711
Sin clasificar
Azure
CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
The executive summary has been updated to include additional details about this vulnerability. This change does not affect the available security updates. Customers should install the recommended updates to remain pro...
CVE-2026-33117
Sin clasificar
Windows
CVE-2026-34336 Windows DWM Core Library Elevation of Privilege Vulnerability
The security impact for this CVE has been revised based on a re-assessment of the vulnerability. The original classification of Information Disclosure (ID) has been updated to Elevation of Privilege (EoP).
CVE-2026-34336
Sin clasificar
Microsoft
CVE-2023-6606 Kernel: out-of-bounds read vulnerability in smbcalcsize
Information published.
CVE-2023-6606
Sin clasificar
Microsoft
CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Information published.
CVE-2025-21825
Sin clasificar
Microsoft
CVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM type
Information published.
CVE-2025-21888
Sin clasificar
Microsoft
CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().
Information published.
CVE-2025-40139
Sin clasificar
Microsoft
CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown
Information published.
CVE-2025-40146
Sin clasificar
Microsoft
CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().
Information published.
CVE-2025-40168
Sin clasificar
Microsoft
CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()
Information published.
CVE-2025-40170
Sin clasificar
Microsoft
CVE-2025-40158 ipv6: use RCU in ip6_output()
Information published.
CVE-2025-40158
Sin clasificar
Microsoft
CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
Information published.
CVE-2025-40180
Sin clasificar
Microsoft
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work
Information published.
CVE-2025-68822
Sin clasificar
Microsoft
CVE-2025-71073 Input: lkkbd - disable pending work before freeing device
Information published.
CVE-2025-71073
Sin clasificar
Microsoft
CVE-2025-71072 shmem: fix recovery on rename failures
Information published.
CVE-2025-71072
Sin clasificar
Microsoft
CVE-2026-23214 btrfs: reject new transactions if the fs is fully read-only
Information published.
CVE-2026-23214
Sin clasificar
Microsoft
CVE-2026-23229 crypto: virtio - Add spinlock protection with virtqueue notification
Information published.
CVE-2026-23229
Sin clasificar
Microsoft
CVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
Information published.
CVE-2026-23213
Sin clasificar
Microsoft
CVE-2025-71225 md: suspend array while updating raid_disks via sysfs
Information published.
CVE-2025-71225
Sin clasificar
Microsoft
CVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channels
Information published.
CVE-2025-71227
Sin clasificar
Microsoft
CVE-2026-23223 xfs: fix UAF in xchk_btree_check_block_owner
Information published.
CVE-2026-23223
Sin clasificar
Microsoft
CVE-2026-23225 sched/mmcid: Don't assume CID is CPU owned on mode switch
Information published.
CVE-2026-23225
Sin clasificar
Microsoft
CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler
Information published.
CVE-2026-23207
Sin clasificar
Microsoft
CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes
Information published.
CVE-2025-38041
Sin clasificar
Microsoft
CVE-2025-38029 kasan: avoid sleepable page allocation from atomic context
Information published.
CVE-2025-38029
Sin clasificar
Microsoft
CVE-2025-38064 virtio: break and reset virtio devices on device_shutdown()
Information published.
CVE-2025-38064
Sin clasificar
Microsoft
CVE-2025-68201 drm/amdgpu: remove two invalid BUG_ON()s
Information published.
CVE-2025-68201
Sin clasificar
Microsoft
CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough
Information published.
CVE-2025-68230
Sin clasificar
Microsoft
CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition
Information published.
CVE-2025-68174
Sin clasificar
Microsoft
CVE-2025-40355 sysfs: check visibility before changing group attribute ownership
Information published.
CVE-2025-40355
Sin clasificar
Microsoft
CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side
Information published.
CVE-2025-68304
Sin clasificar
Microsoft
CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work
Information published.
CVE-2025-68324
Sin clasificar
Microsoft
CVE-2025-68736 landlock: Fix handling of disconnected directories
Information published.
CVE-2025-68736
Sin clasificar
Microsoft
CVE-2025-68745 scsi: qla2xxx: Clear cmds after chip reset
Information published.
CVE-2025-68745
Sin clasificar
Microsoft
CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved
Information published.
CVE-2025-40339
Sin clasificar
Microsoft
CVE-2025-68190 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()
Information published.
CVE-2025-68190
Sin clasificar
Microsoft
CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
Information published.
CVE-2025-68188
Sin clasificar
Microsoft
CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
Information published.
CVE-2025-68296
Sin clasificar
Microsoft
CVE-2025-68356 gfs2: Prevent recursive memory reclaim
Information published.
CVE-2025-68356
Sin clasificar
Microsoft
CVE-2025-68374 md: fix rcu protection in md_wakeup_thread
Information published.
CVE-2025-68374
Sin clasificar
Microsoft
CVE-2024-53133 drm/amd/display: Handle dml allocation failure to avoid crash
Information published.
CVE-2024-53133
Sin clasificar
Microsoft
CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string
Information published.
CVE-2025-38660
Sin clasificar
Microsoft
CVE-2025-38636 rv: Use strings in da monitors tracepoints
Information published.
CVE-2025-38636
Sin clasificar
Microsoft
CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields
Information published.
CVE-2025-38591
Media
Microsoft
CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
Information published.
CVE-2025-38585
Sin clasificar
Microsoft
CVE-2025-38584 padata: Fix pd UAF once and for all
Information published.
CVE-2025-38584
Sin clasificar
Microsoft
CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port
Information published.
CVE-2024-38595
Sin clasificar
Microsoft
CVE-2024-44951 serial: sc16is7xx: fix TX fifo corruption
Information published.
CVE-2024-44951
Sin clasificar
Microsoft
CVE-2025-39932 smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work)
Information published.
CVE-2025-39932
Sin clasificar
Microsoft
CVE-2025-40064 smc: Fix use-after-free in __pnet_find_base_ndev().
Information published.
CVE-2025-40064
Sin clasificar
Microsoft
CVE-2025-39927 ceph: fix race condition validating r_parent before applying state
Information published.
CVE-2025-39927
Sin clasificar
Microsoft
CVE-2025-39901 i40e: remove read access to debugfs files
Information published.
CVE-2025-39901
Sin clasificar
Microsoft
CVE-2025-39905 net: phylink: add lock for serializing concurrent pl->phydev writes with resolver
Information published.
CVE-2025-39905
Baja
Microsoft
CVE-2025-39940 dm-stripe: fix a possible integer overflow
Information published.
CVE-2025-39940
Sin clasificar
Microsoft
CVE-2025-39990 bpf: Check the helper function is valid in get_helper_proto
Information published.
CVE-2025-39990
Sin clasificar
Microsoft
CVE-2025-40003 net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work
Information published.
CVE-2025-40003
Sin clasificar
Microsoft
CVE-2025-40074 ipv4: start using dst_dev_rcu()
Information published.
CVE-2025-40074
Sin clasificar
Microsoft
CVE-2025-40065 RISC-V: KVM: Write hgatp register with valid mode bits
Information published.
CVE-2025-40065
Sin clasificar
Microsoft
CVE-2025-40075 tcp_metrics: use dst_dev_net_rcu()
Information published.
CVE-2025-40075
Sin clasificar
Microsoft
CVE-2025-40057 ptp: Add a upper bound on max_vclocks
Information published.
CVE-2025-40057
Sin clasificar
Microsoft
CVE-2025-40102 KVM: arm64: Prevent access to vCPU events before init
Information published.
CVE-2025-40102
Sin clasificar
Microsoft
CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying
Information published.
CVE-2025-22113
Sin clasificar
Microsoft
CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
Information published.
CVE-2025-21927
Sin clasificar
Microsoft
CVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folio
Information published.
CVE-2025-21907
Sin clasificar
Microsoft
CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
Information published.
CVE-2025-22124
Sin clasificar
Microsoft
CVE-2025-38333 f2fs: fix to bail out in get_new_segment()
Information published.
CVE-2025-38333
Sin clasificar
Microsoft
CVE-2025-38264 nvme-tcp: sanitize request list handling
Information published.
CVE-2025-38264
Sin clasificar
Microsoft
CVE-2025-38340 firmware: cs_dsp: Fix OOB memory read access in KUnit test
Information published.
CVE-2025-38340
Sin clasificar
Microsoft
CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping
Information published.
CVE-2025-38279
Sin clasificar
Microsoft
CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
Information published.
CVE-2025-38269
Sin clasificar
Microsoft
CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed
Information published.
CVE-2024-42317
Sin clasificar
Microsoft
CVE-2024-41008 drm/amdgpu: change vm->task_info handling
Information published.
CVE-2024-41008
Sin clasificar
Microsoft
CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly
Information published.
CVE-2024-41067
Sin clasificar
Microsoft
CVE-2024-41023 sched/deadline: Fix task_struct reference leak
Information published.
CVE-2024-41023
Sin clasificar
Microsoft
CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
Information published.
CVE-2024-50217
Sin clasificar
Microsoft
CVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
Information published.
CVE-2025-21768
Sin clasificar
Microsoft
CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed
Information published.
CVE-2024-57976
Sin clasificar
Microsoft
CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool
Information published.
CVE-2025-21786
Sin clasificar
Microsoft
CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug
Information published.
CVE-2025-21693
Sin clasificar
Microsoft
CVE-2025-21714 RDMA/mlx5: Fix implicit ODP use after free
Information published.
CVE-2025-21714
Sin clasificar
Microsoft
CVE-2024-56775 drm/amd/display: Fix handling of plane refcount
Information published.
CVE-2024-56775
Sin clasificar
Microsoft
CVE-2024-57857 RDMA/siw: Remove direct link to net_device
Information published.
CVE-2024-57857
Sin clasificar
Microsoft
CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()
Information published.
CVE-2026-31419
Sin clasificar
Microsoft
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Information published.
CVE-2026-31493
Sin clasificar
Microsoft
CVE-2026-31557 nvmet: move async event work off nvmet-wq
Information published.
CVE-2026-31557
Sin clasificar
Microsoft
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use
Information published.
CVE-2026-31606
Sin clasificar
Microsoft
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
Information published.
CVE-2026-31663
Sin clasificar
Microsoft
CVE-2026-31645 net: lan966x: fix page pool leak in error paths
Information published.
CVE-2026-31645
Sin clasificar
Microsoft
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output
Information published.
CVE-2026-31630
Sin clasificar
Microsoft
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Information published.
CVE-2026-31592
Sin clasificar
Microsoft
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Information published.
CVE-2026-6357
Sin clasificar
Microsoft
CVE-2026-31487 spi: use generic driver_override infrastructure
Information published.
CVE-2026-31487
Sin clasificar
Microsoft
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
Information published.
CVE-2026-31516
Sin clasificar
Microsoft
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation
Information published.
CVE-2026-31488
Sin clasificar
Microsoft
CVE-2026-31506 net: bcmasp: fix double free of WoL irq
Information published.
CVE-2026-31506
Sin clasificar
Microsoft
CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory
Information published.
CVE-2026-31440
Sin clasificar
Microsoft
CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
Information published.
CVE-2026-31505
Sin clasificar
Microsoft
CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes
Information published.
CVE-2026-31449
Sin clasificar
Microsoft
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Information published.
CVE-2026-31536
Sin clasificar
Microsoft
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response
Information published.
CVE-2026-31613
Sin clasificar
Microsoft
CVE-2026-31688 driver core: enforce device_lock for driver_match_device()
Information published.
CVE-2026-31688
Sin clasificar
Microsoft
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns
Information published.
CVE-2026-31692
Sin clasificar
Microsoft
CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly
Information published.
CVE-2024-35808
Sin clasificar
Microsoft
CVE-2024-26944 btrfs: zoned: fix use-after-free in do_zone_finish()
Information published.
CVE-2024-26944
Sin clasificar
Microsoft
CVE-2024-35794 dm-raid: really frozen sync_thread during suspend
Information published.
CVE-2024-35794
Sin clasificar
Microsoft
CVE-2025-37907 accel/ivpu: Fix locking order in ivpu_job_submit
Information published.
CVE-2025-37907
Sin clasificar
Microsoft
CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio
Information published.
CVE-2025-37834
Sin clasificar
Microsoft
CVE-2025-37877 iommu: Clear iommu-dma ops on cleanup
Information published.
CVE-2025-37877
Sin clasificar
Microsoft
CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
Information published.
CVE-2025-37826
Sin clasificar
Microsoft
CVE-2025-37856 btrfs: harden block_group::bg_list against list_del() races
Information published.
CVE-2025-37856
Sin clasificar
Microsoft
CVE-2025-37882 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
Information published.
CVE-2025-37882
Sin clasificar
Microsoft
CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
Information published.
CVE-2025-37861
Sin clasificar
Microsoft
CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap
Information published.
CVE-2025-37807
Sin clasificar
Microsoft
CVE-2025-37747 perf: Fix hang while freeing sigtrap event
Information published.
CVE-2025-37747
Sin clasificar
Microsoft
CVE-2025-37750 smb: client: fix UAF in decryption with multichannel
Information published.
CVE-2025-37750
Sin clasificar
Microsoft
CVE-2026-23241 audit: add missing syscalls to read class
Information published.
CVE-2026-23241
Sin clasificar
Microsoft
CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements
Information published.
CVE-2026-23278
Sin clasificar
Microsoft
CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion
Information published.
CVE-2026-23272
Sin clasificar
Microsoft
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz
Information published.
CVE-2026-23377
Sin clasificar
Microsoft
CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
Information published.
CVE-2026-23383
Sin clasificar
Microsoft
CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.
Information published.
CVE-2026-23394
Sin clasificar
Microsoft
CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()
Information published.
CVE-2026-23240
Sin clasificar
Microsoft
CVE-2026-23248 perf/core: Fix refcount bug and potential UAF in perf_mmap
Information published.
CVE-2026-23248
Sin clasificar
Microsoft
CVE-2026-23247 tcp: secure_seq: add back ports to TS offset
Information published.
CVE-2026-23247
Sin clasificar
Microsoft
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
Information published.
CVE-2026-23361
Sin clasificar
Microsoft
CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()
Information published.
CVE-2026-23346
Sin clasificar
Microsoft
CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message
Information published.
CVE-2026-0968
Sin clasificar
Microsoft
CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'
Information published.
CVE-2024-26672
Sin clasificar
Microsoft
CVE-2024-26757 md: Don't ignore read-only array in md_check_recovery()
Information published.
CVE-2024-26757
Sin clasificar
Microsoft
CVE-2024-26758 md: Don't ignore suspended array in md_check_recovery()
Information published.
CVE-2024-26758
Sin clasificar
Microsoft
CVE-2024-26756 md: Don't register sync_thread for reshape directly
Information published.
CVE-2024-26756
Sin clasificar
Microsoft
CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq
Information published.
CVE-2023-52586
Sin clasificar
Microsoft
CVE-2023-52624 drm/amd/display: Wake DMCUB before executing GPINT commands
Information published.
CVE-2023-52624
Sin clasificar
Microsoft
CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()
Information published.
CVE-2026-31706
Sin clasificar
Microsoft
CVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()
Information published.
CVE-2026-31707
Sin clasificar
Microsoft
CVE-2026-43042 mpls: add seqcount to protect the platform_label{,s} pair
Information published.
CVE-2026-43042
Sin clasificar
Microsoft
CVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlers
Information published.
CVE-2026-31771
Sin clasificar
Microsoft
CVE-2026-43052 wifi: mac80211: check tdls flag in ieee80211_tdls_oper
Information published.
CVE-2026-43052
Sin clasificar
Microsoft
CVE-2026-31709 smb: client: validate the whole DACL before rewriting it in cifsacl
Information published.
CVE-2026-31709
Sin clasificar
Microsoft
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Information published.
CVE-2026-43248
Sin clasificar
Microsoft
CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex
Information published.
CVE-2026-43127
Sin clasificar
Microsoft
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Information published.
CVE-2026-43161
Sin clasificar
Microsoft
CVE-2026-43245 ntfs: ->d_compare() must not block
Information published.
CVE-2026-43245
Sin clasificar
Microsoft
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Information published.
CVE-2025-71273
Sin clasificar
Microsoft
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Information published.
CVE-2026-43153
Sin clasificar
Microsoft
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Information published.
CVE-2026-43116
Sin clasificar
Microsoft
CVE-2026-43331 x86/kexec: Disable KCOV instrumentation after load_segments()
Information published.
CVE-2026-43331
Sin clasificar
Microsoft
CVE-2026-43319 spi: spidev: fix lock inversion between spi_lock and buf_lock
Information published.
CVE-2026-43319
Sin clasificar
Microsoft
CVE-2026-43303 mm/page_alloc: clear page->private in free_pages_prepare()
Information published.
CVE-2026-43303
Sin clasificar
Microsoft
CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode
Information published.
CVE-2026-31767
Sin clasificar
Microsoft
CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls
Information published.
CVE-2026-43249
Sin clasificar
Microsoft
CVE-2026-43490 ksmbd: validate inherited ACE SID length
Information published.
CVE-2026-43490
Sin clasificar
Microsoft
CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests
Information published.
CVE-2026-43493
Sin clasificar
Microsoft
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node
Information published.
CVE-2026-43491
Sin clasificar
Microsoft
CVE-2026-43465 net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ
Information published.
CVE-2026-43465
Sin clasificar
Microsoft
CVE-2026-43499 rtmutex: Use waiter::task instead of current in remove_waiter()
Information published.
CVE-2026-43499
Sin clasificar
Microsoft
CVE-2026-43497 fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free
Information published.
CVE-2026-43497
Sin clasificar
Microsoft
CVE-2026-43502 net/rds: handle zerocopy send cleanup before the message is queued
Information published.
CVE-2026-43502
Sin clasificar
Microsoft
CVE-2026-43501 ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
Information published.
CVE-2026-43501
Sin clasificar
Microsoft
CVE-2026-43496 net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked
Information published.
CVE-2026-43496
Sin clasificar
Microsoft
CVE-2026-43048 HID: core: Mitigate potential OOB by removing bogus memset()
Information published.
CVE-2026-43048
Sin clasificar
Microsoft
CVE-2026-43049 HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure
Information published.
CVE-2026-43049
Sin clasificar
Microsoft
CVE-2026-31712 ksmbd: require minimum ACE size in smb_check_perm_dacl()
Information published.
CVE-2026-31712
Sin clasificar
Microsoft
CVE-2026-43019 Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
Information published.
CVE-2026-43019
Sin clasificar
Microsoft
CVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision tracking
Information published.
CVE-2026-43009
Sin clasificar
Microsoft
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function
Information published.
CVE-2026-43073
Sin clasificar
Microsoft
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Information published.
CVE-2026-43125
Sin clasificar
Microsoft
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Information published.
CVE-2026-43198
Sin clasificar
Microsoft
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Information published.
CVE-2026-43172
Sin clasificar
Microsoft
CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels
Information published.
CVE-2025-71285
Sin clasificar
Microsoft
CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay
Information published.
CVE-2026-43118
Sin clasificar
Microsoft
CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock
Information published.
CVE-2026-43109
Sin clasificar
Microsoft
CVE-2026-43258 alpha: fix user-space corruption during memory compaction
Information published.
CVE-2026-43258
Sin clasificar
Microsoft
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Information published.
CVE-2025-71289
Sin clasificar
Microsoft
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Information published.
CVE-2026-43250
Sin clasificar
Microsoft
CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports
Information published.
CVE-2026-43088
Sin clasificar
Microsoft
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Information published.
CVE-2026-43119
Sin clasificar
Microsoft
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Information published.
CVE-2026-43101
Sin clasificar
Microsoft
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Information published.
CVE-2026-43199
Sin clasificar
Microsoft
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Information published.
CVE-2026-43083
Sin clasificar
Microsoft
CVE-2026-43338 btrfs: reserve enough transaction items for qgroup ioctls
Information published.
CVE-2026-43338
Sin clasificar
Microsoft
CVE-2026-43318 drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify
Information published.
CVE-2026-43318
Sin clasificar
Microsoft
CVE-2026-43416 powerpc, perf: Check that current->mm is alive before getting user callchain
Information published.
CVE-2026-43416
Sin clasificar
Microsoft
CVE-2026-43298 drm/amdgpu: Skip vcn poison irq release on VF
Information published.
CVE-2026-43298
Baja
Microsoft
CVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()
Information published.
CVE-2026-43492
Sin clasificar
Microsoft
CVE-2026-45736 ws: Uninitialized memory disclosure
Information published.
CVE-2026-45736
Sin clasificar
Microsoft
CVE-2026-43464 net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ
Information published.
CVE-2026-43464
Sin clasificar
Microsoft
CVE-2026-43495 net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler
Information published.
CVE-2026-43495
Sin clasificar
Microsoft
CVE-2026-43494 net/rds: reset op_nents when zerocopy page pin fails
Information published.
CVE-2026-43494
Sin clasificar
Microsoft
CVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migration
Information published.
CVE-2025-39754
Sin clasificar
Microsoft
CVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliable
Information published.
CVE-2025-39746
Sin clasificar
Microsoft
CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer
Information published.
CVE-2025-39833
Sin clasificar
Microsoft
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
Information published.
CVE-2025-39850
Sin clasificar
Microsoft
CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal
Information published.
CVE-2025-39677
Sin clasificar
Microsoft
CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
Information published.
CVE-2025-39707
Sin clasificar
Microsoft
CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown
Information published.
CVE-2025-39810
Sin clasificar
Microsoft
CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object
Information published.
CVE-2025-39851
Sin clasificar
Microsoft
CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart
Information published.
CVE-2025-39862
Sin clasificar
Microsoft
CVE-2024-58241 Bluetooth: hci_core: Disable works on hci_unregister_dev
Information published.
CVE-2024-58241
Sin clasificar
Windows
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Fixed a typographical error. This is an information change only.
CVE-2026-45585
Sin clasificar
Windows
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Added a script to implement a mitigation and removed the manual mitigations. Please read the information to decide if you need to run the provided script.
CVE-2026-45585
Sin clasificar
Microsoft
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node
Information published.
CVE-2026-43491
Sin clasificar
Microsoft
CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls
Information published.
CVE-2026-43619
Baja
Microsoft
CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure
Information published.
CVE-2026-43618
Sin clasificar
Microsoft
CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
Information published.
CVE-2026-43620
Sin clasificar
Microsoft
CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.
Information published.
CVE-2026-47784
Sin clasificar
Microsoft
CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
Information published.
CVE-2026-47783
Sin clasificar
Microsoft
CVE-2026-32792 Packet of death with DNSCrypt
Information published.
CVE-2026-32792
Sin clasificar
Microsoft
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section
Information published.
CVE-2026-42960
Sin clasificar
Microsoft
CVE-2026-42959 Crash during DNSSEC validation of malicious content
Information published.
CVE-2026-42959
Sin clasificar
Microsoft
CVE-2026-44608 Use after free and crash under special conditions in RPZ code
Information published.
CVE-2026-44608
Sin clasificar
Microsoft
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation
Information published.
CVE-2026-33278
Sin clasificar
Microsoft
CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations
Information published.
CVE-2026-42923
Baja
Microsoft
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
Information published.
CVE-2026-45803
Baja
Microsoft
CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
Information published.
CVE-2026-43970
Sin clasificar
Microsoft
CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic
Information published.
CVE-2026-46333
Sin clasificar
Microsoft
CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution
Information published.
CVE-2026-43617
Sin clasificar
Microsoft
CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy
Information published.
CVE-2026-45232
Baja
Microsoft
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
Information published.
CVE-2026-29518
Sin clasificar
Microsoft
CVE-2026-41292 Long list of incoming EDNS options degrades performance
Information published.
CVE-2026-41292
Sin clasificar
Microsoft
CVE-2026-42534 Jostle logic bypass degrades resolution performance
Information published.
CVE-2026-42534
Sin clasificar
Microsoft
CVE-2026-40622 Another 'ghost domain names' attack variant
Information published.
CVE-2026-40622
Baja
Microsoft
CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options
Information published.
CVE-2026-42944
Sin clasificar
Microsoft
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service
Information published.
CVE-2026-44390
Sin clasificar
Microsoft
CVE-2026-45736 ws: Uninitialized memory disclosure
Information published.
CVE-2026-45736
Sin clasificar
Microsoft
CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
Today's changes were made in error and have been reverted. This is an informational change only.
CVE-2026-40367
Crítica
Microsoft
CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
The security impact for this vulnerability has been revised from Critical to Important. In addition, the CVSS vector and FAQs were modified. This change does not affect the available security updates. Customers shoul...
CVE-2026-40367
Sin clasificar
Microsoft
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
Information published.
CVE-2026-34956
Sin clasificar
Microsoft
CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests
Information published.
CVE-2026-43493
Sin clasificar
Microsoft
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node
Information published.
CVE-2026-43491
Sin clasificar
Microsoft
CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
Information published.
CVE-2026-46483
Baja
Microsoft
CVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()
Information published.
CVE-2026-43492
Baja
Windows
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best p...
CVE-2026-45585
Sin clasificar
Microsoft
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
Information published.
CVE-2025-8224
Baja
Microsoft
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
Information published.
CVE-2025-1176
Sin clasificar
Microsoft
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
Information published.
CVE-2025-1178
Sin clasificar
Microsoft
CVE-2025-0665 eventfd double close
Information published.
CVE-2025-0665
Sin clasificar
Microsoft
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Information published.
CVE-2026-34757
Sin clasificar
Microsoft
CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
Information published.
CVE-2026-41080
Sin clasificar
Microsoft
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Information published.
CVE-2026-6357
Sin clasificar
Windows
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
Information published.
CVE-2026-3087
Sin clasificar
Microsoft
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Information published.
CVE-2026-3219
Sin clasificar
Microsoft
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
Information published.
CVE-2026-28808
Sin clasificar
Microsoft
CVE-2026-41604 Apache Thrift: Swift Range crash in skip()
Information published.
CVE-2026-41604
Baja
Microsoft
CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow
Information published.
CVE-2026-40170
Sin clasificar
Microsoft
CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison
Information published.
CVE-2026-3833
Baja
Microsoft
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Information published.
CVE-2026-34874
Baja
Microsoft
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Information published.
CVE-2026-34876
Sin clasificar
Microsoft
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Information published.
CVE-2026-25835
Sin clasificar
Microsoft
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Information published.
CVE-2025-66442
Sin clasificar
Microsoft
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Information published.
CVE-2026-34873
Sin clasificar
Microsoft
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Information published.
CVE-2026-34871
Sin clasificar
Microsoft
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Information published.
CVE-2026-34872
Baja
Microsoft
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Information published.
CVE-2026-25834
Baja
Microsoft
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Information published.
CVE-2026-25833
Sin clasificar
Microsoft
CVE-2026-41082 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
Information published.
CVE-2026-41082
Sin clasificar
Microsoft
CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
Information published.
CVE-2026-7246
Sin clasificar
Microsoft
CVE-2026-31723 usb: gadget: f_subset: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31723
Sin clasificar
Microsoft
CVE-2026-31724 usb: gadget: f_eem: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31724
Sin clasificar
Microsoft
CVE-2026-31721 usb: gadget: f_hid: move list and spinlock inits from bind to alloc
Information published.
CVE-2026-31721
Baja
Microsoft
CVE-2026-31704 ksmbd: use check_add_overflow() to prevent u16 DACL size overflow
Information published.
CVE-2026-31704
Sin clasificar
Microsoft
CVE-2026-31702 f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()
Information published.
CVE-2026-31702
Sin clasificar
Microsoft
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
Information published.
CVE-2026-43185
Sin clasificar
Microsoft
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
Information published.
CVE-2025-71272
Sin clasificar
Microsoft
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
Information published.
CVE-2026-41673
Sin clasificar
Microsoft
CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
Information published.
CVE-2026-43443
Media
Microsoft
CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC
Information published.
CVE-2026-43310
Sin clasificar
Microsoft
CVE-2026-43421 usb: gadget: f_ncm: Fix net_device lifecycle with device_move
Information published.
CVE-2026-43421
Baja
Microsoft
CVE-2026-37458 Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.
Information published.
CVE-2026-37458
Sin clasificar
Microsoft
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Information published.
CVE-2026-33814
Sin clasificar
Microsoft
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Information published.
CVE-2026-39823
Sin clasificar
Microsoft
CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication
Information published.
CVE-2026-42256
Sin clasificar
Microsoft
CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing
Information published.
CVE-2026-42246
Media
Microsoft
CVE-2026-45186 In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
Information published.
CVE-2026-45186
Baja
Microsoft
CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
Information published.
CVE-2026-6210
Sin clasificar
Microsoft
CVE-2026-4873 connection reuse ignores TLS requirement
Information published.
CVE-2026-4873
Sin clasificar
Microsoft
CVE-2026-6429 netrc credential leak with reused proxy connection
Information published.
CVE-2026-6429
Sin clasificar
Microsoft
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
Information published.
CVE-2026-5545
Sin clasificar
Microsoft
CVE-2026-6253 proxy credentials leak over redirect-to proxy
Information published.
CVE-2026-6253
Sin clasificar
Microsoft
CVE-2026-5773 wrong reuse of SMB connection
Information published.
CVE-2026-5773
Sin clasificar
Microsoft
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling
Information published.
CVE-2026-42011
Sin clasificar
Microsoft
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Information published.
CVE-2026-7210
Sin clasificar
SQL Server
CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound
Information published.
CVE-2026-6473
Sin clasificar
Microsoft
CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
Information published.
CVE-2026-6477
Baja
Microsoft
CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
Information published.
CVE-2026-44662
Sin clasificar
Microsoft
CVE-2026-31777 ALSA: ctxfi: Check the error for index mapping
Information published.
CVE-2026-31777
Sin clasificar
Microsoft
CVE-2026-31722 usb: gadget: f_rndis: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31722
Sin clasificar
Microsoft
CVE-2026-31725 usb: gadget: f_ecm: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31725
Sin clasificar
Microsoft
CVE-2026-31729 usb: typec: ucsi: validate connector number in ucsi_notify_common()
Information published.
CVE-2026-31729
Sin clasificar
Microsoft
CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
Information published.
CVE-2026-31715
Baja
Microsoft
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Information published.
CVE-2026-7598
Media
Microsoft
CVE-2026-43058 media: vidtv: fix pass-by-value structs causing MSAN warnings
Information published.
CVE-2026-43058
Sin clasificar
Microsoft
CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE
Information published.
CVE-2026-43176
Sin clasificar
Microsoft
CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams
Information published.
CVE-2026-43204
Sin clasificar
Microsoft
CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints
Information published.
CVE-2026-43126
Sin clasificar
Microsoft
CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU
Information published.
CVE-2026-43115
Sin clasificar
Microsoft
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet
Information published.
CVE-2026-43219
Sin clasificar
Microsoft
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report
Information published.
CVE-2026-43213
Sin clasificar
Microsoft
CVE-2026-43228 hfs: Replace BUG_ON with error handling for CNID count checks
Information published.
CVE-2026-43228
Sin clasificar
Microsoft
CVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon tracking
Information published.
CVE-2026-43267
Sin clasificar
Microsoft
CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability
Information published.
CVE-2026-43870
Sin clasificar
Microsoft
CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
Information published.
CVE-2026-43868
CVE-2020-13949
Sin clasificar
Microsoft
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification
Information published.
CVE-2026-43869
Sin clasificar
Microsoft
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
Information published.
CVE-2026-41672
Sin clasificar
Microsoft
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization
Information published.
CVE-2026-41674
Sin clasificar
Microsoft
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization
Information published.
CVE-2026-41675
Sin clasificar
Microsoft
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Information published.
CVE-2026-31717
Sin clasificar
Microsoft
CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue
Information published.
CVE-2026-43352
Sin clasificar
Microsoft
CVE-2026-43317 most: core: fix leak on early registration failure
Information published.
CVE-2026-43317
Sin clasificar
Microsoft
CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue
Information published.
CVE-2026-43353
Baja
Microsoft
CVE-2026-37459 An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Information published.
CVE-2026-37459
Sin clasificar
Microsoft
CVE-2026-33811 Crash when handling long CNAME response in net
Information published.
CVE-2026-33811
Sin clasificar
Microsoft
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Information published.
CVE-2026-39817
Baja
Microsoft
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Information published.
CVE-2026-39819
Sin clasificar
Microsoft
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Information published.
CVE-2026-39820
Sin clasificar
Microsoft
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Information published.
CVE-2026-39825
Sin clasificar
Microsoft
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Information published.
CVE-2026-39826
Sin clasificar
Windows
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Information published.
CVE-2026-39836
Sin clasificar
Microsoft
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Information published.
CVE-2026-42499
Sin clasificar
Microsoft
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Information published.
CVE-2026-42501
Sin clasificar
Microsoft
CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands
Information published.
CVE-2026-42257
Sin clasificar
Microsoft
CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs
Information published.
CVE-2026-42258
Sin clasificar
Microsoft
CVE-2026-6276 stale custom cookie host causes cookie leak
Information published.
CVE-2026-6276
Sin clasificar
Microsoft
CVE-2026-7168 cross-proxy Digest auth state leak
Information published.
CVE-2026-7168
Baja
Microsoft
CVE-2026-8295 Integer overflow in simdjson
Information published.
CVE-2026-8295
Sin clasificar
Microsoft
CVE-2026-4892 CVE-2026-4892
Information published.
CVE-2026-4892
Sin clasificar
Microsoft
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
Information published.
CVE-2026-8328
Media
Microsoft
CVE-2026-32185 Microsoft Teams Spoofing Vulnerability
The security update for Microsoft Teams for Android is not immediately available. Customers running affected Microsoft Teams for would need to install the update to be protected from this vulnerability, once the updat...
CVE-2026-32185
Sin clasificar
Exchange Server
CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability
Updated FAQ information. This is an informational change only.
CVE-2026-42897
Baja
Azure
CVE-2026-42822 Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability
Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-42822
Sin clasificar
Microsoft
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Update the Security Updates table to remove incorrectly added software
CVE-2026-32177
Sin clasificar
Microsoft
CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
Information published.
CVE-2026-43308
Sin clasificar
Microsoft
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Information published.
CVE-2026-7210
Sin clasificar
Microsoft
CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
Information published.
CVE-2026-46483
Sin clasificar
Microsoft
CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks
Information published.
CVE-2026-44283
Sin clasificar
Microsoft
CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects
Information published.
CVE-2026-8368
Sin clasificar
Microsoft
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
Information published.
CVE-2026-8328
Baja
Microsoft
CVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflow
Information published.
CVE-2026-44673
Sin clasificar
Microsoft
CVE-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channel
Information published.
CVE-2026-6478
Sin clasificar
SQL Server
CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound
Information published.
CVE-2026-6473
Baja
Microsoft
CVE-2026-6638 PostgreSQL REFRESH PUBLICATION allows SQL injection via table name
Information published.
CVE-2026-6638
Baja
Microsoft
CVE-2026-6637 PostgreSQL refint allows stack buffer overflow and SQL injection
Information published.
CVE-2026-6637
Sin clasificar
Microsoft
CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
Information published.
CVE-2026-6477
Sin clasificar
Microsoft
CVE-2026-40460 NGINX ngx_quic_module vulnerability
Information published.
CVE-2026-40460
Sin clasificar
Microsoft
CVE-2026-42934 NGINX ngx_http_charset_module vulnerability
Information published.
CVE-2026-42934
Sin clasificar
Microsoft
CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability
Information published.
CVE-2026-42946
Baja
Microsoft
CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
Information published.
CVE-2026-44662
Baja
Microsoft
CVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
Information published.
CVE-2026-44431
Sin clasificar
Microsoft
CVE-2026-43490 ksmbd: validate inherited ACE SID length
Information published.
CVE-2026-43490
Sin clasificar
Microsoft
CVE-2026-6475 PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice
Information published.
CVE-2026-6475
Sin clasificar
Microsoft
CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory
Information published.
CVE-2026-6474
Sin clasificar
Microsoft
CVE-2026-6472 PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
Information published.
CVE-2026-6472
Sin clasificar
Microsoft
CVE-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
Information published.
CVE-2026-6479
Sin clasificar
Microsoft
CVE-2026-40701 NGINX ngx_http_ssl_module vulnerability
Information published.
CVE-2026-40701
Sin clasificar
Microsoft
CVE-2026-42945 NGINX ngx_http_rewrite_module vulnerability
Information published.
CVE-2026-42945
Sin clasificar
Microsoft
CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic
Information published.
CVE-2026-46333
Sin clasificar
Azure
CVE-2026-40379 Azure Entra ID Spoofing Vulnerability
Corrected CVE title. This is an informational change only.
CVE-2026-40379
Sin clasificar
Windows
CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
Updated Hotpatch links. This is in informational change only.
CVE-2026-32161
Sin clasificar
Windows
CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability
Updated Hotpatch links. This is in informational change only.
CVE-2026-32170
Sin clasificar
Windows
CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
Updated Hotpatch links. This is in informational change only.
CVE-2026-21530
Sin clasificar
Microsoft
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Information published.
CVE-2026-29181
Sin clasificar
Microsoft
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Information published.
CVE-2026-33814
Sin clasificar
Microsoft
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Information published.
CVE-2026-42304
Sin clasificar
Microsoft
CVE-2026-4893 CVE-2026-4893
Information published.
CVE-2026-4893
Sin clasificar
Microsoft
CVE-2026-2291 CVE-2026-2291
Information published.
CVE-2026-2291
Sin clasificar
Microsoft
CVE-2026-5172 CVE-2026-5172
Information published.
CVE-2026-5172
Sin clasificar
Microsoft
CVE-2026-4890 CVE-2026-4890
Information published.
CVE-2026-4890
Sin clasificar
Microsoft
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling
Information published.
CVE-2026-42011
Sin clasificar
Microsoft
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
Information published.
CVE-2026-34956
Sin clasificar
Microsoft
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Information published.
CVE-2026-7210
Sin clasificar
Microsoft
CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
Information published.
CVE-2026-43969
Baja
Microsoft
CVE-2026-8295 Integer overflow in simdjson
Information published.
CVE-2026-8295
Sin clasificar
Microsoft
CVE-2026-4891 CVE-2026-4891
Information published.
CVE-2026-4891
Sin clasificar
Microsoft
CVE-2026-4892 CVE-2026-4892
Information published.
CVE-2026-4892
Sin clasificar
Microsoft
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username
Information published.
CVE-2026-42010
Sin clasificar
Microsoft
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
Information published.
CVE-2026-7790
Sin clasificar
Microsoft
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Information published.
CVE-2026-43968
Sin clasificar
Microsoft
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
New .NET Framework Packages have been added
CVE-2026-32177
Sin clasificar
Microsoft
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
New .NET Framework Packages have been added
CVE-2026-35433
Baja
Microsoft
CVE-2026-41615 Microsoft Authenticator Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.
CVE-2026-41615
Baja
Exchange Server
CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-42897
Baja
Microsoft
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve
Information published.
CVE-2026-25541
Sin clasificar
Dynamics
CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Updated the fixed version number. This is an informational change only.
CVE-2026-42833
Sin clasificar
Dynamics
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Acknowledgement Updated
CVE-2026-42898
Sin clasificar
Dynamics
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Updated the fixed version number. This is an informational change only.
CVE-2026-42898
Sin clasificar
Azure
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Information published.
CVE-2026-42151
Baja
Microsoft
CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload
Information published.
CVE-2026-42154
Sin clasificar
Microsoft
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Information published.
CVE-2026-33814
Sin clasificar
Microsoft
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Information published.
CVE-2026-39823
Sin clasificar
Microsoft
CVE-2026-45186
Information published.
CVE-2026-45186
Baja
Microsoft
CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro
Information published.
CVE-2026-43894
Baja
Microsoft
CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge
Information published.
CVE-2026-43896
Sin clasificar
Microsoft
CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
Information published.
CVE-2026-43895
Baja
Microsoft
CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains
Information published.
CVE-2026-40612
Sin clasificar
Microsoft
CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f
Information published.
CVE-2026-41256
Sin clasificar
Microsoft
CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode
Information published.
CVE-2026-31767
Sin clasificar
Microsoft
CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls
Information published.
CVE-2026-43249
Sin clasificar
Microsoft
CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences
Information published.
CVE-2026-8177
Baja
Microsoft
CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
Information published.
CVE-2026-6210
Baja
Microsoft
CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing
Information published.
CVE-2026-6664
Baja
Microsoft
CVE-2026-6665 PgBouncer buffer overflow in SCRAM
Information published.
CVE-2026-6665
Sin clasificar
Microsoft
CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command
Information published.
CVE-2026-6667
Sin clasificar
Microsoft
CVE-2026-6666 PgBouncer crash in kill_pool_logins_server_error
Information published.
CVE-2026-6666
Baja
Microsoft
CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading
Information published.
CVE-2026-45130
Sin clasificar
Microsoft
CVE-2026-44656 Vim: OS Command Injection via 'path' completion
Information published.
CVE-2026-44656
Sin clasificar
Microsoft
CVE-2026-33811 Crash when handling long CNAME response in net
Information published.
CVE-2026-33811
Sin clasificar
Microsoft
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Information published.
CVE-2026-39817
Baja
Microsoft
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Information published.
CVE-2026-39819
Sin clasificar
Microsoft
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Information published.
CVE-2026-39820
Sin clasificar
Microsoft
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Information published.
CVE-2026-39825
Sin clasificar
Microsoft
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Information published.
CVE-2026-39826
Sin clasificar
Windows
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Information published.
CVE-2026-39836
Sin clasificar
Microsoft
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Information published.
CVE-2026-42499
Sin clasificar
Microsoft
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Information published.
CVE-2026-42501
Baja
Microsoft
CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)
Information published.
CVE-2026-41257
Sin clasificar
Microsoft
CVE-2026-35469 SpdyStream: DOS on CRI
Information published.
CVE-2026-35469
Sin clasificar
Microsoft
CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification
Information published.
CVE-2026-41603
Sin clasificar
Microsoft
CVE-2026-41636 Apache Thrift: Node.js skip() recursion
Information published.
CVE-2026-41636
Sin clasificar
Microsoft
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.
Information published.
CVE-2025-48431
Baja
Microsoft
CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow
Information published.
CVE-2026-41602
Baja
Microsoft
CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow
Information published.
CVE-2026-41605
Baja
Azure
CVE-2026-32204 Azure Monitor Agent Elevation of Privilege Vulnerability
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32204
Baja
Microsoft
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32177
Baja
Windows
CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
CVE-2026-21530
Baja
Azure
CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-33117
Baja
Windows
CVE-2026-33834 Windows Event Logging Service Elevation of Privilege Vulnerability
Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.
CVE-2026-33834
Baja
Windows
CVE-2026-33839 Win32k Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-33839
Baja
Windows
CVE-2026-33840 Win32k Elevation of Privilege Vulnerability
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-33840
Baja
Windows
CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-33841
Baja
Windows
CVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-34329
Baja
Windows
CVE-2026-34330 Win32k Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34330
Baja
Windows
CVE-2026-34331 Win32k Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34331
Baja
Windows
CVE-2026-34333 Windows Win32k Elevation of Privilege Vulnerability
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34333
Baja
Windows
CVE-2026-34342 Windows Print Spooler Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-34342
Baja
Windows
CVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2026-34343
Baja
Windows
CVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34344
Baja
Windows
CVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34345
Baja
Windows
CVE-2026-34347 Windows Win32k Elevation of Privilege Vulnerability
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34347
Baja
Windows
CVE-2026-34350 Windows Storport Miniport Driver Denial of Service Vulnerability
Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.
CVE-2026-34350
Baja
Windows
CVE-2026-34351 Windows TCP/IP Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34351
Baja
Windows
CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-35415
Baja
Windows
CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-35416
Baja
Windows
CVE-2026-35417 Windows Win32k Elevation of Privilege Vulnerability
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-35417
Baja
Windows
CVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-35418
Baja
Windows
CVE-2026-35419 Windows DWM Core Library Information Disclosure Vulnerability
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-35419
Baja
Windows
CVE-2026-35420 Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-35420
Baja
Windows
CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-35421
Baja
Windows
CVE-2026-35422 Windows TCP/IP Driver Security Feature Bypass Vulnerability
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
CVE-2026-35422
Baja
Windows
CVE-2026-35423 Windows 11 Telnet Client Information Disclosure Vulnerability
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
CVE-2026-35423
Baja
Windows
CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-35424
Baja
Microsoft
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-35433
Baja
Windows
CVE-2026-35438 Windows Admin Center Elevation of Privilege Vulnerability
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-35438
Baja
Microsoft Office
CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35439
Baja
Microsoft Office
CVE-2026-35440 Microsoft Word Information Disclosure Vulnerability
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-35440
Baja
Microsoft Office
CVE-2026-40360 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40360
Baja
Microsoft Office
CVE-2026-40363 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40363
Baja
Microsoft Office
CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40364
Baja
Microsoft Office
CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40366
Baja
Microsoft Office
CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40368
Baja
Microsoft
CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2026-40374
Baja
Windows
CVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-40377
Baja
Windows
CVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution Vulnerability
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
CVE-2026-40380
Baja
Windows
CVE-2026-40399 Windows TCP/IP Elevation of Privilege Vulnerability
Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-40399
Baja
Windows
CVE-2026-40405 Windows TCP/IP Denial of Service Vulnerability
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
CVE-2026-40405
Baja
Windows
CVE-2026-40406 Windows TCP/IP Information Disclosure Vulnerability
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
CVE-2026-40406
Baja
Windows
CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40407
Baja
Windows
CVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege Vulnerability
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-40408
Baja
Windows
CVE-2026-40410 Windows SMB Client Elevation of Privilege Vulnerability
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
CVE-2026-40410
Baja
Windows
CVE-2026-40414 Windows TCP/IP Denial of Service Vulnerability
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
CVE-2026-40414
Baja
Windows
CVE-2026-40415 Windows TCP/IP Remote Code Execution Vulnerability
Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2026-40415
Baja
Dynamics
CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
CVE-2026-40417
Baja
Microsoft Office
CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40419
Baja
Microsoft Office
CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability
External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.
CVE-2026-40421
Baja
Windows
CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-41088
Baja
Windows
CVE-2026-41089 Windows Netlogon Remote Code Execution Vulnerability
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
CVE-2026-41089
Baja
Microsoft
CVE-2026-41094 Microsoft Data Formulator Remote Code Execution Vulnerability
Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.
CVE-2026-41094
Baja
Microsoft
CVE-2026-41095 Data Deduplication Elevation of Privilege Vulnerability
Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.
CVE-2026-41095
Baja
Windows
CVE-2026-41096 Windows DNS Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
CVE-2026-41096
Baja
Microsoft 365
CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-41100
Baja
Microsoft Office
CVE-2026-41101 Microsoft Word for Android Spoofing Vulnerability
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
CVE-2026-41101
Baja
Microsoft Office
CVE-2026-41102 Microsoft PowerPoint for Android Spoofing Vulnerability
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
CVE-2026-41102
Baja
Visual Studio
CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-41109
Baja
Visual Studio
CVE-2026-41610 Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-41610
Baja
Visual Studio
CVE-2026-41611 Visual Studio Code Remote Code Execution Vulnerability
Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
CVE-2026-41611
Baja
Visual Studio
CVE-2026-41612 Visual Studio Code Information Disclosure Vulnerability
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
CVE-2026-41612
Baja
Microsoft
CVE-2026-41614 M365 Copilot for Desktop Spoofing Vulnerability
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
CVE-2026-41614
Baja
Windows
CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-32161
Baja
Windows
CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability
Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.
CVE-2026-32170
Baja
Microsoft
CVE-2026-32185 Microsoft Teams Spoofing Vulnerability
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVE-2026-32185
Baja
Microsoft Office
CVE-2026-42831 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-42831
Sin clasificar
Microsoft
CVE-2026-32175 .NET Core Tampering Vulnerability
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on...
CVE-2026-32175
Baja
Windows
CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-42825
Sin clasificar
Microsoft
ADV990001 Latest Servicing Stack Updates
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
Baja
Windows
CVE-2026-42896 Windows DWM Core Library Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42896
Baja
Dynamics
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42898
Baja
Microsoft
CVE-2026-42899 ASP.NET Core Denial of Service Vulnerability
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-42899
Baja
Microsoft Office
CVE-2026-33110 Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-33110
Baja
Microsoft Office
CVE-2026-33112 Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-33112
Baja
Azure
CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33833
Baja
Windows
CVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-33835
Baja
Windows
CVE-2026-33837 Windows TCP/IP Local Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-33837
Baja
Windows
CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
CVE-2026-33838
Baja
Windows
CVE-2026-34332 Windows Kernel-Mode Driver Remote Code Execution Vulnerability
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
CVE-2026-34332
Baja
Windows
CVE-2026-34334 Windows TCP/IP Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34334
Baja
Windows
CVE-2026-34336 Windows DWM Core Library Information Disclosure Vulnerability
Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-34336
Baja
Windows
CVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-34337
Baja
Windows
CVE-2026-34338 Windows Telephony Service Elevation of Privilege Vulnerability
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-34338
Baja
Windows
CVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
CVE-2026-34339
Baja
Windows
CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-34340
Baja
Windows
CVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability
Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
CVE-2026-34341
Baja
Microsoft Office
CVE-2026-40357 Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40357
Baja
Microsoft Office
CVE-2026-40358 Microsoft Office Remote Code Execution Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40358
Baja
Microsoft Office
CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40359
Baja
Microsoft Office
CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40361
Baja
Microsoft Office
CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40362
Baja
Microsoft Office
CVE-2026-40365 Microsoft SharePoint Server Remote Code Execution Vulnerability
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40365
Baja
Microsoft Office
CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40367
Baja
SQL Server
CVE-2026-40370 SQL Server Remote Code Execution Vulnerability
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-40370
Baja
Windows
CVE-2026-40369 Windows Kernel Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-40369
Baja
Windows
CVE-2026-40382 Windows Telephony Service Elevation of Privilege Vulnerability
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-40382
Baja
Windows
CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40397
Baja
Windows
CVE-2026-32209 Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
CVE-2026-32209
Baja
Windows
CVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-40398
Baja
Windows
CVE-2026-40401 Windows TCP/IP Denial of Service Vulnerability
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
CVE-2026-40401
Baja
Windows
CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
CVE-2026-40402
Baja
Windows
CVE-2026-40403 Windows Graphics Component Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2026-40403
Baja
Windows
CVE-2026-40413 Windows TCP/IP Denial of Service Vulnerability
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
CVE-2026-40413
Baja
Microsoft Office
CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-40418
Baja
Microsoft Office
CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-35436
Baja
Microsoft Office
CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-40420
Baja
Windows
CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-41086
Baja
Windows
CVE-2026-41097 Secure Boot Security Feature Bypass Vulnerability
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-41097
Baja
Azure
CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-40381
Baja
Microsoft
CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41103
Baja
Visual Studio
CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41613
Baja
Azure
CVE-2026-42823 Azure Logic Apps Elevation of Privilege Vulnerability
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-42823
Baja
Azure
CVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-42830
Baja
Microsoft Office
CVE-2026-42832 Microsoft Office Spoofing Vulnerability
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
CVE-2026-42832
Baja
Dynamics
CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42833
Baja
Windows
CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption
This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible.
The vulnerability assigned...
CVE-2025-54518
Baja
Microsoft
CVE-2026-42893 Microsoft Outlook for iOS Tampering Vulnerability
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.
CVE-2026-42893
Sin clasificar
Microsoft
CVE-2025-6965 Integer Truncation on SQLite
Boletin publicado por Microsoft Security Response Center.
CVE-2025-6965
Sin clasificar
Microsoft
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Information published.
CVE-2026-29181
Sin clasificar
Microsoft
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Information published.
CVE-2026-39882
Sin clasificar
Microsoft
CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue
Information published.
CVE-2026-43353
Sin clasificar
Microsoft
CVE-2026-43500 rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
Information published.
CVE-2026-43500
Sin clasificar
Windows
CVE-2026-20841 Windows Notepad App Remote Code Execution Vulnerability
Added FAQ information. This is an informational change only.
CVE-2026-20841
Sin clasificar
Microsoft
CVE-2026-32226 .NET Framework Denial of Service Vulnerability
This CVE has been updated to include additional Security Updates for .NET Framework
CVE-2026-32226
Sin clasificar
Microsoft
CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Information published.
CVE-2025-21825
Sin clasificar
Microsoft
CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
Information published.
CVE-2024-58089
Baja
Microsoft
CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP
Information published.
CVE-2025-21892
Sin clasificar
Microsoft
CVE-2025-21885 RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers
Information published.
CVE-2025-21885
Sin clasificar
Microsoft
CVE-2025-21833 iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
Information published.
CVE-2025-21833
Sin clasificar
Microsoft
CVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM type
Information published.
CVE-2025-21888
Sin clasificar
Microsoft
CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
Information published.
CVE-2025-21870
Sin clasificar
Microsoft
CVE-2026-23214 btrfs: reject new transactions if the fs is fully read-only
Information published.
CVE-2026-23214
Sin clasificar
Microsoft
CVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
Information published.
CVE-2026-23213
Sin clasificar
Microsoft
CVE-2025-71225 md: suspend array while updating raid_disks via sysfs
Information published.
CVE-2025-71225
Sin clasificar
Microsoft
CVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channels
Information published.
CVE-2025-71227
Sin clasificar
Microsoft
CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler
Information published.
CVE-2026-23207
Sin clasificar
Microsoft
CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().
Information published.
CVE-2025-40139
Sin clasificar
Microsoft
CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown
Information published.
CVE-2025-40146
Sin clasificar
Microsoft
CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().
Information published.
CVE-2025-40168
Sin clasificar
Microsoft
CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()
Information published.
CVE-2025-40170
Sin clasificar
Microsoft
CVE-2025-40158 ipv6: use RCU in ip6_output()
Information published.
CVE-2025-40158
Sin clasificar
Microsoft
CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
Information published.
CVE-2025-40180
Sin clasificar
Microsoft
CVE-2025-68201 drm/amdgpu: remove two invalid BUG_ON()s
Information published.
CVE-2025-68201
Sin clasificar
Microsoft
CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough
Information published.
CVE-2025-68230
Sin clasificar
Microsoft
CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition
Information published.
CVE-2025-68174
Sin clasificar
Microsoft
CVE-2025-40355 sysfs: check visibility before changing group attribute ownership
Information published.
CVE-2025-40355
Sin clasificar
Microsoft
CVE-2025-68209 mlx5: Fix default values in create CQ
Information published.
CVE-2025-68209
Sin clasificar
Microsoft
CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side
Information published.
CVE-2025-68304
Sin clasificar
Microsoft
CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work
Information published.
CVE-2025-68324
Sin clasificar
Microsoft
CVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irq
Information published.
CVE-2025-68338
Sin clasificar
Microsoft
CVE-2025-68736 landlock: Fix handling of disconnected directories
Information published.
CVE-2025-68736
Sin clasificar
Microsoft
CVE-2025-68745 scsi: qla2xxx: Clear cmds after chip reset
Information published.
CVE-2025-68745
Sin clasificar
Microsoft
CVE-2025-40289 drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
Information published.
CVE-2025-40289
Sin clasificar
Microsoft
CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved
Information published.
CVE-2025-40339
Sin clasificar
Microsoft
CVE-2025-68190 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()
Information published.
CVE-2025-68190
Sin clasificar
Microsoft
CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
Information published.
CVE-2025-68188
Sin clasificar
Microsoft
CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
Information published.
CVE-2025-68296
Sin clasificar
Microsoft
CVE-2025-68356 gfs2: Prevent recursive memory reclaim
Information published.
CVE-2025-68356
Baja
Microsoft
CVE-2025-68378 bpf: Fix stackmap overflow check in __bpf_get_stackid()
Information published.
CVE-2025-68378
Sin clasificar
Microsoft
CVE-2025-68374 md: fix rcu protection in md_wakeup_thread
Information published.
CVE-2025-68374
Sin clasificar
Microsoft
CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes
Information published.
CVE-2025-38041
Sin clasificar
Microsoft
CVE-2025-38029 kasan: avoid sleepable page allocation from atomic context
Information published.
CVE-2025-38029
Sin clasificar
Microsoft
CVE-2025-38064 virtio: break and reset virtio devices on device_shutdown()
Information published.
CVE-2025-38064
Sin clasificar
Microsoft
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work
Information published.
CVE-2025-68822
Sin clasificar
Microsoft
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
Information published.
CVE-2025-68768
Sin clasificar
Microsoft
CVE-2025-71072 shmem: fix recovery on rename failures
Information published.
CVE-2025-71072
Sin clasificar
Microsoft
CVE-2024-53201 drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
Information published.
CVE-2024-53201
Sin clasificar
Microsoft
CVE-2024-56647 net: Fix icmp host relookup triggering ip_rt_bug
Information published.
CVE-2024-56647
Sin clasificar
Microsoft
CVE-2024-53114 x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
Information published.
CVE-2024-53114
Sin clasificar
Microsoft
CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO
Information published.
CVE-2024-53219
Sin clasificar
Microsoft
CVE-2024-56712 udmabuf: fix memory leak on last export_udmabuf() error path
Information published.
CVE-2024-56712
Sin clasificar
Microsoft
CVE-2024-56591 Bluetooth: hci_conn: Use disable_delayed_work_sync
Information published.
CVE-2024-56591
Sin clasificar
Microsoft
CVE-2024-53133 drm/amd/display: Handle dml allocation failure to avoid crash
Information published.
CVE-2024-53133
Sin clasificar
Microsoft
CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string
Information published.
CVE-2025-38660
Sin clasificar
Microsoft
CVE-2025-38636 rv: Use strings in da monitors tracepoints
Information published.
CVE-2025-38636
Sin clasificar
Microsoft
CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields
Information published.
CVE-2025-38591
Sin clasificar
Microsoft
CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
Information published.
CVE-2025-38656
Media
Microsoft
CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
Information published.
CVE-2025-38585
Sin clasificar
Microsoft
CVE-2025-38584 padata: Fix pd UAF once and for all
Information published.
CVE-2025-38584
Sin clasificar
Microsoft
CVE-2023-52485 drm/amd/display: Wake DMCUB before sending a command
Information published.
CVE-2023-52485
Sin clasificar
Microsoft
CVE-2024-25740 A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
Information published.
CVE-2024-25740
Baja
Microsoft
CVE-2024-1151 Kernel: stack overflow problem in open vswitch kernel module leading to dos
Information published.
CVE-2024-1151
Sin clasificar
Microsoft
CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta
Information published.
CVE-2024-47702
Baja
Microsoft
CVE-2024-49888 bpf: Fix a sdiv overflow issue
Information published.
CVE-2024-49888
Sin clasificar
Microsoft
CVE-2024-47662 drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection
Information published.
CVE-2024-47662
Baja
Microsoft
CVE-2024-49940 l2tp: prevent possible tunnel refcount underflow
Information published.
CVE-2024-49940
Sin clasificar
Microsoft
CVE-2024-49932 btrfs: don't readahead the relocation inode on RST
Information published.
CVE-2024-49932
Sin clasificar
Microsoft
CVE-2024-49893 drm/amd/display: Check stream_status before it is used
Information published.
CVE-2024-49893
Sin clasificar
Microsoft
CVE-2024-49885 mm, slub: avoid zeroing kmalloc redzone
Information published.
CVE-2024-49885
Sin clasificar
Microsoft
CVE-2024-49972 drm/amd/display: Deallocate DML memory if allocation fails
Information published.
CVE-2024-49972
Sin clasificar
Microsoft
CVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structure
Information published.
CVE-2024-49945
Sin clasificar
Microsoft
CVE-2024-49920 drm/amd/display: Check null pointers before multiple uses
Information published.
CVE-2024-49920
Baja
Microsoft
CVE-2024-47661 drm/amd/display: Avoid overflow from uint32_t to uint8_t
Information published.
CVE-2024-47661
Sin clasificar
Microsoft
CVE-2024-49904 drm/amdgpu: add list empty check to avoid null pointer issue
Information published.
CVE-2024-49904
Sin clasificar
Microsoft
CVE-2024-50028 thermal: core: Reference count the zone in thermal_zone_get_by_id()
Information published.
CVE-2024-50028
Sin clasificar
Microsoft
CVE-2024-49922 drm/amd/display: Check null pointers before using them
Information published.
CVE-2024-49922
Sin clasificar
Microsoft
CVE-2024-46870 drm/amd/display: Disable DMCUB timeout for DCN35
Information published.
CVE-2024-46870
Sin clasificar
Microsoft
CVE-2024-49971 drm/amd/display: Increase array size of dummy_boolean
Information published.
CVE-2024-49971
Sin clasificar
Microsoft
CVE-2024-49921 drm/amd/display: Check null pointers before used
Information published.
CVE-2024-49921
Sin clasificar
Microsoft
CVE-2024-38608 net/mlx5e: Fix netif state handling
Information published.
CVE-2024-38608
Sin clasificar
Microsoft
CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port
Information published.
CVE-2024-38595
Baja
Microsoft
CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.
Information published.
CVE-2022-4543
Sin clasificar
Microsoft
CVE-2024-46834 ethtool: fail closed if we can't get max channel used in indirection tables
Information published.
CVE-2024-46834
Sin clasificar
Microsoft
CVE-2024-44951 serial: sc16is7xx: fix TX fifo corruption
Information published.
CVE-2024-44951
Sin clasificar
Microsoft
CVE-2024-46730 drm/amd/display: Ensure array index tg_inst won't be -1
Information published.
CVE-2024-46730
Sin clasificar
Microsoft
CVE-2024-46727 drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update
Information published.
CVE-2024-46727
Sin clasificar
Microsoft
CVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.
Information published.
CVE-2024-46754
Baja
Microsoft
CVE-2025-21976 fbdev: hyperv_fb: Allow graceful removal of framebuffer
Information published.
CVE-2025-21976
Sin clasificar
Microsoft
CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying
Information published.
CVE-2025-22113
Sin clasificar
Microsoft
CVE-2025-22108 bnxt_en: Mask the bd_cnt field in the TX BD properly
Information published.
CVE-2025-22108
Sin clasificar
Microsoft
CVE-2025-22070 fs/9p: fix NULL pointer dereference on mkdir
Information published.
CVE-2025-22070
Sin clasificar
Microsoft
CVE-2025-21961 eth: bnxt: fix truesize for mb-xdp-pass case
Information published.
CVE-2025-21961
Sin clasificar
Microsoft
CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses
Information published.
CVE-2025-21985
Sin clasificar
Microsoft
CVE-2025-22115 btrfs: fix block group refcount race in btrfs_create_pending_block_groups()
Information published.
CVE-2025-22115
Sin clasificar
Microsoft
CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
Information published.
CVE-2025-21927
Sin clasificar
Microsoft
CVE-2025-21949 LoongArch: Set hugetlb mmap base address aligned with pmd size
Information published.
CVE-2025-21949
Sin clasificar
Microsoft
CVE-2025-23131 dlm: prevent NPD when writing a positive value to event_done
Information published.
CVE-2025-23131
Sin clasificar
Microsoft
CVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folio
Information published.
CVE-2025-21907
Sin clasificar
Microsoft
CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
Information published.
CVE-2025-22124
Sin clasificar
Microsoft
CVE-2025-23135 RISC-V: KVM: Teardown riscv specific bits after kvm_exit
Information published.
CVE-2025-23135
Sin clasificar
Microsoft
CVE-2025-22109 ax25: Remove broken autobind
Information published.
CVE-2025-22109
Sin clasificar
Microsoft
CVE-2025-40325 md/raid10: wait barrier before returning discard request with REQ_NOWAIT
Information published.
CVE-2025-40325
Sin clasificar
Microsoft
CVE-2025-37860 sfc: fix NULL dereferences in ef100_process_design_param()
Information published.
CVE-2025-37860
Sin clasificar
Microsoft
CVE-2024-43901 drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401
Information published.
CVE-2024-43901
Sin clasificar
Microsoft
CVE-2024-43872 RDMA/hns: Fix soft lockup under heavy CEQE load
Information published.
CVE-2024-43872
Sin clasificar
Microsoft
CVE-2024-43819 kvm: s390: Reject memory region operations for ucontrol VMs
Information published.
CVE-2024-43819
Sin clasificar
Microsoft
CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed
Information published.
CVE-2024-42317
Sin clasificar
Microsoft
CVE-2025-38333 f2fs: fix to bail out in get_new_segment()
Information published.
CVE-2025-38333
Sin clasificar
Microsoft
CVE-2025-38359 s390/mm: Fix in_atomic() handling in do_secure_storage_access()
Information published.
CVE-2025-38359
Sin clasificar
Microsoft
CVE-2025-38264 nvme-tcp: sanitize request list handling
Information published.
CVE-2025-38264
Sin clasificar
Microsoft
CVE-2025-38303 Bluetooth: eir: Fix possible crashes on eir_create_adv_data
Information published.
CVE-2025-38303
Sin clasificar
Microsoft
CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping
Information published.
CVE-2025-38279
Sin clasificar
Microsoft
CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
Information published.
CVE-2025-38269
Sin clasificar
Microsoft
CVE-2025-38272 net: dsa: b53: do not enable EEE on bcm63xx
Information published.
CVE-2025-38272
Sin clasificar
Microsoft
CVE-2025-38311 iavf: get rid of the crit lock
Information published.
CVE-2025-38311
Sin clasificar
Microsoft
CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs
Information published.
CVE-2025-38140
Sin clasificar
Microsoft
CVE-2024-42107 ice: Don't process extts if PTP is disabled
Information published.
CVE-2024-42107
Sin clasificar
Microsoft
CVE-2024-42064 drm/amd/display: Skip pipe if the pipe idx not set properly
Information published.
CVE-2024-42064
Sin clasificar
Microsoft
CVE-2024-42065 drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
Information published.
CVE-2024-42065
Baja
Microsoft
CVE-2024-42066 drm/xe: Fix potential integer overflow in page size calculation
Information published.
CVE-2024-42066
Sin clasificar
Microsoft
CVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_free
Information published.
CVE-2024-41045
Sin clasificar
Microsoft
CVE-2024-42151 bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
Information published.
CVE-2024-42151
Sin clasificar
Microsoft
CVE-2024-41008 drm/amdgpu: change vm->task_info handling
Information published.
CVE-2024-41008
Sin clasificar
Microsoft
CVE-2024-41082 nvme-fabrics: use reserved tag for reg read/write command
Information published.
CVE-2024-41082
Sin clasificar
Microsoft
CVE-2024-42134 virtio-pci: Check if is_avq is NULL
Information published.
CVE-2024-42134
Sin clasificar
Microsoft
CVE-2024-40999 net: ena: Add validation for completion descriptors consistency
Information published.
CVE-2024-40999
Sin clasificar
Microsoft
CVE-2024-42118 drm/amd/display: Do not return negative stream id for array
Information published.
CVE-2024-42118
Sin clasificar
Microsoft
CVE-2024-39478 crypto: starfive - Do not free stack buffer
Information published.
CVE-2024-39478
Sin clasificar
Microsoft
CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly
Information published.
CVE-2024-41067
Sin clasificar
Microsoft
CVE-2024-42081 drm/xe/xe_devcoredump: Check NULL before assignments
Information published.
CVE-2024-42081
Sin clasificar
Microsoft
CVE-2024-53050 drm/i915/hdcp: Add encoder check in hdcp2_get_capability
Information published.
CVE-2024-53050
Sin clasificar
Microsoft
CVE-2024-53090 afs: Fix lock recursion
Information published.
CVE-2024-53090
Sin clasificar
Microsoft
CVE-2024-53089 LoongArch: KVM: Mark hrtimer to expire in hard interrupt context
Information published.
CVE-2024-53089
Sin clasificar
Microsoft
CVE-2024-50177 drm/amd/display: fix a UBSAN warning in DML2.1
Information published.
CVE-2024-50177
Sin clasificar
Microsoft
CVE-2024-50277 dm: fix a crash if blk_alloc_disk fails
Information published.
CVE-2024-50277
Sin clasificar
Microsoft
CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
Information published.
CVE-2024-50217
Media
Microsoft
CVE-2024-23848 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
Information published.
CVE-2024-23848
Sin clasificar
Microsoft
CVE-2025-21696 mm: clear uffd-wp PTE/PMD state on mremap()
Information published.
CVE-2025-21696
Sin clasificar
Microsoft
CVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
Information published.
CVE-2025-21768
Sin clasificar
Microsoft
CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash
Information published.
CVE-2024-57974
Sin clasificar
Microsoft
CVE-2025-21801 net: ravb: Fix missing rtnl lock in suspend/resume path
Information published.
CVE-2025-21801
Sin clasificar
Microsoft
CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed
Information published.
CVE-2024-57976
Sin clasificar
Microsoft
CVE-2025-21732 RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error
Information published.
CVE-2025-21732
Sin clasificar
Microsoft
CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool
Information published.
CVE-2025-21786
Sin clasificar
Microsoft
CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug
Information published.
CVE-2025-21693
Sin clasificar
Microsoft
CVE-2024-58006 PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()
Information published.
CVE-2024-58006
Sin clasificar
Microsoft
CVE-2025-21723 scsi: mpi3mr: Fix possible crash when setting up bsg fails
Information published.
CVE-2025-21723
Sin clasificar
Microsoft
CVE-2025-21714 RDMA/mlx5: Fix implicit ODP use after free
Information published.
CVE-2025-21714
Sin clasificar
Microsoft
CVE-2024-57872 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
Information published.
CVE-2024-57872
Sin clasificar
Microsoft
CVE-2024-56775 drm/amd/display: Fix handling of plane refcount
Information published.
CVE-2024-56775
Sin clasificar
Microsoft
CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap
Information published.
CVE-2024-57875
Sin clasificar
Microsoft
CVE-2024-41932 sched: fix warning in sched_setaffinity
Information published.
CVE-2024-41932
Sin clasificar
Microsoft
CVE-2024-57804 scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs
Information published.
CVE-2024-57804
Sin clasificar
Microsoft
CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up
Information published.
CVE-2024-57898
Sin clasificar
Microsoft
CVE-2025-21635 rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
Information published.
CVE-2025-21635
Sin clasificar
Microsoft
CVE-2025-21649 net: hns3: fix kernel crash when 1588 is sent on HIP08 devices
Information published.
CVE-2025-21649
Sin clasificar
Microsoft
CVE-2025-21634 cgroup/cpuset: remove kernfs active break
Information published.
CVE-2025-21634
Sin clasificar
Microsoft
CVE-2024-57809 PCI: imx6: Fix suspend/resume support on i.MX6QDL
Information published.
CVE-2024-57809
Sin clasificar
Microsoft
CVE-2024-56782 ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()
Information published.
CVE-2024-56782
Sin clasificar
Microsoft
CVE-2024-47794 bpf: Prevent tailcall infinite loop caused by freplace
Information published.
CVE-2024-47794
Sin clasificar
Microsoft
CVE-2024-57857 RDMA/siw: Remove direct link to net_device
Information published.
CVE-2024-57857
Sin clasificar
Microsoft
CVE-2025-21672 afs: Fix merge preference rule failure condition
Information published.
CVE-2025-21672
Sin clasificar
Microsoft
CVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
Information published.
CVE-2026-23468
Sin clasificar
Microsoft
CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()
Information published.
CVE-2026-31419
Sin clasificar
Microsoft
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Information published.
CVE-2026-31493
Sin clasificar
Microsoft
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Information published.
CVE-2026-31531
Sin clasificar
Microsoft
CVE-2026-31557 nvmet: move async event work off nvmet-wq
Information published.
CVE-2026-31557
Sin clasificar
Microsoft
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use
Information published.
CVE-2026-31606
Sin clasificar
Microsoft
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
Information published.
CVE-2026-31663
Sin clasificar
Microsoft
CVE-2026-31645 net: lan966x: fix page pool leak in error paths
Information published.
CVE-2026-31645
Sin clasificar
Microsoft
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction
Information published.
CVE-2026-31560
Sin clasificar
Microsoft
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory
Information published.
CVE-2026-31568
Sin clasificar
Microsoft
CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation
Information published.
CVE-2026-31575
Sin clasificar
Microsoft
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
Information published.
CVE-2026-31579
Sin clasificar
Microsoft
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output
Information published.
CVE-2026-31630
Sin clasificar
Microsoft
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Information published.
CVE-2026-31592
Sin clasificar
Microsoft
CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN
Information published.
CVE-2026-23472
Sin clasificar
Microsoft
CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex
Information published.
CVE-2026-31486
Sin clasificar
Microsoft
CVE-2026-31487 spi: use generic driver_override infrastructure
Information published.
CVE-2026-31487
Sin clasificar
Microsoft
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
Information published.
CVE-2026-31516
Sin clasificar
Microsoft
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation
Information published.
CVE-2026-31488
Sin clasificar
Microsoft
CVE-2026-31506 net: bcmasp: fix double free of WoL irq
Information published.
CVE-2026-31506
Media
Microsoft
CVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse case
Information published.
CVE-2026-31462
Sin clasificar
Microsoft
CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory
Information published.
CVE-2026-31440
Sin clasificar
Microsoft
CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
Information published.
CVE-2026-31505
Sin clasificar
Microsoft
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path
Information published.
CVE-2026-31489
Sin clasificar
Microsoft
CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes
Information published.
CVE-2026-31449
Sin clasificar
Microsoft
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Information published.
CVE-2026-31536
Sin clasificar
Microsoft
CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag
Information published.
CVE-2026-31574
Sin clasificar
Microsoft
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response
Information published.
CVE-2026-31613
Sin clasificar
Microsoft
CVE-2026-31677 crypto: af_alg - limit RX SG extraction by receive buffer budget
Information published.
CVE-2026-31677
Sin clasificar
Microsoft
CVE-2026-31688 driver core: enforce device_lock for driver_match_device()
Information published.
CVE-2026-31688
Sin clasificar
Microsoft
CVE-2026-31499 Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()
Information published.
CVE-2026-31499
Sin clasificar
Microsoft
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns
Information published.
CVE-2026-31692
Sin clasificar
Microsoft
CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements
Information published.
CVE-2026-23278
Sin clasificar
Microsoft
CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion
Information published.
CVE-2026-23272
Sin clasificar
Microsoft
CVE-2026-23276 net: add xmit recursion limit to tunnel xmit functions
Information published.
CVE-2026-23276
Sin clasificar
Microsoft
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz
Information published.
CVE-2026-23377
Sin clasificar
Microsoft
CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
Information published.
CVE-2026-23383
Sin clasificar
Microsoft
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
Information published.
CVE-2026-23371
Sin clasificar
Microsoft
CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.
Information published.
CVE-2026-23394
Sin clasificar
Microsoft
CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()
Information published.
CVE-2026-23240
Sin clasificar
Microsoft
CVE-2026-23247 tcp: secure_seq: add back ports to TS offset
Information published.
CVE-2026-23247
Sin clasificar
Microsoft
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
Information published.
CVE-2026-23361
Sin clasificar
Microsoft
CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()
Information published.
CVE-2026-23346
Sin clasificar
Microsoft
CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly
Information published.
CVE-2024-35808
Sin clasificar
Microsoft
CVE-2024-35931 drm/amdgpu: Skip do PCI error slot reset during RAS recovery
Information published.
CVE-2024-35931
Baja
Microsoft
CVE-2024-36024 drm/amd/display: Disable idle reallow as part of command/gpint execution
Information published.
CVE-2024-36024
Sin clasificar
Microsoft
CVE-2024-35794 dm-raid: really frozen sync_thread during suspend
Information published.
CVE-2024-35794
Sin clasificar
Microsoft
CVE-2025-37907 accel/ivpu: Fix locking order in ivpu_job_submit
Information published.
CVE-2025-37907
Sin clasificar
Microsoft
CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio
Information published.
CVE-2025-37834
Sin clasificar
Microsoft
CVE-2025-37870 drm/amd/display: prevent hang on link training fail
Information published.
CVE-2025-37870
Sin clasificar
Microsoft
CVE-2025-37877 iommu: Clear iommu-dma ops on cleanup
Information published.
CVE-2025-37877
Sin clasificar
Microsoft
CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
Information published.
CVE-2025-37826
Sin clasificar
Microsoft
CVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
Information published.
CVE-2025-37745
Sin clasificar
Microsoft
CVE-2025-37856 btrfs: harden block_group::bg_list against list_del() races
Information published.
CVE-2025-37856
Sin clasificar
Microsoft
CVE-2025-37882 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
Information published.
CVE-2025-37882
Sin clasificar
Microsoft
CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
Information published.
CVE-2025-37861
Sin clasificar
Microsoft
CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap
Information published.
CVE-2025-37807
Sin clasificar
Microsoft
CVE-2025-37747 perf: Fix hang while freeing sigtrap event
Information published.
CVE-2025-37747
Sin clasificar
Microsoft
CVE-2025-37750 smb: client: fix UAF in decryption with multichannel
Information published.
CVE-2025-37750
Sin clasificar
Microsoft
CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq
Information published.
CVE-2023-52586
Sin clasificar
Microsoft
CVE-2023-52624 drm/amd/display: Wake DMCUB before executing GPINT commands
Information published.
CVE-2023-52624
Sin clasificar
Microsoft
CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()
Information published.
CVE-2026-31706
Sin clasificar
Microsoft
CVE-2026-31723 usb: gadget: f_subset: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31723
Sin clasificar
Microsoft
CVE-2026-31724 usb: gadget: f_eem: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31724
Sin clasificar
Microsoft
CVE-2026-43036 net: use skb_header_pointer() for TCPv4 GSO frag_off check
Information published.
CVE-2026-43036
Sin clasificar
Microsoft
CVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()
Information published.
CVE-2026-31707
Sin clasificar
Microsoft
CVE-2026-43042 mpls: add seqcount to protect the platform_label{,s} pair
Information published.
CVE-2026-43042
Sin clasificar
Microsoft
CVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlers
Information published.
CVE-2026-31771
Sin clasificar
Microsoft
CVE-2026-43052 wifi: mac80211: check tdls flag in ieee80211_tdls_oper
Information published.
CVE-2026-43052
Sin clasificar
Microsoft
CVE-2026-31709 smb: client: validate the whole DACL before rewriting it in cifsacl
Information published.
CVE-2026-31709
Sin clasificar
Microsoft
CVE-2026-43010 bpf: Reject sleepable kprobe_multi programs at attach time
Information published.
CVE-2026-43010
Sin clasificar
Microsoft
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Information published.
CVE-2026-43248
Sin clasificar
Microsoft
CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex
Information published.
CVE-2026-43127
Sin clasificar
Microsoft
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Information published.
CVE-2026-43161
Sin clasificar
Microsoft
CVE-2026-43245 ntfs: ->d_compare() must not block
Information published.
CVE-2026-43245
Sin clasificar
Microsoft
CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference
Information published.
CVE-2026-43137
Sin clasificar
Microsoft
CVE-2026-43234 team: avoid NETDEV_CHANGEMTU event when unregistering slave
Information published.
CVE-2026-43234
Sin clasificar
Microsoft
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
Information published.
CVE-2026-43185
Sin clasificar
Microsoft
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Information published.
CVE-2025-71273
Sin clasificar
Microsoft
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Information published.
CVE-2026-43153
Sin clasificar
Microsoft
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Information published.
CVE-2026-43116
Sin clasificar
Microsoft
CVE-2026-43244 kcm: fix zero-frag skb in frag_list on partial sendmsg error
Information published.
CVE-2026-43244
Sin clasificar
Microsoft
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
Information published.
CVE-2025-71272
Sin clasificar
Microsoft
CVE-2026-43474 fs: init flags_valid before calling vfs_fileattr_get
Information published.
CVE-2026-43474
Sin clasificar
Microsoft
CVE-2025-71302 drm/panthor: fix for dma-fence safe access rules
Information published.
CVE-2025-71302
Sin clasificar
Microsoft
CVE-2026-43309 md raid: fix hang when stopping arrays with metadata through dm-raid
Information published.
CVE-2026-43309
Sin clasificar
Microsoft
CVE-2026-43320 drm/amd/display: Fix dsc eDP issue
Information published.
CVE-2026-43320
Sin clasificar
Microsoft
CVE-2026-43300 drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()
Information published.
CVE-2026-43300
Sin clasificar
Microsoft
CVE-2026-43306 bpf: crypto: Use the correct destructor kfunc type
Information published.
CVE-2026-43306
Sin clasificar
Microsoft
CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
Information published.
CVE-2026-43443
Sin clasificar
Microsoft
CVE-2026-43319 spi: spidev: fix lock inversion between spi_lock and buf_lock
Information published.
CVE-2026-43319
Sin clasificar
Microsoft
CVE-2026-43344 perf/x86/intel/uncore: Fix die ID init and look up bugs
Information published.
CVE-2026-43344
Sin clasificar
Microsoft
CVE-2026-43305 drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path
Information published.
CVE-2026-43305
Media
Microsoft
CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC
Information published.
CVE-2026-43310
Sin clasificar
Microsoft
CVE-2026-43400 drm/amdgpu: add upper bound check on user inputs in signal ioctl
Information published.
CVE-2026-43400
Sin clasificar
Microsoft
CVE-2026-43292 mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node
Information published.
CVE-2026-43292
Sin clasificar
Microsoft
CVE-2026-43398 drm/amdgpu: add upper bound check on user inputs in wait ioctl
Information published.
CVE-2026-43398
Sin clasificar
Microsoft
CVE-2026-43311 soc/tegra: pmc: Fix unsafe generic_handle_irq() call
Information published.
CVE-2026-43311
Sin clasificar
Microsoft
CVE-2026-43421 usb: gadget: f_ncm: Fix net_device lifecycle with device_move
Information published.
CVE-2026-43421
Sin clasificar
Microsoft
CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
Information published.
CVE-2026-43308
Sin clasificar
Microsoft
CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication
Information published.
CVE-2026-42256
Sin clasificar
Microsoft
CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing
Information published.
CVE-2026-42246
Sin clasificar
Microsoft
CVE-2026-45186
Information published.
CVE-2026-45186
Sin clasificar
Microsoft
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault
Information published.
CVE-2026-7261
Baja
Microsoft
CVE-2026-7568 Signed integer overflow in metaphone()
Information published.
CVE-2026-7568
Sin clasificar
Microsoft
CVE-2026-43053 xfs: close crash window in attr dabtree inactivation
Information published.
CVE-2026-43053
Sin clasificar
Microsoft
CVE-2026-43048 HID: core: Mitigate potential OOB by removing bogus memset()
Information published.
CVE-2026-43048
Sin clasificar
Microsoft
CVE-2026-31777 ALSA: ctxfi: Check the error for index mapping
Information published.
CVE-2026-31777
Sin clasificar
Microsoft
CVE-2026-31722 usb: gadget: f_rndis: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31722
Sin clasificar
Microsoft
CVE-2026-31725 usb: gadget: f_ecm: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31725
Sin clasificar
Microsoft
CVE-2026-43049 HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure
Information published.
CVE-2026-43049
Sin clasificar
Microsoft
CVE-2026-31712 ksmbd: require minimum ACE size in smb_check_perm_dacl()
Information published.
CVE-2026-31712
Sin clasificar
Microsoft
CVE-2026-43019 Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
Information published.
CVE-2026-43019
Sin clasificar
Microsoft
CVE-2026-31729 usb: typec: ucsi: validate connector number in ucsi_notify_common()
Information published.
CVE-2026-31729
Sin clasificar
Microsoft
CVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision tracking
Information published.
CVE-2026-43009
Sin clasificar
Microsoft
CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
Information published.
CVE-2026-31715
Sin clasificar
Microsoft
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function
Information published.
CVE-2026-43073
Sin clasificar
Microsoft
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Information published.
CVE-2026-43125
Sin clasificar
Microsoft
CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams
Information published.
CVE-2026-43204
Sin clasificar
Microsoft
CVE-2026-43131 drm/amd/pm: Fix null pointer dereference issue
Information published.
CVE-2026-43131
Sin clasificar
Microsoft
CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints
Information published.
CVE-2026-43126
Sin clasificar
Microsoft
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Information published.
CVE-2026-43198
Sin clasificar
Microsoft
CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU
Information published.
CVE-2026-43115
Sin clasificar
Microsoft
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Information published.
CVE-2026-43172
Sin clasificar
Microsoft
CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels
Information published.
CVE-2025-71285
Sin clasificar
Microsoft
CVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminated
Information published.
CVE-2026-43197
Sin clasificar
Microsoft
CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay
Information published.
CVE-2026-43118
Sin clasificar
Microsoft
CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock
Information published.
CVE-2026-43109
Sin clasificar
Microsoft
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM
Information published.
CVE-2026-43129
Sin clasificar
Microsoft
CVE-2026-43258 alpha: fix user-space corruption during memory compaction
Information published.
CVE-2026-43258
Sin clasificar
Microsoft
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Information published.
CVE-2025-71289
Sin clasificar
Microsoft
CVE-2026-43107 xfrm: account XFRMA_IF_ID in aevent size calculation
Information published.
CVE-2026-43107
Sin clasificar
Microsoft
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Information published.
CVE-2026-43250
Sin clasificar
Microsoft
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet
Information published.
CVE-2026-43219
Sin clasificar
Microsoft
CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports
Information published.
CVE-2026-43088
Sin clasificar
Microsoft
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report
Information published.
CVE-2026-43213
Sin clasificar
Microsoft
CVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp()
Information published.
CVE-2026-43216
Sin clasificar
Microsoft
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Information published.
CVE-2026-43119
Sin clasificar
Microsoft
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Information published.
CVE-2026-43101
Sin clasificar
Microsoft
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Information published.
CVE-2026-43199
Sin clasificar
Microsoft
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Information published.
CVE-2026-43083
Sin clasificar
Microsoft
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Information published.
CVE-2026-31717
Sin clasificar
Microsoft
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger
Information published.
CVE-2026-31718
Sin clasificar
Microsoft
CVE-2026-43338 btrfs: reserve enough transaction items for qgroup ioctls
Information published.
CVE-2026-43338
Sin clasificar
Microsoft
CVE-2026-43318 drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify
Information published.
CVE-2026-43318
Sin clasificar
Microsoft
CVE-2026-43416 powerpc, perf: Check that current->mm is alive before getting user callchain
Information published.
CVE-2026-43416
Sin clasificar
Microsoft
CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue
Information published.
CVE-2026-43352
Sin clasificar
Microsoft
CVE-2026-43284 xfrm: esp: avoid in-place decrypt on shared skb frags
Information published.
CVE-2026-43284
Sin clasificar
Microsoft
CVE-2025-71299 spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing
Information published.
CVE-2025-71299
Sin clasificar
Microsoft
CVE-2026-43317 most: core: fix leak on early registration failure
Information published.
CVE-2026-43317
Sin clasificar
Microsoft
CVE-2026-43321 bpf: Properly mark live registers for indirect jumps
Information published.
CVE-2026-43321
Sin clasificar
Microsoft
CVE-2026-43456 bonding: fix type confusion in bond_setup_by_slave()
Information published.
CVE-2026-43456
Sin clasificar
Microsoft
CVE-2026-43298 drm/amdgpu: Skip vcn poison irq release on VF
Information published.
CVE-2026-43298
Sin clasificar
Microsoft
CVE-2026-43299 btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()
Information published.
CVE-2026-43299
Sin clasificar
Microsoft
CVE-2026-43294 drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels
Information published.
CVE-2026-43294
Sin clasificar
Microsoft
CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue
Information published.
CVE-2026-43353
Sin clasificar
Microsoft
CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands
Information published.
CVE-2026-42257
Sin clasificar
Microsoft
CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs
Information published.
CVE-2026-42258
Sin clasificar
Microsoft
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD
Information published.
CVE-2026-7258
Sin clasificar
Microsoft
CVE-2026-6722 Use-After-Free in SOAP using Apache map
Information published.
CVE-2026-6722
Sin clasificar
Microsoft
CVE-2026-6735 XSS within PHP-FPM status endpoint
Information published.
CVE-2026-6735
Sin clasificar
Microsoft
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing
Information published.
CVE-2026-7262
Sin clasificar
Microsoft
CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings
Information published.
CVE-2025-14179
Sin clasificar
Microsoft
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
Information published.
CVE-2026-7259
Sin clasificar
Microsoft
CVE-2025-39779 btrfs: subpage: keep TOWRITE tag until folio is cleaned
Information published.
CVE-2025-39779
Sin clasificar
Microsoft
CVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migration
Information published.
CVE-2025-39754
Sin clasificar
Microsoft
CVE-2025-39762 drm/amd/display: add null check
Information published.
CVE-2025-39762
Sin clasificar
Microsoft
CVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliable
Information published.
CVE-2025-39746
Sin clasificar
Microsoft
CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup
Information published.
CVE-2025-39747
Sin clasificar
Microsoft
CVE-2025-39789 crypto: x86/aegis - Add missing error checks
Information published.
CVE-2025-39789
Sin clasificar
Microsoft
CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer
Information published.
CVE-2025-39833
Sin clasificar
Microsoft
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
Information published.
CVE-2025-39850
Sin clasificar
Microsoft
CVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog
Information published.
CVE-2025-39859
Sin clasificar
Microsoft
CVE-2025-38705 drm/amd/pm: fix null pointer access
Information published.
CVE-2025-38705
Sin clasificar
Microsoft
CVE-2025-38722 habanalabs: fix UAF in export_dmabuf()
Information published.
CVE-2025-38722
Sin clasificar
Microsoft
CVE-2025-38717 net: kcm: Fix race condition in kcm_unattach()
Information published.
CVE-2025-38717
Sin clasificar
Microsoft
CVE-2025-39705 drm/amd/display: fix a Null pointer dereference vulnerability
Information published.
CVE-2025-39705
Sin clasificar
Microsoft
CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal
Information published.
CVE-2025-39677
Sin clasificar
Microsoft
CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
Information published.
CVE-2025-39707
Sin clasificar
Microsoft
CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown
Information published.
CVE-2025-39810
Sin clasificar
Microsoft
CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object
Information published.
CVE-2025-39851
Sin clasificar
Microsoft
CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart
Information published.
CVE-2025-39862
Sin clasificar
Microsoft
CVE-2024-58241 Bluetooth: hci_core: Disable works on hci_unregister_dev
Information published.
CVE-2024-58241
Sin clasificar
Microsoft
CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'
Information published.
CVE-2024-26672
Sin clasificar
Microsoft
CVE-2024-26757 md: Don't ignore read-only array in md_check_recovery()
Information published.
CVE-2024-26757
Sin clasificar
Microsoft
CVE-2024-26758 md: Don't ignore suspended array in md_check_recovery()
Information published.
CVE-2024-26758
Sin clasificar
Microsoft
CVE-2024-26756 md: Don't register sync_thread for reshape directly
Information published.
CVE-2024-26756
Sin clasificar
Microsoft
CVE-2024-26914 drm/amd/display: fix incorrect mpc_combine array size
Information published.
CVE-2024-26914
Sin clasificar
Microsoft
CVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi module
Information published.
CVE-2024-24856
Sin clasificar
Microsoft
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Information published.
CVE-2026-33814
Sin clasificar
Microsoft
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Information published.
CVE-2026-39823
Sin clasificar
Microsoft
CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals
Information published.
CVE-2026-41889
Baja
Microsoft
CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing
Information published.
CVE-2026-6664
Baja
Microsoft
CVE-2026-6665 PgBouncer buffer overflow in SCRAM
Information published.
CVE-2026-6665
Sin clasificar
Microsoft
CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command
Information published.
CVE-2026-6667
Sin clasificar
Microsoft
CVE-2026-6666 PgBouncer crash in kill_pool_logins_server_error
Information published.
CVE-2026-6666
Baja
Microsoft
CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading
Information published.
CVE-2026-45130
Sin clasificar
Microsoft
CVE-2026-44656 Vim: OS Command Injection via 'path' completion
Information published.
CVE-2026-44656
Sin clasificar
Microsoft
CVE-2026-33811 Crash when handling long CNAME response in net
Information published.
CVE-2026-33811
Sin clasificar
Microsoft
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Information published.
CVE-2026-39817
Baja
Microsoft
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Information published.
CVE-2026-39819
Sin clasificar
Microsoft
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Information published.
CVE-2026-39820
Sin clasificar
Microsoft
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Information published.
CVE-2026-39825
Sin clasificar
Microsoft
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Information published.
CVE-2026-39826
Sin clasificar
Windows
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Information published.
CVE-2026-39836
Sin clasificar
Microsoft
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Information published.
CVE-2026-42499
Sin clasificar
Microsoft
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Information published.
CVE-2026-42501
Baja
Microsoft
CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles
Information published.
CVE-2026-33079
Sin clasificar
Microsoft
CVE-2026-41526
Information published.
CVE-2026-41526
Baja
Microsoft
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
Information published.
CVE-2026-3832
Sin clasificar
Microsoft
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
Information published.
CVE-2026-4948
Sin clasificar
Microsoft
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Information published.
CVE-2026-6842
Sin clasificar
Microsoft
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Information published.
CVE-2026-3219
Sin clasificar
Microsoft
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
Information published.
CVE-2026-6843
Sin clasificar
Microsoft
CVE-2026-37457
Information published.
CVE-2026-37457
Sin clasificar
Microsoft
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Information published.
CVE-2026-43248
Sin clasificar
Microsoft
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Information published.
CVE-2026-43161
Sin clasificar
Microsoft
CVE-2026-43245 ntfs: ->d_compare() must not block
Information published.
CVE-2026-43245
Sin clasificar
Microsoft
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Information published.
CVE-2025-71273
Sin clasificar
Microsoft
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Information published.
CVE-2026-43153
Sin clasificar
Microsoft
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Information published.
CVE-2026-43116
Sin clasificar
Microsoft
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
Information published.
CVE-2026-41673
Sin clasificar
Microsoft
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Information published.
CVE-2026-43125
Sin clasificar
Microsoft
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Information published.
CVE-2026-43198
Sin clasificar
Microsoft
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Information published.
CVE-2026-43172
Sin clasificar
Microsoft
CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()
Information published.
CVE-2026-43274
Sin clasificar
Microsoft
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Information published.
CVE-2025-71289
Sin clasificar
Microsoft
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Information published.
CVE-2026-43250
Sin clasificar
Microsoft
CVE-2026-43195 drm/amdgpu: validate user queue size constraints
Information published.
CVE-2026-43195
Sin clasificar
Microsoft
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Information published.
CVE-2026-43119
Sin clasificar
Microsoft
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Information published.
CVE-2026-43101
Sin clasificar
Microsoft
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Information published.
CVE-2026-43199
Sin clasificar
Microsoft
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Information published.
CVE-2026-43083
Sin clasificar
Microsoft
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification
Information published.
CVE-2026-43869
Sin clasificar
Microsoft
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
Information published.
CVE-2026-41672
Sin clasificar
Microsoft
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization
Information published.
CVE-2026-41674
Sin clasificar
Microsoft
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization
Information published.
CVE-2026-41675
Baja
Microsoft
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Information published.
CVE-2026-25243
Sin clasificar
Microsoft
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Information published.
CVE-2026-31717
Baja
Microsoft
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
Information published.
CVE-2026-23631
Sin clasificar
Microsoft
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger
Information published.
CVE-2026-31718
Baja
Microsoft
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution
Information published.
CVE-2026-23479
Baja
Microsoft
CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution
Information published.
CVE-2026-25588
Baja
Microsoft
CVE-2026-25589 RedisBloom RESTORE invalid memory access may allow remote code execution
Information published.
CVE-2026-25589
Baja
Microsoft
CVE-2026-26164 M365 Copilot Information Disclosure Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26164
Baja
Microsoft
CVE-2026-26129 M365 Copilot Information Disclosure Vulnerability
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26129
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8021 Script injection in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8021
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8022 Inappropriate implementation in MHTML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8022
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8019 Insufficient policy enforcement in WebApp
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8019
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8018 Insufficient policy enforcement in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8018
Media
Microsoft Edge
Chromium: CVE-2026-8017 Side-channel information leakage in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8017
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8014 Inappropriate implementation in Preload
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8014
Media
Microsoft Edge
Chromium: CVE-2026-8015 Inappropriate implementation in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8015
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8016 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8016
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8013 Insufficient validation of untrusted input in FedCM
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8013
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8012 Inappropriate implementation in MHTML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8012
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8011 Insufficient policy enforcement in Search
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8011
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8010 Insufficient validation of untrusted input in SiteIsolation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8010
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8009 Inappropriate implementation in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8009
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8008 Inappropriate implementation in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8008
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8007 Insufficient validation of untrusted input in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8007
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8004 Insufficient policy enforcement in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8004
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8006 Insufficient policy enforcement in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8006
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8005 Insufficient validation of untrusted input in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8005
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8002 Use after free in Audio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8002
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8003 Insufficient validation of untrusted input in TabGroups
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8003
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8001 Use after free in Printing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8001
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8000 Insufficient validation of untrusted input in ChromeDriver
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8000
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7999 Inappropriate implementation in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7999
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7994 Inappropriate implementation in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7994
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7997 Insufficient validation of untrusted input in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7997
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7998 Insufficient validation of untrusted input in Dialog
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7998
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7995 Out of bounds read in AdFilter
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7995
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7996 Insufficient validation of untrusted input in SSL
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7996
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7991 Use after free in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7991
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7988 Type Confusion in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7988
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7990 Insufficient validation of untrusted input in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7990
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7992 Insufficient validation of untrusted input in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7992
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7989 Insufficient data validation in DataTransfer
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7989
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7987 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7987
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7982 Uninitialized Use in WebCodecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7982
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7983 Out of bounds read in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7983
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7986 Insufficient policy enforcement in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7986
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7984 Use after free in ReadingMode
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7984
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7985 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7985
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7981 Out of bounds read in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7981
Media
Microsoft Edge
Chromium: CVE-2026-7979 Inappropriate implementation in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7979
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7980 Use after free in WebAudio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7980
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7978 Inappropriate implementation in Companion
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7978
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7977 Inappropriate implementation in Canvas
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7977
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7976 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7976
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7975 Use after free in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7975
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7974 Use after free in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7974
Baja
Microsoft Edge
Chromium: CVE-2026-7973 Integer overflow in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7973
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7972 Uninitialized Use in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7972
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7971 Inappropriate implementation in ORB
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7971
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7970 Use after free in TopChrome
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7970
Baja
Microsoft Edge
Chromium: CVE-2026-7969 Integer overflow in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7969
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7968 Insufficient validation of untrusted input in CORS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7968
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7966 Insufficient validation of untrusted input in SiteIsolation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7966
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7967 Insufficient validation of untrusted input in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7967
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7965 Insufficient validation of untrusted input in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7965
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7964 Insufficient validation of untrusted input in FileSystem
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7964
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7963 Inappropriate implementation in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7963
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7962 Insufficient policy enforcement in DirectSockets
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7962
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7961 Insufficient validation of untrusted input in Permissions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7961
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7960 Race in Speech
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7960
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7959 Inappropriate implementation in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7959
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7958 Inappropriate implementation in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7958
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7956 Use after free in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7956
Media
Microsoft Edge
Chromium: CVE-2026-7957 Out of bounds write in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7957
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7955 Uninitialized Use in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7955
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7954 Race in Shared Storage
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7954
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7953 Insufficient validation of untrusted input in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7953
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7952 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7952
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7951 Out of bounds write in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7951
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7950 Out of bounds read and write in GFX
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7950
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7949 Out of bounds read in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7949
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7947 Insufficient validation of untrusted input in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7947
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7946 Insufficient policy enforcement in WebUI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7946
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7948 Race in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7948
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7945 Insufficient validation of untrusted input in COOP
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7945
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cache
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7944
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7943 Insufficient validation of untrusted input in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7943
Baja
Microsoft Edge
Chromium: CVE-2026-7942 Integer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7942
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7940 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7940
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7938 Use after free in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7938
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7939 Inappropriate implementation in SanitizerAPI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7939
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7937 Insufficient policy enforcement in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7937
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7934 Insufficient validation of untrusted input in Popup Blocker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7934
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7935 Inappropriate implementation in Speech
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7935
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7936 Object lifecycle issue in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7936
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7933 Out of bounds read in WebCodecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7933
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7932 Insufficient policy enforcement in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7932
Media
Microsoft Edge
Chromium: CVE-2026-7929 Use after free in MediaRecording
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7929
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7930 Insufficient validation of untrusted input in Cookies
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7930
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7928 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7928
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7926 Use after free in PresentationAPI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7926
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7927 Type Confusion in Runtime
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7927
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7925 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7925
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7922 Use after free in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7922
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7924 Uninitialized Use in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7924
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7921 Use after free in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7921
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7923 Out of bounds write in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7923
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7920 Use after free in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7920
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7919 Use after free in Aura
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7919
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7918 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7918
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7916 Insufficient data validation in InterestGroups
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7916
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7917 Use after free in Fullscreen
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7917
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7914 Type Confusion in Accessibility
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7914
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7910 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7910
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7911 Use after free in Aura
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7911
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7909 Inappropriate implementation in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7909
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7908 Use after free in Fullscreen
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7908
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7907 Use after free in DOM
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7907
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7906 Use after free in SVG
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7906
Baja
Microsoft Edge
Chromium: CVE-2026-7903 Integer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7903
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7904 Out of bounds read in Fonts
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7904
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7902 Out of bounds memory access in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7902
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7901 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7901
Baja
Microsoft Edge
Chromium: CVE-2026-7900 Heap buffer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7900
Baja
Dynamics
CVE-2026-33821 Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
CVE-2026-33821
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7899 Out of bounds read and write in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7899
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7898 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7898
Baja
Microsoft Edge
Chromium: CVE-2026-7896 Integer overflow in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7896
Baja
Azure
CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-41105
Baja
Microsoft Edge
CVE-2026-33111 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
CVE-2026-33111
Baja
Azure
CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-33109
Baja
Azure
CVE-2026-40379 Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-40379
Baja
Azure
CVE-2026-32207 Azure Machine Learning Notebook Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32207
Baja
Microsoft
CVE-2026-33823 Microsoft Team Events Portal Information Disclosure Vulnerability
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
CVE-2026-33823
Baja
Azure
CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-33844
Baja
Microsoft
CVE-2026-34327 Microsoft Partner Center Spoofing Vulnerability
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-34327
Baja
Azure
CVE-2026-35435 Azure AI Foundry Elevation of Privilege Vulnerability
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-35435
Baja
Azure
CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-35428
Baja
Azure
CVE-2026-42826 Azure DevOps Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
CVE-2026-42826
Sin clasificar
Microsoft
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
Information published.
CVE-2025-68768
Sin clasificar
Microsoft
CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver
Information published.
CVE-2026-28810
Sin clasificar
Microsoft
CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount
Information published.
CVE-2026-31455
Sin clasificar
Microsoft
CVE-2026-34318
Information published.
CVE-2026-34318
Sin clasificar
Microsoft
CVE-2026-34317
Information published.
CVE-2026-34317
Sin clasificar
Microsoft
CVE-2026-34319
Information published.
CVE-2026-34319
Sin clasificar
Microsoft
CVE-2026-33845 Gnutls: gnutls: denial of service via dtls zero-length fragment
Information published.
CVE-2026-33845
Sin clasificar
Microsoft
CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison
Information published.
CVE-2026-3833
Baja
Microsoft
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
Information published.
CVE-2026-3832
Sin clasificar
Microsoft
CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation
Information published.
CVE-2026-6383
Sin clasificar
Microsoft
CVE-2026-34875
Information published.
CVE-2026-34875
Sin clasificar
Microsoft
CVE-2026-34874
Information published.
CVE-2026-34874
Sin clasificar
Microsoft
CVE-2026-34876
Information published.
CVE-2026-34876
Sin clasificar
Microsoft
CVE-2026-25835
Information published.
CVE-2026-25835
Sin clasificar
Microsoft
CVE-2025-66442
Information published.
CVE-2025-66442
Sin clasificar
Microsoft
CVE-2026-34873
Information published.
CVE-2026-34873
Sin clasificar
Microsoft
CVE-2026-34871
Information published.
CVE-2026-34871
Sin clasificar
Microsoft
CVE-2026-34872
Information published.
CVE-2026-34872
Sin clasificar
Microsoft
CVE-2026-25834
Information published.
CVE-2026-25834
Sin clasificar
Microsoft
CVE-2026-25833
Information published.
CVE-2026-25833
Sin clasificar
Microsoft
CVE-2026-41082
Information published.
CVE-2026-41082
Sin clasificar
Microsoft
CVE-2026-33190 CoreDNS TSIG authentication bypass on encrypted DNS transports
Information published.
CVE-2026-33190
Sin clasificar
Microsoft
CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification
Information published.
CVE-2026-32936
Sin clasificar
Microsoft
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
Information published.
CVE-2026-35579
Sin clasificar
Azure
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Information published.
CVE-2026-42151
Baja
Microsoft
CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload
Information published.
CVE-2026-42154
Sin clasificar
Microsoft
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Information published.
CVE-2026-43248
Sin clasificar
Microsoft
CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex
Information published.
CVE-2026-43127
Sin clasificar
Microsoft
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Information published.
CVE-2026-43161
Sin clasificar
Microsoft
CVE-2026-43245 ntfs: ->d_compare() must not block
Information published.
CVE-2026-43245
Sin clasificar
Microsoft
CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference
Information published.
CVE-2026-43137
Sin clasificar
Microsoft
CVE-2026-43234 team: avoid NETDEV_CHANGEMTU event when unregistering slave
Information published.
CVE-2026-43234
Sin clasificar
Microsoft
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
Information published.
CVE-2026-43185
Sin clasificar
Microsoft
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Information published.
CVE-2025-71273
Sin clasificar
Microsoft
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Information published.
CVE-2026-43153
Sin clasificar
Microsoft
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Information published.
CVE-2026-43116
Sin clasificar
Microsoft
CVE-2026-43244 kcm: fix zero-frag skb in frag_list on partial sendmsg error
Information published.
CVE-2026-43244
Sin clasificar
Microsoft
CVE-2026-43191 drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35
Information published.
CVE-2026-43191
Sin clasificar
Microsoft
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
Information published.
CVE-2025-71272
Sin clasificar
Microsoft
CVE-2026-43964
Information published.
CVE-2026-43964
Sin clasificar
Microsoft
CVE-2026-33489 CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison
Information published.
CVE-2026-33489
Sin clasificar
Microsoft
CVE-2026-32934 CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service
Information published.
CVE-2026-32934
Sin clasificar
Microsoft
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function
Information published.
CVE-2026-43073
Sin clasificar
Microsoft
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Information published.
CVE-2026-43125
Sin clasificar
Microsoft
CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE
Information published.
CVE-2026-43176
Sin clasificar
Microsoft
CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams
Information published.
CVE-2026-43204
Sin clasificar
Microsoft
CVE-2026-43131 drm/amd/pm: Fix null pointer dereference issue
Information published.
CVE-2026-43131
Sin clasificar
Microsoft
CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints
Information published.
CVE-2026-43126
Sin clasificar
Microsoft
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Information published.
CVE-2026-43198
Sin clasificar
Microsoft
CVE-2025-71290 misc: ti_fpc202: fix a potential memory leak in probe function
Information published.
CVE-2025-71290
Sin clasificar
Microsoft
CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU
Information published.
CVE-2026-43115
Sin clasificar
Microsoft
CVE-2025-71293 drm/amdgpu/ras: Move ras data alloc before bad page check
Information published.
CVE-2025-71293
Sin clasificar
Microsoft
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Information published.
CVE-2026-43172
Sin clasificar
Microsoft
CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels
Information published.
CVE-2025-71285
Sin clasificar
Microsoft
CVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminated
Information published.
CVE-2026-43197
Sin clasificar
Microsoft
CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay
Information published.
CVE-2026-43118
Sin clasificar
Microsoft
CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock
Information published.
CVE-2026-43109
Sin clasificar
Microsoft
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM
Information published.
CVE-2026-43129
Sin clasificar
Microsoft
CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()
Information published.
CVE-2026-43274
Sin clasificar
Microsoft
CVE-2026-43258 alpha: fix user-space corruption during memory compaction
Information published.
CVE-2026-43258
Sin clasificar
Microsoft
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Information published.
CVE-2025-71289
Sin clasificar
Microsoft
CVE-2026-43107 xfrm: account XFRMA_IF_ID in aevent size calculation
Information published.
CVE-2026-43107
Sin clasificar
Microsoft
CVE-2026-43243 drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src
Information published.
CVE-2026-43243
Sin clasificar
Microsoft
CVE-2025-71294 drm/amdgpu: fix NULL pointer issue buffer funcs
Information published.
CVE-2025-71294
Sin clasificar
Microsoft
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Information published.
CVE-2026-43250
Sin clasificar
Microsoft
CVE-2026-43237 drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4
Information published.
CVE-2026-43237
Sin clasificar
Microsoft
CVE-2026-43201 APEI/GHES: ARM processor Error: don't go past allocated memory
Information published.
CVE-2026-43201
Sin clasificar
Microsoft
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet
Information published.
CVE-2026-43219
Sin clasificar
Microsoft
CVE-2026-43165 hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin
Information published.
CVE-2026-43165
Sin clasificar
Microsoft
CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports
Information published.
CVE-2026-43088
Sin clasificar
Microsoft
CVE-2026-43195 drm/amdgpu: validate user queue size constraints
Information published.
CVE-2026-43195
Sin clasificar
Microsoft
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report
Information published.
CVE-2026-43213
Sin clasificar
Microsoft
CVE-2026-43228 hfs: Replace BUG_ON with error handling for CNID count checks
Information published.
CVE-2026-43228
Sin clasificar
Microsoft
CVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp()
Information published.
CVE-2026-43216
Sin clasificar
Microsoft
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Information published.
CVE-2026-43119
Sin clasificar
Microsoft
CVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon tracking
Information published.
CVE-2026-43267
Sin clasificar
Microsoft
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Information published.
CVE-2026-43101
Sin clasificar
Microsoft
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Information published.
CVE-2026-43199
Sin clasificar
Microsoft
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Information published.
CVE-2026-43083
Sin clasificar
Microsoft
CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability
Information published.
CVE-2026-43870
Sin clasificar
Microsoft
CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
Information published.
CVE-2026-43868
CVE-2020-13949
Sin clasificar
Microsoft
CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line
Information published.
CVE-2026-33523
Sin clasificar
Microsoft
CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset
Information published.
CVE-2026-23918
Sin clasificar
Microsoft
CVE-2026-34059 Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()
Information published.
CVE-2026-34059
Sin clasificar
Microsoft
CVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)
Information published.
CVE-2026-34032
Sin clasificar
Microsoft
CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
Information published.
CVE-2026-24072
Sin clasificar
Microsoft
CVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack
Information published.
CVE-2026-33006
Sin clasificar
Microsoft
CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash
Information published.
CVE-2026-33007
Sin clasificar
Microsoft
CVE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crash
Information published.
CVE-2026-29169
Sin clasificar
Microsoft
CVE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP response
Information published.
CVE-2026-29168
Sin clasificar
Microsoft
CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions
Information published.
CVE-2026-33857
Baja
Microsoft
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
Information published.
CVE-2026-41066
Baja
Microsoft
CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling
Information published.
CVE-2026-33999
Sin clasificar
Microsoft
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup
Information published.
CVE-2026-41205
Sin clasificar
Microsoft
CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption
Information published.
CVE-2026-34001
Sin clasificar
Microsoft
CVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access
Information published.
CVE-2026-34003
Sin clasificar
Microsoft
CVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
Information published.
CVE-2026-43037
Baja
Microsoft
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Information published.
CVE-2026-7598
Sin clasificar
Microsoft
CVE-2026-43964
Information published.
CVE-2026-43964
Sin clasificar
Microsoft
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
Information published.
CVE-2026-27141
Sin clasificar
Microsoft
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
Information published.
CVE-2025-8224
Sin clasificar
Microsoft
CVE-2026-35469 SpdyStream: DOS on CRI
Information published.
CVE-2026-35469
Baja
Microsoft
CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions
Information published.
CVE-2026-28532
Sin clasificar
Microsoft
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Information published.
CVE-2026-6842
Sin clasificar
Microsoft
CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place
Information published.
CVE-2026-31431
Sin clasificar
Microsoft
CVE-2026-42798
Information published.
CVE-2026-42798
Baja
Microsoft
CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow
Information published.
CVE-2026-40170
Sin clasificar
Microsoft
CVE-2026-37457
Information published.
CVE-2026-37457
Baja
Microsoft
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Information published.
CVE-2026-7598
Baja
Microsoft
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
Information published.
CVE-2025-11083
Sin clasificar
Microsoft
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion
Information published.
CVE-2025-9403
Sin clasificar
Microsoft
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
Information published.
CVE-2025-8224
Sin clasificar
Microsoft
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Information published.
CVE-2026-34757
Sin clasificar
Microsoft
CVE-2026-37555
Information published.
CVE-2026-37555
Sin clasificar
Microsoft
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Information published.
CVE-2026-6842
Sin clasificar
Microsoft
CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place
Information published.
CVE-2026-31431
Sin clasificar
Microsoft
CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file
Information published.
CVE-2026-6845
Sin clasificar
Microsoft
CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing
Information published.
CVE-2026-6846
Sin clasificar
Microsoft
CVE-2026-30656
Information published.
CVE-2026-30656
Sin clasificar
Microsoft
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
Information published.
CVE-2026-6843
Baja
Microsoft
CVE-2017-20230 Storable versions before 3.05 for Perl has a stack overflow
Information published.
CVE-2017-20230
Baja
Microsoft
CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass
Information published.
CVE-2026-32148
Baja
Microsoft
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
Information published.
CVE-2025-11083
Baja
Microsoft
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Information published.
CVE-2026-7598
Media
Microsoft
CVE-2026-43058 media: vidtv: fix pass-by-value structs causing MSAN warnings
Information published.
CVE-2026-43058
Sin clasificar
Microsoft
CVE-2026-41080
Information published.
CVE-2026-41080
Sin clasificar
Microsoft
CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page
Information published.
CVE-2026-31602
Sin clasificar
Microsoft
CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write
Information published.
CVE-2026-31598
Sin clasificar
Microsoft
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()
Information published.
CVE-2026-31608
Baja
Microsoft
CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions
Information published.
CVE-2026-28532
Sin clasificar
Microsoft
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
Information published.
CVE-2026-4948
Sin clasificar
Microsoft
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
Information published.
CVE-2026-27456
Sin clasificar
Microsoft
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization
Information published.
CVE-2026-3184
Sin clasificar
Microsoft
CVE-2026-41080
Information published.
CVE-2026-41080
Sin clasificar
Microsoft
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use
Information published.
CVE-2026-31606
Sin clasificar
Microsoft
CVE-2026-31605 fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
Information published.
CVE-2026-31605
Media
Microsoft
CVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections
Information published.
CVE-2026-31599
Sin clasificar
Microsoft
CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page
Information published.
CVE-2026-31602
Sin clasificar
Microsoft
CVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc
Information published.
CVE-2026-31610
Sin clasificar
Microsoft
CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write
Information published.
CVE-2026-31598
Sin clasificar
Microsoft
CVE-2026-31603 staging: sm750fb: fix division by zero in ps_to_hz()
Information published.
CVE-2026-31603
Sin clasificar
Microsoft
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()
Information published.
CVE-2026-31608
Sin clasificar
Microsoft
CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]
Information published.
CVE-2026-31611
Sin clasificar
Microsoft
CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()
Information published.
CVE-2026-31612
Sin clasificar
Microsoft
CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
Information published.
CVE-2026-31597
Sin clasificar
Microsoft
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Information published.
CVE-2026-6357
Sin clasificar
Microsoft
CVE-2026-41607 Apache Thrift: C++ JSON OOB read
Information published.
CVE-2026-41607
Sin clasificar
Microsoft
CVE-2026-41636 Apache Thrift: Node.js skip() recursion
Information published.
CVE-2026-41636
Sin clasificar
Microsoft
CVE-2026-31533 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
Information published.
CVE-2026-31533
Sin clasificar
Microsoft
CVE-2026-41526
Information published.
CVE-2026-41526
Sin clasificar
Microsoft
CVE-2026-40356
Information published.
CVE-2026-40356
Sin clasificar
Windows
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
Information published.
CVE-2026-3087
Sin clasificar
Microsoft
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Information published.
CVE-2026-31478
Sin clasificar
Microsoft
CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()
Information published.
CVE-2026-31532
Sin clasificar
Microsoft
CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend
Information published.
CVE-2026-31596
Sin clasificar
Microsoft
CVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()
Information published.
CVE-2026-31609
Sin clasificar
Microsoft
CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field
Information published.
CVE-2026-6238
Sin clasificar
Microsoft
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.
Information published.
CVE-2025-48431
Baja
Microsoft
CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow
Information published.
CVE-2026-41602
Sin clasificar
Microsoft
CVE-2026-41604 Apache Thrift: Swift Range crash in skip()
Information published.
CVE-2026-41604
Baja
Microsoft
CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow
Information published.
CVE-2026-41605
Baja
Microsoft
CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow
Information published.
CVE-2026-41606
Sin clasificar
Microsoft
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns
Information published.
CVE-2026-31692
Sin clasificar
Microsoft
CVE-2026-40355
Information published.
CVE-2026-40355
Sin clasificar
Microsoft
CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds
Information published.
CVE-2026-3731
Sin clasificar
Microsoft
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Information published.
CVE-2026-0965
Sin clasificar
Microsoft
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Information published.
CVE-2026-25645
Sin clasificar
Microsoft
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Information published.
CVE-2026-0967
Baja
Microsoft
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Information published.
CVE-2026-0966
Sin clasificar
Microsoft
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Information published.
CVE-2026-0964
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7343 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7343
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7363 Use after free in Canvas
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7363
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7359 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7359
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7333 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7333
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7360 Insufficient validation of untrusted input in Compositing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7360
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7344 Use after free in Accessibility
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7344
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7358 Use after free in Animation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7358
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7334 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7334
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7357 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7357
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7356 Use after free in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7356
Baja
Microsoft Edge
Chromium: CVE-2026-7353 Heap buffer overflow in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7353
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7351 Race in MHTML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7351
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7354 Out of bounds read and write in Angle
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7354
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7349 Use after free in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7349
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7348 Use after free in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7348
Media
Microsoft Edge
Chromium: CVE-2026-7335 Use after free in media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7335
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7336 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7336
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7350 Use after free in WebMIDI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7350
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7345 Insufficient validation of untrusted input in Feedback
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7345
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7347 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7347
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7346 Inappropriate implementation in Tint
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7346
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7337 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7337
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7338 Use after free in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7338
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7341 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7341
Baja
Microsoft Edge
Chromium: CVE-2026-7340 Integer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7340
Baja
Microsoft Edge
Chromium: CVE-2026-7339 Heap buffer overflow in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7339
Media
Microsoft Edge
Chromium: CVE-2026-7355 Use after free in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7355
Sin clasificar
Defender
CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability
Added FAQ information. This is an informational change only.
CVE-2026-33825
Baja
Microsoft
CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP
Information published.
CVE-2025-21892
Sin clasificar
Microsoft
CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
Information published.
CVE-2025-21870
Sin clasificar
Microsoft
CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking
Information published.
CVE-2026-24051
Sin clasificar
Microsoft
CVE-2026-21620 TFTP Path Traversal
Information published.
CVE-2026-21620
Baja
Microsoft
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve
Information published.
CVE-2026-25541
Sin clasificar
Microsoft
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference
Information published.
CVE-2025-15504
Baja
Microsoft
CVE-2022-2068 The c_rehash script allows command injection
Information published.
CVE-2022-2068
Sin clasificar
Microsoft
CVE-2019-1543 ChaCha20-Poly1305 with long nonces
Information published.
CVE-2019-1543
Baja
Microsoft
CVE-2019-1551 rsaz_512_sqr overflow bug on x86_64
Information published.
CVE-2019-1551
Sin clasificar
Microsoft
CVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_free
Information published.
CVE-2024-41045
Sin clasificar
Microsoft
CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly
Information published.
CVE-2024-41067
Sin clasificar
Microsoft
CVE-2017-3736
Information published.
CVE-2017-3736
Sin clasificar
Microsoft
CVE-2018-0734 Timing attack against DSA
Information published.
CVE-2018-0734
Sin clasificar
Microsoft
CVE-2018-0735 Timing attack against ECDSA signature generation
Information published.
CVE-2018-0735
Sin clasificar
Microsoft
CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash
Information published.
CVE-2024-57974
Sin clasificar
Microsoft
CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed
Information published.
CVE-2024-57976
Sin clasificar
Microsoft
CVE-2019-1547 ECDSA remote timing attack
Information published.
CVE-2019-1547
Sin clasificar
Microsoft
CVE-2019-1549 Fork Protection
Information published.
CVE-2019-1549
Sin clasificar
Microsoft
CVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
Information published.
CVE-2019-1563
Sin clasificar
Microsoft
CVE-2024-41932 sched: fix warning in sched_setaffinity
Information published.
CVE-2024-41932
Sin clasificar
Microsoft
CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)
Information published.
CVE-2026-34978
Sin clasificar
Microsoft
CVE-2026-31410 ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION
Information published.
CVE-2026-31410
Baja
Microsoft
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Information published.
CVE-2026-31789
Sin clasificar
Microsoft
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
CVE-2026-28387
Sin clasificar
Microsoft
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Information published.
CVE-2026-28388
Sin clasificar
Microsoft
CVE-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
Information published.
CVE-2026-35206
Baja
Microsoft
CVE-2026-5448 1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore
Information published.
CVE-2026-5448
Baja
Microsoft
CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.
Information published.
CVE-2026-5778
Sin clasificar
Microsoft
CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3
Information published.
CVE-2026-5460
Sin clasificar
Microsoft
CVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse
Information published.
CVE-2026-5446
Sin clasificar
Microsoft
CVE-2026-31476 ksmbd: do not expire session on binding failure
Information published.
CVE-2026-31476
Sin clasificar
Microsoft
CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()
Information published.
CVE-2026-31464
Sin clasificar
Microsoft
CVE-2026-31432 ksmbd: fix OOB write in QUERY_INFO for compound requests
Information published.
CVE-2026-31432
Sin clasificar
Microsoft
CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports
Information published.
CVE-2026-31502
Sin clasificar
Microsoft
CVE-2026-31495 netfilter: ctnetlink: use netlink policy range checks
Information published.
CVE-2026-31495
Sin clasificar
Microsoft
CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()
Information published.
CVE-2026-31477
Sin clasificar
Microsoft
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()
Information published.
CVE-2026-31530
Sin clasificar
Microsoft
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
Information published.
CVE-2026-31480
Sin clasificar
Microsoft
CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
Information published.
CVE-2026-31512
Sin clasificar
Microsoft
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Information published.
CVE-2026-31493
Sin clasificar
Microsoft
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds
Information published.
CVE-2026-31521
Baja
Microsoft
CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()
Information published.
CVE-2026-41445
Sin clasificar
Microsoft
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Information published.
CVE-2026-31531
Sin clasificar
Microsoft
CVE-2026-41988
Information published.
CVE-2026-41988
Sin clasificar
Microsoft
CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup
Information published.
CVE-2026-31619
Sin clasificar
Microsoft
CVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION
Information published.
CVE-2026-31590
Sin clasificar
Microsoft
CVE-2026-31618 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
Information published.
CVE-2026-31618
Sin clasificar
Microsoft
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
Information published.
CVE-2026-31617
Sin clasificar
Microsoft
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift
Information published.
CVE-2026-31624
Sin clasificar
Microsoft
CVE-2026-23422 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler
Information published.
CVE-2026-23422
Sin clasificar
Microsoft
CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
Information published.
CVE-2026-31626
Sin clasificar
Microsoft
CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers
Information published.
CVE-2026-31615
Sin clasificar
Microsoft
CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits
Information published.
CVE-2026-31537
Baja
Microsoft
CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
Information published.
CVE-2026-41676
Sin clasificar
Microsoft
CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap
Information published.
CVE-2026-41678
Sin clasificar
Microsoft
CVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crash
Information published.
CVE-2026-31580
Sin clasificar
Microsoft
CVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check
Information published.
CVE-2026-41681
Sin clasificar
Microsoft
CVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checks
Information published.
CVE-2026-31629
Sin clasificar
Microsoft
CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established
Information published.
CVE-2026-31669
Media
Microsoft
CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
Information published.
CVE-2026-31576
Sin clasificar
Microsoft
CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
Information published.
CVE-2026-31586
Sin clasificar
Microsoft
CVE-2026-31622 NFC: digital: Bounds check NFC-A cascade depth in SDD response handler
Information published.
CVE-2026-31622
Sin clasificar
Microsoft
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Information published.
CVE-2026-31592
Sin clasificar
Microsoft
CVE-2026-31686 mm/kasan: fix double free for kasan pXds
Information published.
CVE-2026-31686
Sin clasificar
Microsoft
CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer
Information published.
CVE-2026-41898
Baja
Microsoft
CVE-2026-31545 NFC: nxp-nci: allow GPIOs to sleep
Information published.
CVE-2026-31545
Sin clasificar
Microsoft
CVE-2026-31546 net: bonding: fix NULL deref in bond_debug_rlb_hash_show
Information published.
CVE-2026-31546
Sin clasificar
Microsoft
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Information published.
CVE-2026-6357
Sin clasificar
Microsoft
CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification
Information published.
CVE-2026-41603
Sin clasificar
Microsoft
CVE-2026-41607 Apache Thrift: C++ JSON OOB read
Information published.
CVE-2026-41607
Sin clasificar
Microsoft
CVE-2026-41636 Apache Thrift: Node.js skip() recursion
Information published.
CVE-2026-41636
Sin clasificar
Microsoft
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Information published.
CVE-2026-28389
Sin clasificar
Microsoft
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
CVE-2026-28390
Sin clasificar
Microsoft
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Information published.
CVE-2026-32288
Sin clasificar
Microsoft
CVE-2026-32281 Inefficient policy validation in crypto/x509
Information published.
CVE-2026-32281
Sin clasificar
Microsoft
CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template
Information published.
CVE-2026-32289
Sin clasificar
Microsoft
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
Information published.
CVE-2026-32283
Baja
Microsoft
CVE-2026-34477 Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass
Information published.
CVE-2026-34477
Sin clasificar
Microsoft
CVE-2026-31420 bridge: mrp: reject zero test interval to avoid OOM panic
Information published.
CVE-2026-31420
Sin clasificar
Microsoft
CVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS
Information published.
CVE-2026-5393
Sin clasificar
Microsoft
CVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext Recovery
Information published.
CVE-2026-5504
Sin clasificar
Microsoft
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer
Information published.
CVE-2026-5507
Sin clasificar
Microsoft
CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName
Information published.
CVE-2026-5503
Baja
Microsoft
CVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OID
Information published.
CVE-2026-5295
Baja
Microsoft
CVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSL
Information published.
CVE-2026-5188
Baja
Microsoft
CVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier
Information published.
CVE-2026-5447
Sin clasificar
Microsoft
CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation
Information published.
CVE-2026-5772
Sin clasificar
Microsoft
CVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streaming
Information published.
CVE-2026-5392
Sin clasificar
Microsoft
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Information published.
CVE-2026-1502
Sin clasificar
Microsoft
CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
Information published.
CVE-2026-34481
Sin clasificar
Microsoft
CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters
Information published.
CVE-2026-34479
Sin clasificar
Microsoft
CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
Information published.
CVE-2026-34480
Sin clasificar
Microsoft
CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head
Information published.
CVE-2026-31429
Sin clasificar
Microsoft
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Information published.
CVE-2026-3219
Sin clasificar
Microsoft
CVE-2026-31524 HID: asus: avoid memory leak in asus_report_fixup()
Information published.
CVE-2026-31524
Sin clasificar
Microsoft
CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex
Information published.
CVE-2026-31486
Sin clasificar
Microsoft
CVE-2026-31487 spi: use generic driver_override infrastructure
Information published.
CVE-2026-31487
Sin clasificar
Microsoft
CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc
Information published.
CVE-2026-31496
Sin clasificar
Microsoft
CVE-2026-31515 af_key: validate families in pfkey_send_migrate()
Information published.
CVE-2026-31515
Sin clasificar
Microsoft
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
Information published.
CVE-2026-31516
Sin clasificar
Microsoft
CVE-2026-31527 driver core: platform: use generic driver_override infrastructure
Information published.
CVE-2026-31527
Sin clasificar
Microsoft
CVE-2026-31504 net: fix fanout UAF in packet_release() via NETDEV_UP race
Information published.
CVE-2026-31504
Sin clasificar
Microsoft
CVE-2026-31523 nvme-pci: ensure we're polling a polled queue
Information published.
CVE-2026-31523
Sin clasificar
Microsoft
CVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indices
Information published.
CVE-2026-31497
Sin clasificar
Microsoft
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path
Information published.
CVE-2026-31489
Sin clasificar
Microsoft
CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb
Information published.
CVE-2026-31510
Sin clasificar
Microsoft
CVE-2026-31482 s390/entry: Scrub r12 register on kernel entry
Information published.
CVE-2026-31482
Sin clasificar
Microsoft
CVE-2026-31518 esp: fix skb leak with espintcp and async crypto
Information published.
CVE-2026-31518
Sin clasificar
Microsoft
CVE-2026-31519 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create
Information published.
CVE-2026-31519
Sin clasificar
Microsoft
CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests
Information published.
CVE-2026-31433
Sin clasificar
Microsoft
CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)
Information published.
CVE-2026-31485
Sin clasificar
Microsoft
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
Information published.
CVE-2026-31483
Sin clasificar
Microsoft
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
Information published.
CVE-2026-31507
Sin clasificar
Microsoft
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
Information published.
CVE-2026-31500
Sin clasificar
Microsoft
CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
Information published.
CVE-2026-31522
Sin clasificar
Microsoft
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Information published.
CVE-2026-31478
Sin clasificar
Microsoft
CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device
Information published.
CVE-2026-31509
Sin clasificar
Microsoft
CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2
Information published.
CVE-2026-31503
Sin clasificar
Microsoft
CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop
Information published.
CVE-2026-31498
Sin clasificar
Microsoft
CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it
Information published.
CVE-2026-31492
Sin clasificar
Microsoft
CVE-2026-31494 net: macb: use the current queue number for stats
Information published.
CVE-2026-31494
Sin clasificar
Microsoft
CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input
Information published.
CVE-2026-6409
Sin clasificar
Microsoft
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
Information published.
CVE-2026-5187
Sin clasificar
Microsoft
CVE-2026-23428 ksmbd: fix use-after-free of share_conf in compound request
Information published.
CVE-2026-23428
Sin clasificar
Microsoft
CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable
Information published.
CVE-2025-13763
Sin clasificar
Microsoft
CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()
Information published.
CVE-2026-31607
Sin clasificar
Microsoft
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Information published.
CVE-2026-31536
Media
Microsoft
CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()
Information published.
CVE-2026-31583
Sin clasificar
Microsoft
CVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnect
Information published.
CVE-2026-31581
Media
Microsoft
CVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failure
Information published.
CVE-2026-31585
Baja
Microsoft
CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
Information published.
CVE-2026-31623
Sin clasificar
Microsoft
CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length
Information published.
CVE-2026-41677
Baja
Microsoft
CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()
Information published.
CVE-2026-31616
Sin clasificar
Microsoft
CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect
Information published.
CVE-2026-31582
Sin clasificar
Microsoft
CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values
Information published.
CVE-2026-31588
Sin clasificar
Microsoft
CVE-2026-41305 PostCSS has XSS via Unescaped in its CSS Stringify Output
Information published.
CVE-2026-41305
Sin clasificar
Windows
CVE-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes
Information published.
CVE-2026-3298
Media
Microsoft
CVE-2026-31584 media: mediatek: vcodec: fix use-after-free in encoder release path
Information published.
CVE-2026-31584
Baja
Microsoft
CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path
Information published.
CVE-2026-5435
Sin clasificar
Microsoft
CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers
Information published.
CVE-2026-2708
Sin clasificar
Microsoft
CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document
Information published.
CVE-2026-6732
Sin clasificar
Microsoft
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters
Information published.
CVE-2026-6019
Sin clasificar
Microsoft
CVE-2026-31508 net: openvswitch: Avoid releasing netdev before teardown completes
Information published.
CVE-2026-31508
Sin clasificar
Microsoft
CVE-2026-31540 drm/i915/gt: Check set_default_submission() before deferencing
Information published.
CVE-2026-31540
Sin clasificar
Microsoft
CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field
Information published.
CVE-2026-6238
Sin clasificar
Microsoft
CVE-2026-31499 Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()
Information published.
CVE-2026-31499
Sin clasificar
Microsoft
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.
Information published.
CVE-2025-48431
Baja
Microsoft
CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow
Information published.
CVE-2026-41602
Sin clasificar
Microsoft
CVE-2026-41604 Apache Thrift: Swift Range crash in skip()
Information published.
CVE-2026-41604
Baja
Microsoft
CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow
Information published.
CVE-2026-41605
Baja
Microsoft
CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow
Information published.
CVE-2026-41606
Sin clasificar
Microsoft
CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly
Information published.
CVE-2024-35808
Sin clasificar
Microsoft
CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio
Information published.
CVE-2025-37834
Baja
Microsoft
CVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path
Information published.
CVE-2026-4395
Baja
Microsoft
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path
Information published.
CVE-2026-1005
Sin clasificar
Microsoft
CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior
Information published.
CVE-2026-23378
Sin clasificar
Microsoft
CVE-2025-66037 OpenSC: Out of Bounds vulnerability
Information published.
CVE-2025-66037
Sin clasificar
Microsoft
CVE-2025-69648
Information published.
CVE-2025-69648
Sin clasificar
Microsoft
CVE-2026-32776
Information published.
CVE-2026-32776
Sin clasificar
Microsoft
CVE-2026-32778
Information published.
CVE-2026-32778
Sin clasificar
Microsoft
CVE-2026-32777
Information published.
CVE-2026-32777
Sin clasificar
Microsoft
CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read
Information published.
CVE-2026-4159
Sin clasificar
Microsoft
CVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V
Information published.
CVE-2026-3580
Baja
Microsoft
CVE-2026-3229 Integer Overflow in Certificate Chain Allocation
Information published.
CVE-2026-3229
Sin clasificar
Microsoft
CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown
Information published.
CVE-2026-23372
Sin clasificar
Microsoft
CVE-2026-23364 ksmbd: Compare MACs in constant time
Information published.
CVE-2026-23364
Sin clasificar
Microsoft
CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion
Information published.
CVE-2026-23393
Sin clasificar
Microsoft
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers
Information published.
CVE-2026-33542
Sin clasificar
Microsoft
CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection
Information published.
CVE-2026-33916
Baja
Microsoft
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Information published.
CVE-2025-49010
Baja
Microsoft
CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur
Information published.
CVE-2025-66215
Sin clasificar
Microsoft
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Information published.
CVE-2025-66038
Sin clasificar
Microsoft
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
Information published.
CVE-2026-34043
Sin clasificar
Microsoft
CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters
Information published.
CVE-2026-2100
Sin clasificar
Microsoft
CVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer names
Information published.
CVE-2026-34073
Sin clasificar
Microsoft
CVE-2017-3731 Truncated packet could crash via OOB read
Information published.
CVE-2017-3731
Sin clasificar
Windows
CVE-2026-21246 Windows Graphics Component Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-21246
Sin clasificar
Microsoft
CVE-2026-22701 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock
Information published.
CVE-2026-22701
Sin clasificar
Microsoft
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
Information published.
CVE-2026-27141
Sin clasificar
Microsoft
CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking
Information published.
CVE-2026-24051
Sin clasificar
Microsoft
CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure
Information published.
CVE-2026-2443
Baja
Microsoft
CVE-2022-2068 The c_rehash script allows command injection
Information published.
CVE-2022-2068
Baja
Microsoft
CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation
Information published.
CVE-2025-68146
Sin clasificar
Microsoft
CVE-2017-3735
Information published.
CVE-2017-3735
Sin clasificar
Microsoft
CVE-2017-3736
Information published.
CVE-2017-3736
Sin clasificar
Microsoft
CVE-2018-0734 Timing attack against DSA
Information published.
CVE-2018-0734
Sin clasificar
Microsoft
CVE-2018-0735 Timing attack against ECDSA signature generation
Information published.
CVE-2018-0735
Sin clasificar
Microsoft
CVE-2019-1547 ECDSA remote timing attack
Information published.
CVE-2019-1547
Sin clasificar
Microsoft
CVE-2019-1549 Fork Protection
Information published.
CVE-2019-1549
Sin clasificar
Microsoft
CVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
Information published.
CVE-2019-1563
Sin clasificar
Microsoft
CVE-2026-34591 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write
Information published.
CVE-2026-34591
Sin clasificar
Microsoft
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Information published.
CVE-2026-29181
Sin clasificar
Microsoft
CVE-2026-31476 ksmbd: do not expire session on binding failure
Information published.
CVE-2026-31476
Sin clasificar
Microsoft
CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()
Information published.
CVE-2026-31477
Sin clasificar
Microsoft
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
Information published.
CVE-2026-31480
Sin clasificar
Microsoft
CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup
Information published.
CVE-2026-31619
Sin clasificar
Microsoft
CVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users
Information published.
CVE-2026-41079
Sin clasificar
Microsoft
CVE-2026-31557 nvmet: move async event work off nvmet-wq
Information published.
CVE-2026-31557
Sin clasificar
Microsoft
CVE-2026-31667 Input: uinput - fix circular locking dependency with ff-core
Information published.
CVE-2026-31667
Sin clasificar
Microsoft
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
Information published.
CVE-2026-31617
Sin clasificar
Microsoft
CVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytes
Information published.
CVE-2026-31660
Sin clasificar
Microsoft
CVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
Information published.
CVE-2026-31566
Sin clasificar
Microsoft
CVE-2026-31637 rxrpc: reject undecryptable rxkad response tickets
Information published.
CVE-2026-31637
Sin clasificar
Microsoft
CVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()
Information published.
CVE-2026-31570
Sin clasificar
Microsoft
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift
Information published.
CVE-2026-31624
Sin clasificar
Microsoft
CVE-2026-31651 mmc: vub300: fix NULL-deref on disconnect
Information published.
CVE-2026-31651
Sin clasificar
Microsoft
CVE-2026-31672 wifi: rt2x00usb: fix devres lifetime
Information published.
CVE-2026-31672
Sin clasificar
Microsoft
CVE-2026-31565 RDMA/irdma: Fix deadlock during netdev reset with active connections
Information published.
CVE-2026-31565
Sin clasificar
Microsoft
CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
Information published.
CVE-2026-31626
Sin clasificar
Microsoft
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
Information published.
CVE-2026-31663
Baja
Microsoft
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
Information published.
CVE-2026-41066
Sin clasificar
Microsoft
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames
Information published.
CVE-2026-41411
Sin clasificar
Microsoft
CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits
Information published.
CVE-2026-31537
Sin clasificar
Microsoft
CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]
Information published.
CVE-2026-31611
Sin clasificar
Microsoft
CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT
Information published.
CVE-2026-32147
Sin clasificar
Microsoft
CVE-2026-31627 i2c: s3c24xx: check the size of the SMBUS message before using it
Information published.
CVE-2026-31627
Sin clasificar
Microsoft
CVE-2026-31671 xfrm_user: fix info leak in build_report()
Information published.
CVE-2026-31671
Sin clasificar
Microsoft
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction
Information published.
CVE-2026-31560
Sin clasificar
Microsoft
CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()
Information published.
CVE-2026-31612
Sin clasificar
Microsoft
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory
Information published.
CVE-2026-31568
Sin clasificar
Microsoft
CVE-2026-31587 ASoC: qcom: q6apm: move component registration to unmanaged version
Information published.
CVE-2026-31587
Sin clasificar
Microsoft
CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation
Information published.
CVE-2026-31575
Baja
Microsoft
CVE-2026-31662 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
Information published.
CVE-2026-31662
Sin clasificar
Microsoft
CVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crash
Information published.
CVE-2026-31580
Sin clasificar
Microsoft
CVE-2026-31657 batman-adv: hold claim backbone gateways by reference
Information published.
CVE-2026-31657
Sin clasificar
Microsoft
CVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checks
Information published.
CVE-2026-31629
Sin clasificar
Microsoft
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
Information published.
CVE-2026-31579
Sin clasificar
Microsoft
CVE-2026-31628 x86/CPU: Fix FPDSS on Zen1
Information published.
CVE-2026-31628
Sin clasificar
Microsoft
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output
Information published.
CVE-2026-31630
Baja
Microsoft
CVE-2026-31649 net: stmmac: fix integer underflow in chain mode
Information published.
CVE-2026-31649
Sin clasificar
Microsoft
CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established
Information published.
CVE-2026-31669
Media
Microsoft
CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
Information published.
CVE-2026-31576
Sin clasificar
Microsoft
CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
Information published.
CVE-2026-31586
Media
Microsoft
CVE-2026-31578 media: as102: fix to not free memory after the device is registered in as102_usb_probe()
Information published.
CVE-2026-31578
Sin clasificar
Microsoft
CVE-2026-31682 bridge: br_nd_send: linearize skb before parsing ND options
Information published.
CVE-2026-31682
Sin clasificar
Microsoft
CVE-2026-31659 batman-adv: reject oversized global TT response buffers
Information published.
CVE-2026-31659
Sin clasificar
Microsoft
CVE-2026-31625 HID: alps: fix NULL pointer dereference in alps_raw_event()
Information published.
CVE-2026-31625
Sin clasificar
Microsoft
CVE-2026-31679 openvswitch: validate MPLS set/set_masked payload length
Information published.
CVE-2026-31679
Sin clasificar
Microsoft
CVE-2026-31674 netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()
Information published.
CVE-2026-31674
Sin clasificar
Microsoft
CVE-2026-31664 xfrm: clear trailing padding in build_polexpire()
Information published.
CVE-2026-31664
Sin clasificar
Microsoft
CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
Information published.
CVE-2026-31597
Sin clasificar
Microsoft
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Information published.
CVE-2026-31592
Baja
Microsoft
CVE-2026-31656 drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
Information published.
CVE-2026-31656
Sin clasificar
Microsoft
CVE-2026-31686 mm/kasan: fix double free for kasan pXds
Information published.
CVE-2026-31686
Sin clasificar
Microsoft
CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer
Information published.
CVE-2026-41898
Baja
Microsoft
CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling
Information published.
CVE-2026-33999
Sin clasificar
Microsoft
CVE-2026-23406 apparmor: fix side-effect bug in match_char() macro usage
Information published.
CVE-2026-23406
Sin clasificar
Microsoft
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Information published.
CVE-2026-28389
Sin clasificar
Microsoft
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
CVE-2026-28390
Sin clasificar
Microsoft
CVE-2026-41254
Information published.
CVE-2026-41254
Sin clasificar
Microsoft
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Information published.
CVE-2026-31478
Media
Microsoft
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
Information published.
CVE-2026-31473
Sin clasificar
Microsoft
CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable
Information published.
CVE-2025-13763
Sin clasificar
Microsoft
CVE-2026-31555 futex: Clear stale exiting pointer in futex_lock_pi() retry path
Information published.
CVE-2026-31555
Sin clasificar
Microsoft
CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()
Information published.
CVE-2026-31607
Sin clasificar
Microsoft
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Information published.
CVE-2026-31536
Media
Microsoft
CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()
Information published.
CVE-2026-31583
Sin clasificar
Microsoft
CVE-2026-31638 rxrpc: Only put the call ref if one was acquired
Information published.
CVE-2026-31638
Sin clasificar
Microsoft
CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag
Information published.
CVE-2026-31574
Sin clasificar
Microsoft
CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend
Information published.
CVE-2026-31596
Sin clasificar
Microsoft
CVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnect
Information published.
CVE-2026-31581
Sin clasificar
Microsoft
CVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map
Information published.
CVE-2026-31577
Sin clasificar
Microsoft
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
Information published.
CVE-2026-41140
Sin clasificar
Microsoft
CVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroy
Information published.
CVE-2026-31665
Sin clasificar
Microsoft
CVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being created
Information published.
CVE-2026-31670
Sin clasificar
Microsoft
CVE-2026-31642 rxrpc: Fix call removal to use RCU safe deletion
Information published.
CVE-2026-31642
Sin clasificar
Microsoft
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response
Information published.
CVE-2026-31613
Baja
Microsoft
CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
Information published.
CVE-2026-31623
Sin clasificar
Microsoft
CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length
Information published.
CVE-2026-41677
Baja
Microsoft
CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()
Information published.
CVE-2026-31616
Sin clasificar
Microsoft
CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel
Information published.
CVE-2026-31668
Sin clasificar
Microsoft
CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect
Information published.
CVE-2026-31582
Sin clasificar
Microsoft
CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values
Information published.
CVE-2026-31588
Sin clasificar
Microsoft
CVE-2026-31675 net/sched: sch_netem: fix out-of-bounds access in packet corruption
Information published.
CVE-2026-31675
Sin clasificar
Microsoft
CVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring()
Information published.
CVE-2026-31634
Sin clasificar
Microsoft
CVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()
Information published.
CVE-2026-31658
Sin clasificar
Microsoft
CVE-2026-31689 EDAC/mc: Fix error path ordering in edac_mc_alloc()
Information published.
CVE-2026-31689
Sin clasificar
Microsoft
CVE-2026-31688 driver core: enforce device_lock for driver_match_device()
Information published.
CVE-2026-31688
Sin clasificar
Microsoft
CVE-2026-31548 wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down
Information published.
CVE-2026-31548
Sin clasificar
Microsoft
CVE-2026-31549 i2c: cp2615: fix serial string NULL-deref at probe
Information published.
CVE-2026-31549
Sin clasificar
Microsoft
CVE-2026-31550 pmdomain: bcm: bcm2835-power: Increase ASB control timeout
Information published.
CVE-2026-31550
Baja
Microsoft
CVE-2026-31551 wifi: mac80211: Fix static_branch_dec() underflow for aql_disable.
Information published.
CVE-2026-31551
Sin clasificar
Microsoft
CVE-2026-31552 wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom
Information published.
CVE-2026-31552
Media
Microsoft
CVE-2026-31584 media: mediatek: vcodec: fix use-after-free in encoder release path
Information published.
CVE-2026-31584
Sin clasificar
Microsoft
CVE-2026-31661 wifi: brcmsmac: Fix dma_free_coherent() size
Information published.
CVE-2026-31661
Sin clasificar
Microsoft
CVE-2026-31563 net: macb: Use dev_consume_skb_any() to free TX SKBs
Information published.
CVE-2026-31563
Baja
Microsoft
CVE-2026-31648 mm: filemap: fix nr_pages calculation overflow in filemap_map_pages()
Information published.
CVE-2026-31648
Sin clasificar
Microsoft
CVE-2026-40225
Information published.
CVE-2026-40225
Baja
Microsoft
CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path
Information published.
CVE-2026-5435
Sin clasificar
Microsoft
CVE-2026-40556 Insecure Directory Permissions in GNU nano Leading to Privilege Abuse
Information published.
CVE-2026-40556
Sin clasificar
Microsoft
CVE-2026-6861 Emacs: emacs: memory corruption vulnerability when processing svg css
Information published.
CVE-2026-6861
Sin clasificar
Microsoft
CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers
Information published.
CVE-2026-2708
Sin clasificar
Microsoft
CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document
Information published.
CVE-2026-6732
Sin clasificar
Microsoft
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters
Information published.
CVE-2026-6019
Sin clasificar
Microsoft
CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption
Information published.
CVE-2026-34001
Sin clasificar
Microsoft
CVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access
Information published.
CVE-2026-34003
Sin clasificar
Microsoft
CVE-2026-3783 token leak with redirect and netrc
Information published.
CVE-2026-3783
Sin clasificar
Microsoft
CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal
Information published.
CVE-2026-23391
Sin clasificar
Microsoft
CVE-2026-1965 bad reuse of HTTP Negotiate connection
Information published.
CVE-2026-1965
Sin clasificar
Microsoft
CVE-2026-3784 wrong proxy connection reuse with credentials
Information published.
CVE-2026-3784
Baja
Microsoft
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Information published.
CVE-2026-33056
Sin clasificar
Microsoft
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
Information published.
CVE-2026-33055
Baja
Microsoft
CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
Information published.
CVE-2026-2369
Sin clasificar
Microsoft
CVE-2026-23388 Squashfs: check metadata block offset is within range
Information published.
CVE-2026-23388
Sin clasificar
Microsoft
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
Information published.
CVE-2026-23395
Sin clasificar
Microsoft
CVE-2026-31788 xen/privcmd: restrict usage in unprivileged domU
Information published.
CVE-2026-31788
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6920 Out of bounds read in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6920
Sin clasificar
Dynamics
CVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Added acknowledgements. This is an informational change only.
CVE-2026-33103
Sin clasificar
Microsoft
Chromium: CVE-2026-6919 Use after free in DevTools
Added a second Security Only package to Edge security update. This is an informational change only.
CVE-2026-6919
Sin clasificar
Visual Studio
CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability
This CVE has been updated to include the Visual Studios 2026 18.5 as an Affected Software
CVE-2026-40372
Sin clasificar
Microsoft
CVE-2026-26149 Microsoft Power Apps Desktop Client Spoofing Vulnerability
Boletin publicado por Microsoft Security Response Center.
CVE-2026-26149
Sin clasificar
Windows
CVE-2026-32202 Windows Shell Spoofing Vulnerability
Corrected the Exploitability Index, Exploited flag and CVSS vector which was incorrect at the time of publication on 4/14/2026. This is an informational change only.
CVE-2026-32202
Sin clasificar
Microsoft
CVE-2018-0734 Timing attack against DSA
Information published.
CVE-2018-0734
Sin clasificar
Microsoft
CVE-2018-0735 Timing attack against ECDSA signature generation
Information published.
CVE-2018-0735
Baja
Microsoft
CVE-2022-2068 The c_rehash script allows command injection
Information published.
CVE-2022-2068
Sin clasificar
Microsoft
CVE-2026-23405 apparmor: fix: limit the number of levels of policy namespaces
Information published.
CVE-2026-23405
Sin clasificar
Microsoft
CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup
Information published.
CVE-2026-31619
Sin clasificar
Microsoft
CVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users
Information published.
CVE-2026-41079
Sin clasificar
Microsoft
CVE-2026-31557 nvmet: move async event work off nvmet-wq
Information published.
CVE-2026-31557
Sin clasificar
Microsoft
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use
Information published.
CVE-2026-31606
Sin clasificar
Microsoft
CVE-2026-31646 net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()
Information published.
CVE-2026-31646
Sin clasificar
Microsoft
CVE-2026-31620 ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0
Information published.
CVE-2026-31620
Sin clasificar
Microsoft
CVE-2026-31593 KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU
Information published.
CVE-2026-31593
Sin clasificar
Microsoft
CVE-2026-31667 Input: uinput - fix circular locking dependency with ff-core
Information published.
CVE-2026-31667
Sin clasificar
Microsoft
CVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION
Information published.
CVE-2026-31590
Sin clasificar
Microsoft
CVE-2026-31618 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
Information published.
CVE-2026-31618
Sin clasificar
Microsoft
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
Information published.
CVE-2026-31617
Sin clasificar
Microsoft
CVE-2026-31589 mm: call ->free_folio() directly in folio_unmap_invalidate()
Information published.
CVE-2026-31589
Sin clasificar
Microsoft
CVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytes
Information published.
CVE-2026-31660
Sin clasificar
Microsoft
CVE-2026-31605 fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
Information published.
CVE-2026-31605
Sin clasificar
Microsoft
CVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
Information published.
CVE-2026-31566
Media
Microsoft
CVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections
Information published.
CVE-2026-31599
Sin clasificar
Microsoft
CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page
Information published.
CVE-2026-31602
Sin clasificar
Microsoft
CVE-2026-31637 rxrpc: reject undecryptable rxkad response tickets
Information published.
CVE-2026-31637
Sin clasificar
Microsoft
CVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()
Information published.
CVE-2026-31570
Sin clasificar
Microsoft
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift
Information published.
CVE-2026-31624
Sin clasificar
Microsoft
CVE-2026-31651 mmc: vub300: fix NULL-deref on disconnect
Information published.
CVE-2026-31651
Sin clasificar
Microsoft
CVE-2026-23420 wifi: wlcore: Fix a locking bug
Information published.
CVE-2026-23420
Sin clasificar
Microsoft
CVE-2026-31672 wifi: rt2x00usb: fix devres lifetime
Information published.
CVE-2026-31672
Sin clasificar
Microsoft
CVE-2026-23422 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler
Information published.
CVE-2026-23422
Sin clasificar
Microsoft
CVE-2026-31565 RDMA/irdma: Fix deadlock during netdev reset with active connections
Information published.
CVE-2026-31565
Sin clasificar
Microsoft
CVE-2026-31621 bnge: return after auxiliary_device_uninit() in error path
Information published.
CVE-2026-31621
Sin clasificar
Microsoft
CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
Information published.
CVE-2026-31626
Sin clasificar
Microsoft
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
Information published.
CVE-2026-31663
Sin clasificar
Microsoft
CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers
Information published.
CVE-2026-31615
Sin clasificar
Microsoft
CVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc
Information published.
CVE-2026-31610
Baja
Microsoft
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
Information published.
CVE-2026-41066
Sin clasificar
Microsoft
CVE-2026-31645 net: lan966x: fix page pool leak in error paths
Information published.
CVE-2026-31645
Sin clasificar
Microsoft
CVE-2026-41907 uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided
Information published.
CVE-2026-41907
Sin clasificar
Microsoft
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames
Information published.
CVE-2026-41411
Sin clasificar
Microsoft
CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write
Information published.
CVE-2026-31598
Sin clasificar
Microsoft
CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits
Information published.
CVE-2026-31537
Sin clasificar
Microsoft
CVE-2026-23414 tls: Purge async_hold in tls_decrypt_async_wait()
Information published.
CVE-2026-23414
Sin clasificar
Microsoft
CVE-2026-31603 staging: sm750fb: fix division by zero in ps_to_hz()
Information published.
CVE-2026-31603
Sin clasificar
Microsoft
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()
Information published.
CVE-2026-31608
Sin clasificar
Microsoft
CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]
Information published.
CVE-2026-31611
Sin clasificar
Microsoft
CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT
Information published.
CVE-2026-32147
Sin clasificar
Microsoft
CVE-2026-31600 arm64: mm: Handle invalid large leaf mappings correctly
Information published.
CVE-2026-31600
Baja
Microsoft
CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
Information published.
CVE-2026-41676
Sin clasificar
Microsoft
CVE-2026-31627 i2c: s3c24xx: check the size of the SMBUS message before using it
Information published.
CVE-2026-31627
Sin clasificar
Microsoft
CVE-2026-31671 xfrm_user: fix info leak in build_report()
Information published.
CVE-2026-31671
Sin clasificar
Microsoft
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction
Information published.
CVE-2026-31560
Sin clasificar
Microsoft
CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap
Information published.
CVE-2026-41678
Sin clasificar
Microsoft
CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()
Information published.
CVE-2026-31612
Sin clasificar
Microsoft
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory
Information published.
CVE-2026-31568
Sin clasificar
Microsoft
CVE-2026-31587 ASoC: qcom: q6apm: move component registration to unmanaged version
Information published.
CVE-2026-31587
Sin clasificar
Microsoft
CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation
Information published.
CVE-2026-31575
Baja
Microsoft
CVE-2026-31662 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
Information published.
CVE-2026-31662
Sin clasificar
Microsoft
CVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crash
Information published.
CVE-2026-31580
Sin clasificar
Microsoft
CVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check
Information published.
CVE-2026-41681
Sin clasificar
Microsoft
CVE-2026-31639 rxrpc: Fix key reference count leak from call->key
Information published.
CVE-2026-31639
Sin clasificar
Microsoft
CVE-2026-31657 batman-adv: hold claim backbone gateways by reference
Information published.
CVE-2026-31657
Sin clasificar
Microsoft
CVE-2026-31591 KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish
Information published.
CVE-2026-31591
Sin clasificar
Microsoft
CVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checks
Information published.
CVE-2026-31629
Sin clasificar
Microsoft
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
Information published.
CVE-2026-31579
Sin clasificar
Microsoft
CVE-2026-31628 x86/CPU: Fix FPDSS on Zen1
Information published.
CVE-2026-31628
Sin clasificar
Microsoft
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output
Information published.
CVE-2026-31630
Sin clasificar
Microsoft
CVE-2026-31655 pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled
Information published.
CVE-2026-31655
Sin clasificar
Microsoft
CVE-2026-31685 netfilter: ip6t_eui64: reject invalid MAC header for all packets
Information published.
CVE-2026-31685
Baja
Microsoft
CVE-2026-31649 net: stmmac: fix integer underflow in chain mode
Information published.
CVE-2026-31649
Sin clasificar
Microsoft
CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established
Information published.
CVE-2026-31669
Baja
Microsoft
CVE-2026-31680 net: ipv6: flowlabel: defer exclusive option free until RCU teardown
Information published.
CVE-2026-31680
Media
Microsoft
CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
Information published.
CVE-2026-31576
Sin clasificar
Microsoft
CVE-2026-31678 openvswitch: defer tunnel netdev_put to RCU release
Information published.
CVE-2026-31678
Sin clasificar
Microsoft
CVE-2026-31595 PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup
Information published.
CVE-2026-31595
Sin clasificar
Microsoft
CVE-2026-31681 netfilter: xt_multiport: validate range encoding in checkentry
Information published.
CVE-2026-31681
Sin clasificar
Microsoft
CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
Information published.
CVE-2026-31586
Media
Microsoft
CVE-2026-31578 media: as102: fix to not free memory after the device is registered in as102_usb_probe()
Information published.
CVE-2026-31578
Sin clasificar
Microsoft
CVE-2026-31682 bridge: br_nd_send: linearize skb before parsing ND options
Information published.
CVE-2026-31682
Sin clasificar
Microsoft
CVE-2026-31659 batman-adv: reject oversized global TT response buffers
Information published.
CVE-2026-31659
Sin clasificar
Microsoft
CVE-2026-31625 HID: alps: fix NULL pointer dereference in alps_raw_event()
Information published.
CVE-2026-31625
Sin clasificar
Microsoft
CVE-2026-31679 openvswitch: validate MPLS set/set_masked payload length
Information published.
CVE-2026-31679
Sin clasificar
Microsoft
CVE-2026-31674 netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()
Information published.
CVE-2026-31674
Sin clasificar
Microsoft
CVE-2026-31673 af_unix: read UNIX_DIAG_VFS data under unix_state_lock
Information published.
CVE-2026-31673
Sin clasificar
Microsoft
CVE-2026-31664 xfrm: clear trailing padding in build_polexpire()
Information published.
CVE-2026-31664
Sin clasificar
Microsoft
CVE-2026-31622 NFC: digital: Bounds check NFC-A cascade depth in SDD response handler
Information published.
CVE-2026-31622
Sin clasificar
Microsoft
CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
Information published.
CVE-2026-31597
Sin clasificar
Microsoft
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Information published.
CVE-2026-31592
Baja
Microsoft
CVE-2026-31656 drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
Information published.
CVE-2026-31656
Sin clasificar
Microsoft
CVE-2026-23401 KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE
Information published.
CVE-2026-23401
Sin clasificar
Microsoft
CVE-2026-23403 apparmor: fix memory leak in verify_header
Information published.
CVE-2026-23403
Sin clasificar
Microsoft
CVE-2026-23404 apparmor: replace recursive profile removal with iterative approach
Information published.
CVE-2026-23404
Sin clasificar
Microsoft
CVE-2026-23406 apparmor: fix side-effect bug in match_char() macro usage
Information published.
CVE-2026-23406
Sin clasificar
Microsoft
CVE-2026-23407 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
Information published.
CVE-2026-23407
Sin clasificar
Microsoft
CVE-2026-23408 apparmor: Fix double free of ns_name in aa_replace_profiles()
Information published.
CVE-2026-23408
Sin clasificar
Microsoft
CVE-2026-23409 apparmor: fix differential encoding verification
Information published.
CVE-2026-23409
Sin clasificar
Microsoft
CVE-2026-23410 apparmor: fix race on rawdata dereference
Information published.
CVE-2026-23410
Sin clasificar
Microsoft
CVE-2026-23411 apparmor: fix race between freeing data and fs accessing it
Information published.
CVE-2026-23411
Sin clasificar
Microsoft
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup
Information published.
CVE-2026-41205
Sin clasificar
Microsoft
CVE-2026-31555 futex: Clear stale exiting pointer in futex_lock_pi() retry path
Information published.
CVE-2026-31555
Sin clasificar
Microsoft
CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()
Information published.
CVE-2026-31607
Sin clasificar
Microsoft
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Information published.
CVE-2026-31536
Media
Microsoft
CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()
Information published.
CVE-2026-31583
Sin clasificar
Microsoft
CVE-2026-31638 rxrpc: Only put the call ref if one was acquired
Information published.
CVE-2026-31638
Sin clasificar
Microsoft
CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag
Information published.
CVE-2026-31574
Sin clasificar
Microsoft
CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend
Information published.
CVE-2026-31596
Sin clasificar
Microsoft
CVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnect
Information published.
CVE-2026-31581
Sin clasificar
Microsoft
CVE-2026-31604 wifi: rtw88: fix device leak on probe failure
Information published.
CVE-2026-31604
Media
Microsoft
CVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failure
Information published.
CVE-2026-31585
Sin clasificar
Microsoft
CVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map
Information published.
CVE-2026-31577
Sin clasificar
Microsoft
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
Information published.
CVE-2026-41140
Sin clasificar
Microsoft
CVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroy
Information published.
CVE-2026-31665
Sin clasificar
Microsoft
CVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being created
Information published.
CVE-2026-31670
Sin clasificar
Microsoft
CVE-2026-31642 rxrpc: Fix call removal to use RCU safe deletion
Information published.
CVE-2026-31642
Sin clasificar
Microsoft
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response
Information published.
CVE-2026-31613
Baja
Microsoft
CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
Information published.
CVE-2026-31623
Sin clasificar
Microsoft
CVE-2026-31594 PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown
Information published.
CVE-2026-31594
Sin clasificar
Microsoft
CVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()
Information published.
CVE-2026-31609
Sin clasificar
Microsoft
CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length
Information published.
CVE-2026-41677
Baja
Microsoft
CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()
Information published.
CVE-2026-31616
Sin clasificar
Microsoft
CVE-2026-31601 vfio/xe: Reorganize the init to decouple migration from reset
Information published.
CVE-2026-31601
Sin clasificar
Microsoft
CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel
Information published.
CVE-2026-31668
Sin clasificar
Microsoft
CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect
Information published.
CVE-2026-31582
Sin clasificar
Microsoft
CVE-2026-31676 rxrpc: only handle RESPONSE during service challenge
Information published.
CVE-2026-31676
Sin clasificar
Microsoft
CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values
Information published.
CVE-2026-31588
Sin clasificar
Microsoft
CVE-2026-31677 crypto: af_alg - limit RX SG extraction by receive buffer budget
Information published.
CVE-2026-31677
Sin clasificar
Microsoft
CVE-2026-31675 net/sched: sch_netem: fix out-of-bounds access in packet corruption
Information published.
CVE-2026-31675
Sin clasificar
Microsoft
CVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring()
Information published.
CVE-2026-31634
Sin clasificar
Microsoft
CVE-2026-31684 net: sched: act_csum: validate nested VLAN headers
Information published.
CVE-2026-31684
Sin clasificar
Microsoft
CVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()
Information published.
CVE-2026-31658
Sin clasificar
Microsoft
CVE-2026-23382 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them
Information published.
CVE-2026-23382
Sin clasificar
Microsoft
CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal
Information published.
CVE-2026-23391
Sin clasificar
Microsoft
CVE-2026-23359 bpf: Fix stack-out-of-bounds write in devmap
Information published.
CVE-2026-23359
Sin clasificar
Microsoft
CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects
Information published.
CVE-2026-23348
Sin clasificar
Microsoft
CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior
Information published.
CVE-2026-23378
Sin clasificar
Microsoft
CVE-2026-23352 x86/efi: defer freeing of boot services memory
Information published.
CVE-2026-23352
Sin clasificar
Microsoft
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
Information published.
CVE-2026-23371
Sin clasificar
Microsoft
CVE-2026-23351 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
Information published.
CVE-2026-23351
Sin clasificar
Microsoft
CVE-2026-23389 ice: Fix memory leak in ice_set_ringparam()
Information published.
CVE-2026-23389
Sin clasificar
Microsoft
CVE-2026-23365 net: usb: kalmia: validate USB endpoints
Information published.
CVE-2026-23365
Sin clasificar
Microsoft
CVE-2026-23398 icmp: fix NULL pointer dereference in icmp_tag_validation()
Information published.
CVE-2026-23398
Sin clasificar
Microsoft
CVE-2026-23396 wifi: mac80211: fix NULL deref in mesh_matches_local()
Information published.
CVE-2026-23396
Sin clasificar
Microsoft
CVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error path
Information published.
CVE-2026-23399
Sin clasificar
Microsoft
CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.
Information published.
CVE-2026-23394
Sin clasificar
Microsoft
CVE-2026-23362 can: bcm: fix locking for bcm_op runtime updates
Information published.
CVE-2026-23362
Sin clasificar
Microsoft
CVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
Information published.
CVE-2026-23370
Sin clasificar
Microsoft
CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown
Information published.
CVE-2026-23372
Sin clasificar
Microsoft
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
Information published.
CVE-2026-23361
Baja
Microsoft
CVE-2026-23392 netfilter: nf_tables: release flowtable after rcu grace period on error
Information published.
CVE-2026-23392
Sin clasificar
Microsoft
CVE-2026-23388 Squashfs: check metadata block offset is within range
Information published.
CVE-2026-23388
Sin clasificar
Microsoft
CVE-2026-23368 net: phy: register phy led_triggers during probe to avoid AB-BA deadlock
Information published.
CVE-2026-23368
Sin clasificar
Microsoft
CVE-2026-23364 ksmbd: Compare MACs in constant time
Information published.
CVE-2026-23364
Sin clasificar
Microsoft
CVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_open
Information published.
CVE-2026-23357
Sin clasificar
Microsoft
CVE-2026-23381 net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
Information published.
CVE-2026-23381
Sin clasificar
Microsoft
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
Information published.
CVE-2026-23395
Sin clasificar
Microsoft
CVE-2026-23374 blktrace: fix __this_cpu_read/write in preemptible context
Information published.
CVE-2026-23374
Sin clasificar
Microsoft
CVE-2026-23356 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()
Information published.
CVE-2026-23356
Sin clasificar
Microsoft
CVE-2026-23367 wifi: radiotap: reject radiotap with unknown bits
Information published.
CVE-2026-23367
Sin clasificar
Microsoft
CVE-2026-23379 net/sched: ets: fix divide by zero in the offload path
Information published.
CVE-2026-23379
Sin clasificar
Microsoft
CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion
Information published.
CVE-2026-23393
Sin clasificar
Microsoft
CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints
Information published.
CVE-2026-23397
Sin clasificar
Microsoft
CVE-2026-31788 xen/privcmd: restrict usage in unprivileged domU
Information published.
CVE-2026-31788
Sin clasificar
Microsoft
CVE-2026-23360 nvme: fix admin queue leak on controller reset
Information published.
CVE-2026-23360
Sin clasificar
Microsoft
CVE-2026-23442 ipv6: add NULL checks for idev in SRv6 paths
Information published.
CVE-2026-23442
Sin clasificar
Microsoft
CVE-2026-41080
Information published.
CVE-2026-41080
Sin clasificar
Microsoft
CVE-2026-41989
Information published.
CVE-2026-41989
Baja
Microsoft
CVE-2026-23438 net: mvpp2: guard flow control update with global_tx_fc in buffer switching
Information published.
CVE-2026-23438
Sin clasificar
Microsoft
CVE-2026-23439 udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n
Information published.
CVE-2026-23439
Sin clasificar
Microsoft
CVE-2026-23446 net: usb: aqc111: Do not perform PM inside suspend callback
Information published.
CVE-2026-23446
Sin clasificar
Microsoft
CVE-2026-23447 net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check
Information published.
CVE-2026-23447
Sin clasificar
Microsoft
CVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
Information published.
CVE-2026-23444
Baja
Microsoft
CVE-2026-5450 scanf %mc off-by-one heap buffer overflow
Information published.
CVE-2026-5450
Sin clasificar
Microsoft
CVE-2026-23428 ksmbd: fix use-after-free of share_conf in compound request
Information published.
CVE-2026-23428
Sin clasificar
Microsoft
CVE-2026-23434 mtd: rawnand: serialize lock/unlock against other NAND operations
Information published.
CVE-2026-23434
Sin clasificar
Microsoft
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup
Information published.
CVE-2026-41205
Sin clasificar
Microsoft
CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable
Information published.
CVE-2025-13763
Sin clasificar
Microsoft
CVE-2026-23340 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs
Information published.
CVE-2026-23340
Sin clasificar
Microsoft
CVE-2026-23324 can: usb: etas_es58x: correctly anchor the urb in the read bulk callback
Information published.
CVE-2026-23324
Sin clasificar
Microsoft
CVE-2026-23315 wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()
Information published.
CVE-2026-23315
Sin clasificar
Microsoft
CVE-2026-23330 nfc: nci: complete pending data exchange on device close
Information published.
CVE-2026-23330
Sin clasificar
Microsoft
CVE-2026-23318 ALSA: usb-audio: Use correct version for UAC3 header validation
Information published.
CVE-2026-23318
Sin clasificar
Microsoft
CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths
Information published.
CVE-2026-23339
Sin clasificar
Microsoft
CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
Information published.
CVE-2026-23335
Sin clasificar
Microsoft
CVE-2026-23336 wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()
Information published.
CVE-2026-23336
Sin clasificar
Microsoft
CVE-2026-5958 Race Condition in GNU Sed
Information published.
CVE-2026-5958
Sin clasificar
Microsoft
CVE-2026-35239
Information published.
CVE-2026-35239
Sin clasificar
Microsoft
CVE-2026-34271
Information published.
CVE-2026-34271
Sin clasificar
Microsoft
CVE-2026-35238
Information published.
CVE-2026-35238
Sin clasificar
Microsoft
CVE-2026-34267
Information published.
CVE-2026-34267
Sin clasificar
Microsoft
CVE-2026-22005
Information published.
CVE-2026-22005
Sin clasificar
Microsoft
CVE-2026-22015
Information published.
CVE-2026-22015
Sin clasificar
Microsoft
CVE-2026-31448 ext4: avoid infinite loops caused by residual data
Information published.
CVE-2026-31448
Sin clasificar
Microsoft
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()
Information published.
CVE-2026-31530
Sin clasificar
Microsoft
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
Information published.
CVE-2026-31480
Sin clasificar
Microsoft
CVE-2026-31450 ext4: publish jinode after initialization
Information published.
CVE-2026-31450
Sin clasificar
Microsoft
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Information published.
CVE-2026-31493
Sin clasificar
Microsoft
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds
Information published.
CVE-2026-31521
Sin clasificar
Microsoft
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Information published.
CVE-2026-31531
Sin clasificar
Microsoft
CVE-2026-41989
Information published.
CVE-2026-41989
Sin clasificar
Microsoft
CVE-2026-41988
Information published.
CVE-2026-41988
Sin clasificar
Microsoft
CVE-2026-34278
Information published.
CVE-2026-34278
Sin clasificar
Microsoft
CVE-2026-21998
Information published.
CVE-2026-21998
Sin clasificar
Microsoft
CVE-2026-35237
Information published.
CVE-2026-35237
Sin clasificar
Microsoft
CVE-2026-22009
Information published.
CVE-2026-22009
Sin clasificar
Microsoft
CVE-2026-34270
Information published.
CVE-2026-34270
Sin clasificar
Microsoft
CVE-2026-34293
Information published.
CVE-2026-34293
Sin clasificar
Microsoft
CVE-2026-22002
Information published.
CVE-2026-22002
Sin clasificar
Microsoft
CVE-2026-22017
Information published.
CVE-2026-22017
Sin clasificar
Microsoft
CVE-2026-34303
Information published.
CVE-2026-34303
Sin clasificar
Microsoft
CVE-2026-34308
Information published.
CVE-2026-34308
Sin clasificar
Microsoft
CVE-2026-34304
Information published.
CVE-2026-34304
Sin clasificar
Microsoft
CVE-2026-34276
Information published.
CVE-2026-34276
Sin clasificar
Microsoft
CVE-2026-22004
Information published.
CVE-2026-22004
Sin clasificar
Microsoft
CVE-2026-22001
Information published.
CVE-2026-22001
Sin clasificar
Microsoft
CVE-2026-35240
Information published.
CVE-2026-35240
Sin clasificar
Microsoft
CVE-2026-35236
Information published.
CVE-2026-35236
Sin clasificar
Microsoft
CVE-2026-40706
Information published.
CVE-2026-40706
Sin clasificar
Microsoft
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
Information published.
CVE-2026-31483
Sin clasificar
Microsoft
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
Information published.
CVE-2026-31507
Sin clasificar
Microsoft
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
Information published.
CVE-2026-31500
Sin clasificar
Microsoft
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Information published.
CVE-2026-31478
Sin clasificar
Microsoft
CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups
Information published.
CVE-2026-31528
Sin clasificar
Microsoft
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks
Information published.
CVE-2026-31453
Sin clasificar
Microsoft
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
Information published.
CVE-2026-31525
Sin clasificar
Microsoft
CVE-2026-31494 net: macb: use the current queue number for stats
Information published.
CVE-2026-31494
Media
Microsoft
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
Information published.
CVE-2026-31473
Sin clasificar
Microsoft
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
Information published.
CVE-2026-5187
Sin clasificar
Microsoft
CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()
Information published.
CVE-2026-31532
Baja
Dynamics
CVE-2026-32210 Microsoft Dynamics 365 (online) Spoofing Vulnerability
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32210
Baja
Microsoft 365
CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-33102
Baja
Microsoft
CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
CVE-2026-33819
Baja
Microsoft
CVE-2026-26150 Microsoft Purview eDiscovery Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-26150
Baja
Microsoft
CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-24303
Baja
Microsoft
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-35431
Baja
Microsoft
CVE-2026-32172 Microsoft Power Apps Remote Code Execution Vulnerability
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
CVE-2026-32172
Baja
Azure
CVE-2026-21515 Azure IoT Central Elevation of Privilege Vulnerability
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
CVE-2026-21515
Sin clasificar
Microsoft
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Information published.
CVE-2026-33750
Baja
Microsoft
CVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
Information published.
CVE-2026-27820
Baja
Microsoft
CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal
Information published.
CVE-2026-5928
Sin clasificar
Microsoft
CVE-2026-35239
Information published.
CVE-2026-35239
Sin clasificar
Microsoft
CVE-2026-34271
Information published.
CVE-2026-34271
Sin clasificar
Microsoft
CVE-2026-35238
Information published.
CVE-2026-35238
Sin clasificar
Microsoft
CVE-2026-34267
Information published.
CVE-2026-34267
Sin clasificar
Microsoft
CVE-2026-22005
Information published.
CVE-2026-22005
Sin clasificar
Microsoft
CVE-2026-22015
Information published.
CVE-2026-22015
Sin clasificar
Microsoft
CVE-2026-31452 ext4: convert inline data to extents when truncate exceeds inline size
Information published.
CVE-2026-31452
Sin clasificar
Microsoft
CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount
Information published.
CVE-2026-31455
Sin clasificar
Microsoft
CVE-2026-31476 ksmbd: do not expire session on binding failure
Information published.
CVE-2026-31476
Sin clasificar
Microsoft
CVE-2026-31474 can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
Information published.
CVE-2026-31474
Sin clasificar
Microsoft
CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()
Information published.
CVE-2026-31464
Sin clasificar
Microsoft
CVE-2026-31461 drm/amd/display: Fix drm_edid leak in amdgpu_dm
Information published.
CVE-2026-31461
Sin clasificar
Microsoft
CVE-2026-31441 dmaengine: idxd: Fix memory leak when a wq is reset
Information published.
CVE-2026-31441
Sin clasificar
Microsoft
CVE-2026-31454 xfs: save ailp before dropping the AIL lock in push callbacks
Information published.
CVE-2026-31454
Sin clasificar
Microsoft
CVE-2026-31432 ksmbd: fix OOB write in QUERY_INFO for compound requests
Information published.
CVE-2026-31432
Sin clasificar
Microsoft
CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports
Information published.
CVE-2026-31502
Sin clasificar
Microsoft
CVE-2026-31495 netfilter: ctnetlink: use netlink policy range checks
Information published.
CVE-2026-31495
Sin clasificar
Microsoft
CVE-2026-31448 ext4: avoid infinite loops caused by residual data
Information published.
CVE-2026-31448
Sin clasificar
Microsoft
CVE-2026-31439 dmaengine: xilinx: xdma: Fix regmap init error handling
Information published.
CVE-2026-31439
Sin clasificar
Microsoft
CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()
Information published.
CVE-2026-31477
Sin clasificar
Microsoft
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()
Information published.
CVE-2026-31530
Sin clasificar
Microsoft
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
Information published.
CVE-2026-31480
Sin clasificar
Microsoft
CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
Information published.
CVE-2026-31512
Sin clasificar
Microsoft
CVE-2026-31450 ext4: publish jinode after initialization
Information published.
CVE-2026-31450
Sin clasificar
Microsoft
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Information published.
CVE-2026-31493
Sin clasificar
Microsoft
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds
Information published.
CVE-2026-31521
Baja
Microsoft
CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()
Information published.
CVE-2026-41445
Sin clasificar
Microsoft
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Information published.
CVE-2026-39882
Sin clasificar
Microsoft
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Information published.
CVE-2026-32288
Sin clasificar
Microsoft
CVE-2026-5160
Information published.
CVE-2026-5160
Baja
Microsoft
CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal
Information published.
CVE-2026-5358
Sin clasificar
Microsoft
CVE-2026-34278
Information published.
CVE-2026-34278
Sin clasificar
Microsoft
CVE-2026-21998
Information published.
CVE-2026-21998
Sin clasificar
Microsoft
CVE-2026-35237
Information published.
CVE-2026-35237
Sin clasificar
Microsoft
CVE-2026-22009
Information published.
CVE-2026-22009
Sin clasificar
Microsoft
CVE-2026-34270
Information published.
CVE-2026-34270
Sin clasificar
Microsoft
CVE-2026-34293
Information published.
CVE-2026-34293
Sin clasificar
Microsoft
CVE-2026-22002
Information published.
CVE-2026-22002
Sin clasificar
Microsoft
CVE-2026-22017
Information published.
CVE-2026-22017
Sin clasificar
Microsoft
CVE-2026-34303
Information published.
CVE-2026-34303
Sin clasificar
Microsoft
CVE-2026-34308
Information published.
CVE-2026-34308
Sin clasificar
Microsoft
CVE-2026-34304
Information published.
CVE-2026-34304
Sin clasificar
Microsoft
CVE-2026-34276
Information published.
CVE-2026-34276
Sin clasificar
Microsoft
CVE-2026-22004
Information published.
CVE-2026-22004
Sin clasificar
Microsoft
CVE-2026-22001
Information published.
CVE-2026-22001
Sin clasificar
Microsoft
CVE-2026-35240
Information published.
CVE-2026-35240
Sin clasificar
Microsoft
CVE-2026-35236
Information published.
CVE-2026-35236
Sin clasificar
Microsoft
CVE-2026-40706
Information published.
CVE-2026-40706
Sin clasificar
Microsoft
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Information published.
CVE-2026-3219
Sin clasificar
Microsoft
CVE-2026-40890 github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer
Information published.
CVE-2026-40890
Sin clasificar
Microsoft
CVE-2026-31524 HID: asus: avoid memory leak in asus_report_fixup()
Information published.
CVE-2026-31524
Sin clasificar
Microsoft
CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex
Information published.
CVE-2026-31486
Sin clasificar
Microsoft
CVE-2026-31487 spi: use generic driver_override infrastructure
Information published.
CVE-2026-31487
Sin clasificar
Microsoft
CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc
Information published.
CVE-2026-31496
Sin clasificar
Microsoft
CVE-2026-31515 af_key: validate families in pfkey_send_migrate()
Information published.
CVE-2026-31515
Sin clasificar
Microsoft
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
Information published.
CVE-2026-31516
Sin clasificar
Microsoft
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation
Information published.
CVE-2026-31488
Sin clasificar
Microsoft
CVE-2026-31527 driver core: platform: use generic driver_override infrastructure
Information published.
CVE-2026-31527
Sin clasificar
Microsoft
CVE-2026-31506 net: bcmasp: fix double free of WoL irq
Information published.
CVE-2026-31506
Sin clasificar
Microsoft
CVE-2026-31458 mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]
Information published.
CVE-2026-31458
Sin clasificar
Microsoft
CVE-2026-31504 net: fix fanout UAF in packet_release() via NETDEV_UP race
Information published.
CVE-2026-31504
Media
Microsoft
CVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse case
Information published.
CVE-2026-31462
Sin clasificar
Microsoft
CVE-2026-31523 nvme-pci: ensure we're polling a polled queue
Information published.
CVE-2026-31523
Sin clasificar
Microsoft
CVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indices
Information published.
CVE-2026-31497
Sin clasificar
Microsoft
CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory
Information published.
CVE-2026-31440
Sin clasificar
Microsoft
CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
Information published.
CVE-2026-31505
Sin clasificar
Microsoft
CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place
Information published.
CVE-2026-31431
Sin clasificar
Microsoft
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path
Information published.
CVE-2026-31489
Sin clasificar
Microsoft
CVE-2026-31469 virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false
Information published.
CVE-2026-31469
Sin clasificar
Microsoft
CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb
Information published.
CVE-2026-31510
Sin clasificar
Microsoft
CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes
Information published.
CVE-2026-31449
Sin clasificar
Microsoft
CVE-2026-31482 s390/entry: Scrub r12 register on kernel entry
Information published.
CVE-2026-31482
Sin clasificar
Microsoft
CVE-2026-31518 esp: fix skb leak with espintcp and async crypto
Information published.
CVE-2026-31518
Sin clasificar
Microsoft
CVE-2026-31446 ext4: fix use-after-free in update_super_work when racing with umount
Information published.
CVE-2026-31446
Sin clasificar
Microsoft
CVE-2026-31520 HID: apple: avoid memory leak in apple_report_fixup()
Information published.
CVE-2026-31520
Sin clasificar
Microsoft
CVE-2026-31519 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create
Information published.
CVE-2026-31519
Sin clasificar
Microsoft
CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests
Information published.
CVE-2026-31433
Sin clasificar
Microsoft
CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)
Information published.
CVE-2026-31485
Sin clasificar
Microsoft
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
Information published.
CVE-2026-31483
Sin clasificar
Microsoft
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
Information published.
CVE-2026-31507
Sin clasificar
Microsoft
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
Information published.
CVE-2026-31500
Sin clasificar
Microsoft
CVE-2026-31447 ext4: reject mount if bigalloc with s_first_data_block != 0
Information published.
CVE-2026-31447
Sin clasificar
Microsoft
CVE-2026-31444 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()
Information published.
CVE-2026-31444
Sin clasificar
Microsoft
CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
Information published.
CVE-2026-31522
Sin clasificar
Microsoft
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Information published.
CVE-2026-31478
Sin clasificar
Microsoft
CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device
Information published.
CVE-2026-31509
Sin clasificar
Microsoft
CVE-2026-31451 ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio
Information published.
CVE-2026-31451
Sin clasificar
Microsoft
CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups
Information published.
CVE-2026-31528
Sin clasificar
Microsoft
CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2
Information published.
CVE-2026-31503
Sin clasificar
Microsoft
CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop
Information published.
CVE-2026-31498
Sin clasificar
Microsoft
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks
Information published.
CVE-2026-31453
Sin clasificar
Microsoft
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
Information published.
CVE-2026-31525
Sin clasificar
Microsoft
CVE-2026-31467 erofs: add GFP_NOIO in the bio completion if needed
Information published.
CVE-2026-31467
Sin clasificar
Microsoft
CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it
Information published.
CVE-2026-31492
Sin clasificar
Microsoft
CVE-2026-31494 net: macb: use the current queue number for stats
Information published.
CVE-2026-31494
Media
Microsoft
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
Information published.
CVE-2026-31473
Sin clasificar
Microsoft
CVE-2026-6507 Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing
Information published.
CVE-2026-6507
Sin clasificar
Microsoft
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
Information published.
CVE-2026-28808
Sin clasificar
Microsoft
CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input
Information published.
CVE-2026-6409
Sin clasificar
Microsoft
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
Information published.
CVE-2026-5187
Sin clasificar
Microsoft
CVE-2026-26171 .NET Denial of Service Vulnerability
The CVE was updated to include Powershell 7.6 and 7.5
CVE-2026-26171
Baja
Microsoft
CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal
Information published.
CVE-2026-5928
Sin clasificar
Microsoft
CVE-2026-5958 Race Condition in GNU Sed
Information published.
CVE-2026-5958
Sin clasificar
Windows
CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows
Information published.
CVE-2025-14821
Sin clasificar
Microsoft
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Information published.
CVE-2026-4786
CVE-2026-4519
Baja
Microsoft
CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal
Information published.
CVE-2026-5358
Baja
Microsoft
CVE-2026-5450 scanf %mc off-by-one heap buffer overflow
Information published.
CVE-2026-5450
Sin clasificar
Microsoft
CVE-2026-31430 X.509: Fix out-of-bounds access when parsing extensions
Information published.
CVE-2026-31430
Sin clasificar
Microsoft
CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head
Information published.
CVE-2026-31429
Sin clasificar
Windows
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-32223
Sin clasificar
Windows
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-26168
Baja
Microsoft
CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-40372
Sin clasificar
Microsoft
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Information published.
CVE-2026-32288
Sin clasificar
Microsoft
CVE-2026-41254
Information published.
CVE-2026-41254
Sin clasificar
Visual Studio
CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
Added acknowledgements. This is an informational change only.
CVE-2026-21523
Sin clasificar
Windows Server
CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability
Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.
CVE-2026-32077
Sin clasificar
Microsoft
CVE-2026-26149 Microsoft Power Apps Spoofing Vulnerability
Boletin publicado por Microsoft Security Response Center.
CVE-2026-26149
Sin clasificar
Microsoft
CVE-2026-5160
Information published.
CVE-2026-5160
Sin clasificar
Microsoft
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Information published.
CVE-2026-6100
Sin clasificar
Microsoft
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Information published.
CVE-2026-4786
CVE-2026-4519
Baja
Microsoft
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Information published.
CVE-2026-33056
Sin clasificar
Microsoft
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
Information published.
CVE-2026-33055
Baja
Microsoft Edge
Chromium: CVE-2026-6296 Heap buffer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6296
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6363 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6363
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6359 Use after free in Video
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6359
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6364 Out of bounds read in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6364
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6362 Use after free in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6362
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6313
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6314 Out of bounds write in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6314
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6318 Use after free in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6318
Baja
Microsoft Edge
Chromium: CVE-2026-6361 Heap buffer overflow in PDFium
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6361
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6310 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6310
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6360 Use after free in FileSystem
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6360
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6316 Use after free in Forms
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6316
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6309 Use after free in Viz
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6309
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6311 Uninitialized Use in Accessibility
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6311
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6307 Type Confusion in Turbofan
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6307
Baja
Microsoft Edge
Chromium: CVE-2026-6306 Heap buffer overflow in PDFium
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6306
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6303 Use after free in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6303
Media
Microsoft Edge
Chromium: CVE-2026-6308 Out of bounds read in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6308
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6302 Use after free in Video
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6302
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6300 Use after free in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6300
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6304 Use after free in Graphite
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6304
Baja
Microsoft Edge
Chromium: CVE-2026-6305 Heap buffer overflow in PDFium
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6305
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6301 Type Confusion in Turbofan
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6301
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6317 Use after free in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6317
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6312
Baja
Microsoft Edge
Chromium: CVE-2026-6298 Heap buffer overflow in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6298
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6297 Use after free in Proxy
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6297
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6299 Use after free in Prerender
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6299
Sin clasificar
Microsoft
CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input
Information published.
CVE-2026-33948
Sin clasificar
Microsoft
CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed
Information published.
CVE-2026-40164
Sin clasificar
Microsoft
CVE-2026-35469 SpdyStream: DOS on CRI
Information published.
CVE-2026-35469
Sin clasificar
Microsoft
CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure
Information published.
CVE-2026-39956
Sin clasificar
Microsoft
CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount
Information published.
CVE-2026-35201
Baja
Microsoft
CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow
Information published.
CVE-2026-32316
Sin clasificar
Microsoft
CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()
Information published.
CVE-2026-33947
Sin clasificar
Microsoft
CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers
Information published.
CVE-2026-39979
Sin clasificar
Microsoft
CVE-2026-41035
Information published.
CVE-2026-41035
Baja
Microsoft
CVE-2026-35199 SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation
Information published.
CVE-2026-35199
Sin clasificar
Windows
CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows
Information published.
CVE-2025-14821
Sin clasificar
Microsoft
CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer
Information published.
CVE-2026-40179
Sin clasificar
Microsoft
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Information published.
CVE-2026-2673
Sin clasificar
Windows
CVE-2025-64669 Windows Admin Center Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2025-64669
Sin clasificar
Windows
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-32223
Sin clasificar
Microsoft
CVE-2026-23666 .NET Framework Denial of Service Vulnerability
Executive Summary updated
CVE-2026-23666
Sin clasificar
Microsoft
CVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
Information published.
CVE-2025-30258
Baja
Microsoft
CVE-2026-27171 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
Information published.
CVE-2026-27171
Sin clasificar
Microsoft
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Information published.
CVE-2025-61729
Sin clasificar
Microsoft
CVE-2025-14523 Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins)
Information published.
CVE-2025-14523
Sin clasificar
Microsoft
CVE-2025-1220 Null byte termination in hostnames
Information published.
CVE-2025-1220
Baja
Microsoft
CVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()
Information published.
CVE-2026-34743
Baja
Microsoft
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Information published.
CVE-2026-31789
Sin clasificar
Microsoft
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
CVE-2026-28387
Sin clasificar
Microsoft
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Information published.
CVE-2026-28388
Baja
Microsoft
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
Information published.
CVE-2026-27144
Sin clasificar
Microsoft
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
Information published.
CVE-2026-32282
Sin clasificar
Microsoft
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Information published.
CVE-2026-34757
Sin clasificar
Microsoft
CVE-2026-40385
Information published.
CVE-2026-40385
Sin clasificar
Microsoft
CVE-2026-33555
Information published.
CVE-2026-33555
Sin clasificar
Microsoft
CVE-2026-5466 wc_VerifyEccsiHash missing sanity check
Information published.
CVE-2026-5466
Sin clasificar
Microsoft
CVE-2026-5194 wolfSSL ECDSA Certificate Verification
Information published.
CVE-2026-5194
Baja
Microsoft
CVE-2026-5448 1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore
Information published.
CVE-2026-5448
Baja
Microsoft
CVE-2026-5264 DTLS 1.3 ACK heap buffer overflow
Information published.
CVE-2026-5264
Baja
Microsoft
CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.
Information published.
CVE-2026-5778
Sin clasificar
Microsoft
CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3
Information published.
CVE-2026-5460
Sin clasificar
Microsoft
CVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse
Information published.
CVE-2026-5446
Baja
Microsoft
CVE-2026-34601 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion
Information published.
CVE-2026-34601
Sin clasificar
Microsoft
CVE-2026-35093 Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
Information published.
CVE-2026-35093
Sin clasificar
Microsoft
CVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templates
Information published.
CVE-2026-35611
Sin clasificar
Microsoft
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Information published.
CVE-2026-28389
Sin clasificar
Microsoft
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
CVE-2026-28390
Sin clasificar
Microsoft
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Information published.
CVE-2026-32288
Sin clasificar
Microsoft
CVE-2026-32281 Inefficient policy validation in crypto/x509
Information published.
CVE-2026-32281
Sin clasificar
Microsoft
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
Information published.
CVE-2026-32283
Sin clasificar
Microsoft
CVE-2026-32280 Unexpected work during chain building in crypto/x509
Information published.
CVE-2026-32280
Sin clasificar
Microsoft
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Information published.
CVE-2026-27143
Sin clasificar
Microsoft
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
Information published.
CVE-2026-27140
Sin clasificar
Microsoft
CVE-2026-40386
Information published.
CVE-2026-40386
Sin clasificar
Microsoft
CVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS
Information published.
CVE-2026-5393
Baja
Microsoft
CVE-2026-5500 Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication Bypass
Information published.
CVE-2026-5500
Sin clasificar
Microsoft
CVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext Recovery
Information published.
CVE-2026-5504
Baja
Microsoft
CVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates
Information published.
CVE-2026-5501
Sin clasificar
Microsoft
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer
Information published.
CVE-2026-5507
Baja
Microsoft
CVE-2026-5477 Prefix-substitution forgery via integer overflow in wolfCrypt CMAC
Information published.
CVE-2026-5477
Sin clasificar
Microsoft
CVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag
Information published.
CVE-2026-5479
Sin clasificar
Microsoft
CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName
Information published.
CVE-2026-5503
Baja
Microsoft
CVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OID
Information published.
CVE-2026-5295
Baja
Microsoft
CVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSL
Information published.
CVE-2026-5188
Baja
Microsoft
CVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier
Information published.
CVE-2026-5447
Sin clasificar
Microsoft
CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation
Information published.
CVE-2026-5772
Sin clasificar
Microsoft
CVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints()
Information published.
CVE-2026-5263
Sin clasificar
Microsoft
CVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streaming
Information published.
CVE-2026-5392
Sin clasificar
Microsoft
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Information published.
CVE-2026-1502
Sin clasificar
Microsoft
CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount
Information published.
CVE-2026-35201
Sin clasificar
Microsoft
CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
Information published.
CVE-2026-34481
Sin clasificar
Microsoft
CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters
Information published.
CVE-2026-34479
Sin clasificar
Microsoft
CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
Information published.
CVE-2026-34480
Sin clasificar
Microsoft
CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Information published.
CVE-2026-40175
Sin clasificar
Microsoft
CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF
Information published.
CVE-2025-62718
Sin clasificar
Microsoft
CVE-2026-3644 Incomplete control character validation in http.cookies
Information published.
CVE-2026-3644
Sin clasificar
Microsoft
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Information published.
CVE-2026-33636
Sin clasificar
Microsoft
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
Information published.
CVE-2026-33938
Sin clasificar
Microsoft
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
Information published.
CVE-2026-33939
Sin clasificar
Microsoft
CVE-2026-27139 FileInfo can escape from a Root in os
Information published.
CVE-2026-27139
Sin clasificar
Microsoft
CVE-2026-32776
Information published.
CVE-2026-32776
Sin clasificar
Microsoft
CVE-2026-32778
Information published.
CVE-2026-32778
Sin clasificar
Microsoft
CVE-2026-32777
Information published.
CVE-2026-32777
Sin clasificar
Microsoft
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Information published.
CVE-2026-2673
Baja
Microsoft
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Information published.
CVE-2026-33056
Sin clasificar
Microsoft
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
Information published.
CVE-2026-33055
Baja
Microsoft
CVE-2026-3849 Buffer Overflow in HPKE via Oversized ECH Config
Information published.
CVE-2026-3849
Sin clasificar
Microsoft
CVE-2026-3579 Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I
Information published.
CVE-2026-3579
Sin clasificar
Microsoft
CVE-2026-2645 Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
Information published.
CVE-2026-2645
Baja
Microsoft
CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function
Information published.
CVE-2026-2646
Sin clasificar
Microsoft
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation
Information published.
CVE-2026-1519
Sin clasificar
Microsoft
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Information published.
CVE-2026-33416
Sin clasificar
Microsoft
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Information published.
CVE-2026-33671
Sin clasificar
Microsoft
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
Information published.
CVE-2026-33895
Sin clasificar
Microsoft
CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
Information published.
CVE-2026-33896
Sin clasificar
Microsoft
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Information published.
CVE-2026-33891
Sin clasificar
Microsoft
CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
Information published.
CVE-2026-33941
Sin clasificar
Microsoft
CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
Information published.
CVE-2026-33940
Sin clasificar
Microsoft
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
Information published.
CVE-2026-4176
Baja
Microsoft
CVE-2026-4739 Integer overflow vulnerabilities in InsightSoftwareConsortium/ITK
Information published.
CVE-2026-4739
Sin clasificar
Microsoft
CVE-2026-32287 Infinite loop in github.com/antchfx/xpath
Information published.
CVE-2026-32287
Baja
Windows
CVE-2026-20930 Windows Management Services Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20930
Baja
Windows
CVE-2026-25250 MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix
Missing cryptographic step in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-25250
Baja
Visual Studio
CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
CVE-2026-23653
Baja
Microsoft
CVE-2026-25184 Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-25184
Baja
Microsoft Office
CVE-2026-20945 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-20945
Baja
Windows
CVE-2026-23670 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
CVE-2026-23670
Baja
Microsoft
CVE-2026-26149 Microsoft Power Apps Security Feature Bypass
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.
CVE-2026-26149
Baja
Windows
CVE-2026-26151 Remote Desktop Spoofing Vulnerability
Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26151
Baja
Windows Server
CVE-2026-26154 Windows Server Update Service (WSUS) Tampering Vulnerability
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
CVE-2026-26154
Sin clasificar
Microsoft
CVE-2026-26155 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
Information published.
CVE-2026-26155
Crítica
Windows
CVE-2026-26160 Remote Desktop Licensing Service Elevation of Privilege Vulnerability
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26160
Baja
Windows
CVE-2026-26161 Windows Sensor Data Service Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26161
Baja
Windows
CVE-2026-26162 Windows OLE Elevation of Privilege Vulnerability
Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.
CVE-2026-26162
Baja
Windows
CVE-2026-26165 Windows Shell Elevation of Privilege Vulnerability
Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2026-26165
Baja
Windows
CVE-2026-26166 Windows Shell Elevation of Privilege Vulnerability
Double free in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2026-26166
Baja
Windows
CVE-2026-26167 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-26167
Baja
Windows Server
CVE-2026-26174 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26174
Baja
Windows
CVE-2026-26175 Windows Boot Manager Security Feature Bypass Vulnerability
Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-26175
Baja
Windows
CVE-2026-26179 Windows Kernel Elevation of Privilege Vulnerability
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26179
Baja
Windows
CVE-2026-26180 Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26180
Baja
Microsoft
CVE-2026-26181 Microsoft Brokering File System Elevation of Privilege Vulnerability
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-26181
Baja
Windows
CVE-2026-26183 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.
CVE-2026-26183
Baja
Windows
CVE-2026-27906 Windows Hello Security Feature Bypass Vulnerability
Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.
CVE-2026-27906
Baja
Windows
CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-27907
Baja
Windows
CVE-2026-27908 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-27908
Baja
Windows
CVE-2026-27915 Windows UPnP Device Host Elevation of Privilege Vulnerability
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27915
Baja
Windows
CVE-2026-27917 Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability
Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-27917
Baja
Windows
CVE-2026-27918 Windows Shell Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2026-27918
Baja
Windows
CVE-2026-27919 Windows UPnP Device Host Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27919
Baja
Windows
CVE-2026-27921 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-27921
Baja
Microsoft
CVE-2026-27924 Desktop Window Manager Elevation of Privilege Vulnerability
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-27924
Baja
Windows
CVE-2026-27926 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-27926
Baja
Windows
CVE-2026-27927 Windows Projected File System Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-27927
Baja
Windows
CVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability
Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.
CVE-2026-27929
Baja
Windows
CVE-2026-27931 Windows GDI Information Disclosure Vulnerability
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
CVE-2026-27931
Baja
Windows
CVE-2026-32071 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2026-32071
Baja
Windows
CVE-2026-32073 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-32073
Baja
Windows
CVE-2026-32075 Windows UPnP Device Host Elevation of Privilege Vulnerability
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-32075
Baja
Windows
CVE-2026-32081 Package Catalog Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32081
Baja
Windows
CVE-2026-32082 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32082
Baja
Windows
CVE-2026-32083 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32083
Baja
Windows
CVE-2026-32085 Remote Procedure Call Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.
CVE-2026-32085
Baja
Windows
CVE-2026-32087 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32087
Baja
Windows
CVE-2026-32089 Windows Speech Brokered Api Elevation of Privilege Vulnerability
Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
CVE-2026-32089
Baja
Windows
CVE-2026-32090 Windows Speech Brokered Api Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
CVE-2026-32090
Baja
Windows
CVE-2026-32093 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32093
Baja
Microsoft
CVE-2026-32152 Desktop Window Manager Elevation of Privilege Vulnerability
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32152
Baja
Microsoft
CVE-2026-32154 Desktop Window Manager Elevation of Privilege Vulnerability
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32154
Baja
Windows
CVE-2026-32156 Windows UPnP Device Host Remote Code Execution Vulnerability
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.
CVE-2026-32156
Baja
Microsoft
CVE-2026-32157 Remote Desktop Client Remote Code Execution Vulnerability
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-32157
Baja
Windows
CVE-2026-32158 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32158
Baja
Windows
CVE-2026-32159 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32159
Baja
Windows
CVE-2026-32160 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32160
Baja
Windows
CVE-2026-0390 UEFI Secure Boot Security Feature Bypass Vulnerability
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
CVE-2026-0390
Baja
Windows
CVE-2026-32165 Windows User Interface Core Elevation of Privilege Vulnerability
Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-32165
Baja
SQL Server
CVE-2026-32167 SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32167
Baja
Azure
CVE-2026-32168 Azure Monitor Agent Elevation of Privilege Vulnerability
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32168
Baja
Microsoft
CVE-2026-32178 .NET Spoofing Vulnerability
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32178
Baja
Windows
CVE-2026-32181 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
CVE-2026-32181
Baja
Windows
CVE-2026-32183 Windows Snipping Tool Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.
CVE-2026-32183
Baja
Microsoft
CVE-2026-32184 Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
CVE-2026-32184
Baja
Microsoft Office
CVE-2026-32188 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-32188
Baja
Microsoft Office
CVE-2026-32189 Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32189
Baja
Azure
CVE-2026-32192 Azure Monitor Agent Elevation of Privilege Vulnerability
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32192
Baja
Windows
CVE-2026-32195 Windows Kernel Elevation of Privilege Vulnerability
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-32195
Baja
Windows
CVE-2026-32202 Windows Shell Spoofing Vulnerability
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32202
Baja
Windows
CVE-2026-32215 Windows Kernel Information Disclosure Vulnerability
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-32215
Baja
Windows
CVE-2026-32216 Windows Redirected Drive Buffering System Denial of Service Vulnerability
Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.
CVE-2026-32216
Baja
Windows
CVE-2026-32217 Windows Kernel Information Disclosure Vulnerability
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-32217
Baja
Windows
CVE-2026-32218 Windows Kernel Information Disclosure Vulnerability
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-32218
Baja
Windows
CVE-2023-20585 AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability
The vulnerability assigned to this CVE could lead to corruption of guest encrypted memory. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to ...
CVE-2023-20585
Baja
Microsoft
CVE-2026-32219 Microsoft Brokering File System Elevation of Privilege Vulnerability
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32219
Baja
Windows
CVE-2026-32220 UEFI Secure Boot Security Feature Bypass Vulnerability
Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
CVE-2026-32220
Baja
Windows
CVE-2026-32221 Windows Graphics Component Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
CVE-2026-32221
Baja
Windows
CVE-2026-32222 Windows Win32k Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-32222
Baja
Windows
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-32223
Baja
Windows Server
CVE-2026-32224 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32224
Baja
Microsoft
CVE-2026-32226 .NET Framework Denial of Service Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-32226
Baja
Microsoft Office
CVE-2026-33095 Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33095
Baja
Windows
CVE-2026-33096 HTTP.sys Denial of Service Vulnerability
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
CVE-2026-33096
Baja
Windows
CVE-2026-33098 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-33098
Baja
Visual Studio
CVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
CVE-2026-33116
Baja
SQL Server
CVE-2026-33120 Microsoft SQL Server Remote Code Execution Vulnerability
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-33120
Baja
Microsoft Office
CVE-2026-33822 Microsoft Word Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-33822
Baja
Defender
CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
CVE-2026-33825
Baja
Windows
CVE-2026-33826 Windows Active Directory Remote Code Execution Vulnerability
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
CVE-2026-33826
Baja
Microsoft
CVE-2026-32212 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVE-2026-32212
Sin clasificar
Microsoft
ADV990001 Latest Servicing Stack Updates
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
Sin clasificar
Microsoft
CVE-2025-6965 Integer Truncation on SQLite
This CVE has been updated to include new package information
CVE-2025-6965
Sin clasificar
Visual Studio
CVE-2026-32631 GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes
[CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) is regarding a vulnerability where it is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a ...
CVE-2026-32631
Media
Visual Studio
CVE-2026-21637 HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers
[CVE-2026-21637](https://www.cve.org/CVERecord?id=CVE-2026-21637) is regarding a vulnerability in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or AL...
CVE-2026-21637
Baja
Windows
CVE-2026-20928 Windows Recovery Environment Security Feature Bypass Vulnerability
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-20928
Baja
Windows
CVE-2026-20806 Windows COM Server Information Disclosure Vulnerability
Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.
CVE-2026-20806
Baja
Microsoft Office
CVE-2026-23657 Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-23657
Baja
Microsoft
CVE-2026-23666 .NET Framework Denial of Service Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-23666
Baja
Microsoft
CVE-2026-26143 Microsoft PowerShell Security Feature Bypass Vulnerability
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-26143
Baja
Windows
CVE-2026-26152 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-26152
Baja
Windows
CVE-2026-26153 Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability
Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-26153
Baja
Windows
CVE-2026-26156 Windows Hyper-V Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-26156
Crítica
Windows
CVE-2026-26159 Remote Desktop Licensing Service Elevation of Privilege Vulnerability
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26159
Baja
Windows
CVE-2026-26163 Windows Kernel Elevation of Privilege Vulnerability
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26163
Baja
Windows
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26168
Baja
Windows
CVE-2026-26169 Windows Kernel Memory Information Disclosure Vulnerability
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
CVE-2026-26169
Baja
Microsoft
CVE-2026-26170 PowerShell Elevation of Privilege Vulnerability
Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2026-26170
Baja
Windows
CVE-2026-26172 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-26172
Baja
Windows
CVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26173
Baja
Windows
CVE-2026-26176 Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-26176
Baja
Windows
CVE-2026-26177 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26177
Baja
Windows
CVE-2026-26178 Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability
Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.
CVE-2026-26178
Baja
Windows
CVE-2026-26182 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26182
Baja
Windows
CVE-2026-26184 Windows Projected File System Elevation of Privilege Vulnerability
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-26184
Baja
Windows
CVE-2026-27909 Windows Search Service Elevation of Privilege Vulnerability
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2026-27909
Baja
Windows
CVE-2026-27910 Windows Installer Elevation of Privilege Vulnerability
Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-27910
Baja
Windows
CVE-2026-27911 Windows User Interface Core Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-27911
Baja
Windows
CVE-2026-27912 Windows Kerberos Elevation of Privilege Vulnerability
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-27912
Baja
Windows
CVE-2026-27913 Windows BitLocker Security Feature Bypass Vulnerability
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-27913
Baja
Microsoft
CVE-2026-27914 Microsoft Management Console Elevation of Privilege Vulnerability
Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
CVE-2026-27914
Baja
Windows
CVE-2026-27916 Windows UPnP Device Host Elevation of Privilege Vulnerability
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27916
Baja
Windows
CVE-2026-27920 Windows UPnP Device Host Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27920
Baja
Windows
CVE-2026-27922 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-27922
Baja
Microsoft
CVE-2026-27923 Desktop Window Manager Elevation of Privilege Vulnerability
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-27923
Baja
Windows
CVE-2026-27925 Windows UPnP Device Host Information Disclosure Vulnerability
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.
CVE-2026-27925
Baja
Windows
CVE-2026-27928 Windows Hello Security Feature Bypass Vulnerability
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-27928
Baja
Windows
CVE-2026-27930 Windows GDI Information Disclosure Vulnerability
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
CVE-2026-27930
Baja
Windows
CVE-2026-32068 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32068
Baja
Windows
CVE-2026-32069 Windows Projected File System Elevation of Privilege Vulnerability
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32069
Baja
Windows
CVE-2026-32070 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-32070
Baja
Windows
CVE-2026-32072 Active Directory Spoofing Vulnerability
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
CVE-2026-32072
Baja
Windows
CVE-2026-32074 Windows Projected File System Elevation of Privilege Vulnerability
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32074
Baja
Windows
CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-32076
Baja
Windows
CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-32077
Baja
Windows
CVE-2026-32078 Windows Projected File System Elevation of Privilege Vulnerability
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32078
Baja
Windows
CVE-2026-32079 Web Account Manager Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32079
Baja
Windows
CVE-2026-32080 Windows WalletService Elevation of Privilege Vulnerability
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
CVE-2026-32080
Baja
Windows
CVE-2026-32084 Windows Print Spooler Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32084
Baja
Windows
CVE-2026-32086 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32086
Baja
Windows
CVE-2026-32088 Windows Biometric Service Security Feature Bypass Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-32088
Baja
Microsoft
CVE-2026-32091 Microsoft Brokering File System Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32091
Baja
Windows
CVE-2026-32149 Windows Hyper-V Remote Code Execution Vulnerability
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-32149
Baja
Windows
CVE-2026-32150 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32150
Baja
Windows
CVE-2026-32151 Windows Shell Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.
CVE-2026-32151
Baja
Windows
CVE-2026-32153 Windows Speech Runtime Elevation of Privilege Vulnerability
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2026-32153
Baja
Microsoft
CVE-2026-32155 Desktop Window Manager Elevation of Privilege Vulnerability
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32155
Baja
Windows
CVE-2026-32162 Windows COM Elevation of Privilege Vulnerability
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32162
Baja
Windows
CVE-2026-32163 Windows User Interface Core Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-32163
Baja
Windows
CVE-2026-32164 Windows User Interface Core Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-32164
Baja
Azure
CVE-2026-32171 Azure Logic Apps Elevation of Privilege Vulnerability
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-32171
Baja
SQL Server
CVE-2026-32176 SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32176
Baja
Microsoft Office
CVE-2026-32190 Microsoft Office Remote Code Execution Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-32190
Baja
Windows
CVE-2026-32196 Windows Admin Center Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32196
Baja
Microsoft Office
CVE-2026-32197 Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32197
Baja
Microsoft Office
CVE-2026-32198 Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32198
Baja
Microsoft Office
CVE-2026-32199 Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32199
Baja
Microsoft Office
CVE-2026-32200 Microsoft PowerPoint Remote Code Execution Vulnerability
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-32200
Baja
Microsoft
CVE-2026-26171 .NET Denial of Service Vulnerability
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-26171
Baja
Visual Studio
CVE-2026-32203 .NET and Visual Studio Denial of Service Vulnerability
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
CVE-2026-32203
Baja
Windows
CVE-2026-32225 Windows Shell Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-32225
Baja
Windows
CVE-2026-33099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-33099
Baja
Windows
CVE-2026-33100 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-33100
Baja
Windows
CVE-2026-33101 Windows Print Spooler Elevation of Privilege Vulnerability
Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-33101
Baja
Dynamics
CVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.
CVE-2026-33103
Baja
Windows
CVE-2026-33104 Win32k Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-33104
Baja
Microsoft Office
CVE-2026-33114 Microsoft Word Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33114
Baja
Microsoft Office
CVE-2026-33115 Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33115
Baja
Windows
CVE-2026-33827 Windows TCP/IP Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2026-33827
Baja
Windows
CVE-2026-33824 Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
CVE-2026-33824
Baja
Windows
CVE-2026-33829 Windows Snipping Tool Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33829
Baja
Microsoft
CVE-2026-32214 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVE-2026-32214
Sin clasificar
SharePoint
CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability
Added an acknowledgement. This is an informational change only.
CVE-2026-32201
Baja
Microsoft Office
CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32201
Sin clasificar
Microsoft Edge
CVE-2026-32187 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability - Rejected
Microsoft has changed the status of this CVE to Rejected as we have determined that this is not a vulnerability.
CVE-2026-32187
Baja
Microsoft
CVE-2025-1147 GNU Binutils nm nm.c internal_strlen buffer overflow
Information published.
CVE-2025-1147
Sin clasificar
Microsoft
CVE-2025-1148 GNU Binutils ld ldelfgen.c link_order_scan memory leak
Information published.
CVE-2025-1148
Sin clasificar
Microsoft
CVE-2025-11839 GNU Binutils prdbg.c tg_tag_type return value
Information published.
CVE-2025-11839
Sin clasificar
Microsoft
CVE-2025-69646 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.
Information published.
CVE-2025-69646
Sin clasificar
Microsoft
CVE-2025-69652 GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
Information published.
CVE-2025-69652
Sin clasificar
Microsoft
CVE-2025-69645 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.
Information published.
CVE-2025-69645
Sin clasificar
Microsoft
CVE-2025-69649 GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.
Information published.
CVE-2025-69649
Sin clasificar
Microsoft
CVE-2026-3783 token leak with redirect and netrc
Information published.
CVE-2026-3783
Sin clasificar
Microsoft
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Information published.
CVE-2026-0965
Sin clasificar
Microsoft
CVE-2026-1965 bad reuse of HTTP Negotiate connection
Information published.
CVE-2026-1965
Sin clasificar
Microsoft
CVE-2026-3784 wrong proxy connection reuse with credentials
Information published.
CVE-2026-3784
Sin clasificar
Microsoft
CVE-2025-69647
Information published.
CVE-2025-69647
Sin clasificar
Microsoft
CVE-2026-32776
Information published.
CVE-2026-32776
Sin clasificar
Microsoft
CVE-2026-32778
Information published.
CVE-2026-32778
Sin clasificar
Microsoft
CVE-2026-32777
Information published.
CVE-2026-32777
Sin clasificar
Microsoft
CVE-2026-4647 Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library
Information published.
CVE-2026-4647
Sin clasificar
Microsoft
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Information published.
CVE-2026-0967
Baja
Microsoft
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Information published.
CVE-2026-0966
Sin clasificar
Microsoft
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Information published.
CVE-2026-0964
Sin clasificar
Microsoft
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
Information published.
CVE-2026-27456
Sin clasificar
Microsoft
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization
Information published.
CVE-2026-3184
Sin clasificar
Microsoft
CVE-2026-40385
Information published.
CVE-2026-40385
Sin clasificar
Microsoft
CVE-2026-40393
Information published.
CVE-2026-40393
Sin clasificar
Microsoft
CVE-2026-31416 netfilter: nfnetlink_log: account for netlink header size
Information published.
CVE-2026-31416
Sin clasificar
Microsoft
CVE-2026-31423 net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()
Information published.
CVE-2026-31423
Sin clasificar
Microsoft
CVE-2026-31424 netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP
Information published.
CVE-2026-31424
Sin clasificar
Microsoft
CVE-2026-31427 netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp
Information published.
CVE-2026-31427
Sin clasificar
Microsoft
CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()
Information published.
CVE-2026-31419
Sin clasificar
Microsoft
CVE-2026-31421 net/sched: cls_fw: fix NULL pointer dereference on shared blocks
Information published.
CVE-2026-31421
Sin clasificar
Microsoft
CVE-2026-31428 netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD
Information published.
CVE-2026-31428
Sin clasificar
Microsoft
CVE-2026-31418 netfilter: ipset: drop logically empty buckets in mtype_del
Information published.
CVE-2026-31418
Sin clasificar
Microsoft
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
CVE-2026-28390
Sin clasificar
Microsoft
CVE-2026-40386
Information published.
CVE-2026-40386
Baja
Microsoft
CVE-2026-31417 net/x25: Fix overflow when accumulating packets
Information published.
CVE-2026-31417
Baja
Microsoft
CVE-2026-31422 net/sched: cls_flow: fix NULL pointer dereference on shared blocks
Information published.
CVE-2026-31422
Sin clasificar
Microsoft
CVE-2026-31414 netfilter: nf_conntrack_expect: use expect->helper
Information published.
CVE-2026-31414
Sin clasificar
Microsoft
CVE-2026-31426 ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()
Information published.
CVE-2026-31426
Sin clasificar
Microsoft
CVE-2026-31420 bridge: mrp: reject zero test interval to avoid OOM panic
Information published.
CVE-2026-31420
Sin clasificar
Microsoft
CVE-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
Information published.
CVE-2026-35206
Sin clasificar
Microsoft
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Information published.
CVE-2026-34757
Sin clasificar
Microsoft
CVE-2026-40226
Information published.
CVE-2026-40226
Baja
Microsoft
CVE-2026-39853 osslsigncode has a Stack Buffer Overflow via Unbounded Digest Copy During Signature Verification
Information published.
CVE-2026-39853
Baja
Microsoft
CVE-2026-39855 osslsigncode has an Integer Underflow in PE Page Hash Calculation Can Cause Out-of-Bounds Read
Information published.
CVE-2026-39855
Sin clasificar
Microsoft
CVE-2026-39856 osslsigncode has an Out-of-Bounds Read via Unvalidated Section Bounds in PE Page Hash Calculation
Information published.
CVE-2026-39856
Sin clasificar
Microsoft
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Information published.
CVE-2026-28389
Sin clasificar
Microsoft
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
CVE-2026-28390
Sin clasificar
Microsoft
CVE-2026-35386
Information published.
CVE-2026-35386
Baja
Microsoft
CVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()
Information published.
CVE-2026-34743
Sin clasificar
Microsoft
CVE-2026-35535
Information published.
CVE-2026-35535
Baja
Microsoft
CVE-2026-39314 CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported`
Information published.
CVE-2026-39314
Baja
Microsoft
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Information published.
CVE-2026-31789
Sin clasificar
Microsoft
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
CVE-2026-28387
Sin clasificar
Microsoft
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Information published.
CVE-2026-28388
Sin clasificar
Microsoft
CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver
Information published.
CVE-2026-28810
Sin clasificar
Microsoft
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Information published.
CVE-2026-29181
Baja
Microsoft
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
Information published.
CVE-2026-27144
Sin clasificar
Microsoft
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
Information published.
CVE-2026-32282
Sin clasificar
Microsoft
CVE-2026-33810 Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
Information published.
CVE-2026-33810
Sin clasificar
Microsoft
CVE-2026-4878 Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()
Information published.
CVE-2026-4878
Sin clasificar
Microsoft
CVE-2026-35388
Information published.
CVE-2026-35388
Sin clasificar
Microsoft
CVE-2026-35385
Information published.
CVE-2026-35385
Sin clasificar
Microsoft
CVE-2026-39316 CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer
Information published.
CVE-2026-39316
Sin clasificar
Microsoft
CVE-2026-40026 Sleuth Kit ISO9660 SUSP Extension Reference Out-of-Bounds Read
Information published.
CVE-2026-40026
Sin clasificar
Microsoft
CVE-2026-40025 Sleuth Kit APFS Keybag Parser Out-of-Bounds Read
Information published.
CVE-2026-40025
Sin clasificar
Microsoft
CVE-2026-40024 Sleuth Kit tsk_recover Path Traversal
Information published.
CVE-2026-40024
Sin clasificar
Microsoft
CVE-2026-39881 Vim Ex command injection in Vims NetBeans integration
Information published.
CVE-2026-39881
Sin clasificar
Microsoft
CVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templates
Information published.
CVE-2026-35611
Sin clasificar
Microsoft
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Information published.
CVE-2026-28389
Sin clasificar
Microsoft
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
CVE-2026-28390
Sin clasificar
Microsoft
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Information published.
CVE-2026-39882
Sin clasificar
Microsoft
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Information published.
CVE-2026-32288
Sin clasificar
Microsoft
CVE-2026-32281 Inefficient policy validation in crypto/x509
Information published.
CVE-2026-32281
Sin clasificar
Microsoft
CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template
Information published.
CVE-2026-32289
Sin clasificar
Microsoft
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
Information published.
CVE-2026-32283
Sin clasificar
Microsoft
CVE-2026-32280 Unexpected work during chain building in crypto/x509
Information published.
CVE-2026-32280
Sin clasificar
Microsoft
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Information published.
CVE-2026-27143
Sin clasificar
Microsoft
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
Information published.
CVE-2026-27140
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5899 Incorrect security UI in History Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5899
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5897 Incorrect security UI in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5897
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5898 Incorrect security UI in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5898
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5896 Policy bypass in Audio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5896
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5894 Inappropriate implementation in PDF
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5894
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5893 Race in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5893
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5891 Insufficient policy enforcement in browser UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5891
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5892 Insufficient policy enforcement in PWAs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5892
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5886 Out of bounds read in WebAudio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5886
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5888 Uninitialized Use in WebCodecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5888
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5890 Race in WebCodecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5890
Media
Microsoft Edge
Chromium: CVE-2026-5884 Insufficient validation of untrusted input in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5884
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5885 Insufficient validation of untrusted input in WebML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5885
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5895 Incorrect security UI in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5895
Media
Microsoft Edge
Chromium: CVE-2026-5883 Use after free in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5883
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5887 Insufficient validation of untrusted input in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5887
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5889 Cryptographic Flaw in PDFium
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5889
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5880 Incorrect security UI in browser UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5880
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5879 Insufficient validation of untrusted input in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5879
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5882 Incorrect security UI in Fullscreen
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5882
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5881 Policy bypass in LocalNetworkAccess
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5881
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5876 Side-channel information leakage in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5876
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5878 Incorrect security UI in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5878
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5877 Use after free in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5877
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5874 Use after free in PrivateAI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5874
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5871 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5871
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5872 Use after free in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5872
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5873 Out of bounds read and write in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5873
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5875 Policy bypass in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5875
Baja
Microsoft Edge
Chromium: CVE-2026-5869 Heap buffer overflow in WebML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5869
Baja
Microsoft Edge
Chromium: CVE-2026-5870 Integer overflow in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5870
Baja
Microsoft Edge
Chromium: CVE-2026-5868 Heap buffer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5868
Baja
Microsoft Edge
Chromium: CVE-2026-5864 Heap buffer overflow in WebAudio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5864
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5862 Inappropriate implementation in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5862
Baja
Microsoft Edge
Chromium: CVE-2026-5867 Heap buffer overflow in WebML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5867
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5860 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5860
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5863 Inappropriate implementation in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5863
Baja
Microsoft Edge
Chromium: CVE-2026-5858 Heap buffer overflow in WebML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5858
Baja
Microsoft Edge
Chromium: CVE-2026-5859 Integer overflow in WebML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5859
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5861 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5861
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5918 Inappropriate implementation in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5918
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5919 Insufficient validation of untrusted input in WebSockets
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5919
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5913 Out of bounds read in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5913
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5915 Insufficient validation of untrusted input in WebML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5915
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5914 Type Confusion in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5914
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5911 Policy bypass in ServiceWorkers
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5911
Media
Microsoft Edge
Chromium: CVE-2026-5909 Integer overflow in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5909
Baja
Microsoft Edge
Chromium: CVE-2026-5912 Integer overflow in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5912
Media
Microsoft Edge
Chromium: CVE-2026-5910 Integer overflow in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5910
Media
Microsoft Edge
Chromium: CVE-2026-5908 Integer overflow in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5908
Media
Microsoft Edge
Chromium: CVE-2026-5907 Insufficient data validation in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5907
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5904 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5904
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5865 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5865
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5906 Incorrect security UI in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5906
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5905 Incorrect security UI in Permissions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5905
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5900 Policy bypass in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5900
Media
Microsoft Edge
Chromium: CVE-2026-5866 Use after free in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5866
Crítica
Microsoft Edge
CVE-2026-33119 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33119
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5903 Policy bypass in IFrameSandbox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5903
Media
Microsoft Edge
Chromium: CVE-2026-5902 Race in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5902
Sin clasificar
Microsoft Edge
CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Information published.
CVE-2026-33118
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5901 Policy bypass in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-5901
Sin clasificar
Azure
CVE-2026-24302 Azure Arc Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-24302
Sin clasificar
Microsoft
CVE-2026-23405 apparmor: fix: limit the number of levels of policy namespaces
Information published.
CVE-2026-23405
Sin clasificar
Microsoft
CVE-2026-40026 Sleuth Kit ISO9660 SUSP Extension Reference Out-of-Bounds Read
Information published.
CVE-2026-40026
Sin clasificar
Microsoft
CVE-2026-40025 Sleuth Kit APFS Keybag Parser Out-of-Bounds Read
Information published.
CVE-2026-40025
Sin clasificar
Microsoft
CVE-2026-40024 Sleuth Kit tsk_recover Path Traversal
Information published.
CVE-2026-40024
Sin clasificar
Microsoft
CVE-2026-39881 Vim Ex command injection in Vims NetBeans integration
Information published.
CVE-2026-39881
Sin clasificar
Microsoft
CVE-2026-23403 apparmor: fix memory leak in verify_header
Information published.
CVE-2026-23403
Sin clasificar
Microsoft
CVE-2026-23404 apparmor: replace recursive profile removal with iterative approach
Information published.
CVE-2026-23404
Sin clasificar
Microsoft
CVE-2026-23406 apparmor: fix side-effect bug in match_char() macro usage
Information published.
CVE-2026-23406
Sin clasificar
Microsoft
CVE-2026-23407 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
Information published.
CVE-2026-23407
Sin clasificar
Microsoft
CVE-2026-23408 apparmor: Fix double free of ns_name in aa_replace_profiles()
Information published.
CVE-2026-23408
Sin clasificar
Microsoft
CVE-2026-23409 apparmor: fix differential encoding verification
Information published.
CVE-2026-23409
Sin clasificar
Microsoft
CVE-2026-23410 apparmor: fix race on rawdata dereference
Information published.
CVE-2026-23410
Sin clasificar
Microsoft
CVE-2026-23411 apparmor: fix race between freeing data and fs accessing it
Information published.
CVE-2026-23411
Sin clasificar
Microsoft
CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection
Information published.
CVE-2026-32241
Sin clasificar
Microsoft Edge
CVE-2026-0385 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Boletin publicado por Microsoft Security Response Center.
CVE-2026-0385
Sin clasificar
Microsoft
CVE-2026-26133 M365 Copilot Information Disclosure Vulnerability
Updated CWE value. This is an informational change only.
CVE-2026-26133
Sin clasificar
Microsoft
CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)
Information published.
CVE-2026-34978
Sin clasificar
Microsoft
CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276
Information published.
CVE-2026-34982
Sin clasificar
Microsoft
CVE-2026-34933 Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon
Information published.
CVE-2026-34933
Baja
Microsoft
CVE-2026-39314 CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported`
Information published.
CVE-2026-39314
Baja
Microsoft
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Information published.
CVE-2026-31789
Sin clasificar
Microsoft
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
CVE-2026-28387
Sin clasificar
Microsoft
CVE-2026-31790 Incorrect Failure Handling in RSA KEM RSASVE Encapsulation
Information published.
CVE-2026-31790
Sin clasificar
Microsoft
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Information published.
CVE-2026-28388
Sin clasificar
Microsoft
CVE-2026-34446 ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Information published.
CVE-2026-34446
Baja
Microsoft
CVE-2026-34979 OpenPrinting CUPS: Heap overflow in `get_options()`
Information published.
CVE-2026-34979
Sin clasificar
Microsoft
CVE-2026-34980 OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
Information published.
CVE-2026-34980
Sin clasificar
Microsoft
CVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printers
Information published.
CVE-2026-34990
Sin clasificar
Microsoft
CVE-2026-35177 Path traversal issue with zip.vim in Vim
Information published.
CVE-2026-35177
Sin clasificar
Microsoft
CVE-2026-39316 CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer
Information published.
CVE-2026-39316
Sin clasificar
Microsoft
CVE-2026-35093 Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
Information published.
CVE-2026-35093
Sin clasificar
Microsoft
CVE-2026-34445 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
Information published.
CVE-2026-34445
Sin clasificar
Microsoft
CVE-2026-21712
Information published.
CVE-2026-21712
Sin clasificar
Microsoft
CVE-2025-66037 OpenSC: Out of Bounds vulnerability
Information published.
CVE-2025-66037
Sin clasificar
Microsoft
CVE-2026-21717
Information published.
CVE-2026-21717
Sin clasificar
Microsoft
CVE-2026-21715
Information published.
CVE-2026-21715
Sin clasificar
Microsoft
CVE-2026-21714
Information published.
CVE-2026-21714
Sin clasificar
Microsoft
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input
Information published.
CVE-2026-4897
Sin clasificar
Microsoft
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Information published.
CVE-2026-2673
Baja
Microsoft
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Information published.
CVE-2025-49010
Baja
Microsoft
CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur
Information published.
CVE-2025-66215
Sin clasificar
Microsoft
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Information published.
CVE-2025-66038
Sin clasificar
Microsoft
CVE-2026-21710
Information published.
CVE-2026-21710
Sin clasificar
Microsoft
CVE-2026-21716
Information published.
CVE-2026-21716
Sin clasificar
Microsoft
CVE-2026-21713
Information published.
CVE-2026-21713
Sin clasificar
Microsoft
CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276
Information published.
CVE-2026-34982
Sin clasificar
Microsoft
CVE-2026-35177 Path traversal issue with zip.vim in Vim
Information published.
CVE-2026-35177
Sin clasificar
Microsoft
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions
Information published.
CVE-2026-4645
Sin clasificar
Microsoft
CVE-2026-34714
Information published.
CVE-2026-34714
Sin clasificar
Microsoft
CVE-2026-21715
Information published.
CVE-2026-21715
Sin clasificar
Microsoft
CVE-2026-21714
Information published.
CVE-2026-21714
Sin clasificar
Microsoft
CVE-2026-29785 NATS Server panic via malicious compression on leafnode port
Information published.
CVE-2026-29785
Baja
Microsoft
CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack
Information published.
CVE-2006-10003
Sin clasificar
Microsoft
CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection
Information published.
CVE-2026-32241
Sin clasificar
Microsoft
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Information published.
CVE-2026-33936
Sin clasificar
Microsoft
CVE-2026-21710
Information published.
CVE-2026-21710
Sin clasificar
Microsoft
CVE-2026-21716
Information published.
CVE-2026-21716
Sin clasificar
Microsoft
CVE-2026-21713
Information published.
CVE-2026-21713
Sin clasificar
Microsoft
CVE-2026-33554
Information published.
CVE-2026-33554
Baja
Microsoft
CVE-2026-5201 Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image
Information published.
CVE-2026-5201
Sin clasificar
Microsoft
CVE-2026-33216 NATS has MQTT plaintext password disclosure
Information published.
CVE-2026-33216
Sin clasificar
Microsoft
CVE-2026-32186 Microsoft Bing Elevation of Privilege Vulnerability
Updated information to include CVSS scores. This is an informational change only.
CVE-2026-32186
Sin clasificar
Microsoft
CVE-2026-35414
Information published.
CVE-2026-35414
Sin clasificar
Microsoft
CVE-2026-35386
Information published.
CVE-2026-35386
Baja
Microsoft
CVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()
Information published.
CVE-2026-34743
Sin clasificar
Microsoft
CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)
Information published.
CVE-2026-34978
Sin clasificar
Microsoft
CVE-2026-27447 OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup
Information published.
CVE-2026-27447
Sin clasificar
Microsoft
CVE-2026-23473 io_uring/poll: fix multishot recv missing EOF on wakeup race
Information published.
CVE-2026-23473
Sin clasificar
Microsoft
CVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
Information published.
CVE-2026-23468
Sin clasificar
Microsoft
CVE-2026-23442 ipv6: add NULL checks for idev in SRv6 paths
Information published.
CVE-2026-23442
Sin clasificar
Microsoft
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
Information published.
CVE-2026-27456
Sin clasificar
Microsoft
CVE-2026-31410 ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION
Information published.
CVE-2026-31410
Sin clasificar
Microsoft
CVE-2026-31407 netfilter: conntrack: add missing netlink policy validations
Information published.
CVE-2026-31407
Sin clasificar
Microsoft
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization
Information published.
CVE-2026-3184
Sin clasificar
Microsoft
CVE-2026-34591 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write
Information published.
CVE-2026-34591
Sin clasificar
Microsoft
CVE-2026-35388
Information published.
CVE-2026-35388
Sin clasificar
Microsoft
CVE-2026-35387
Information published.
CVE-2026-35387
Sin clasificar
Microsoft
CVE-2026-35385
Information published.
CVE-2026-35385
Baja
Microsoft
CVE-2026-34979 OpenPrinting CUPS: Heap overflow in `get_options()`
Information published.
CVE-2026-34979
Sin clasificar
Microsoft
CVE-2026-34980 OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
Information published.
CVE-2026-34980
Sin clasificar
Microsoft
CVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printers
Information published.
CVE-2026-34990
Sin clasificar
Microsoft
CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN
Information published.
CVE-2026-23472
Sin clasificar
Microsoft
CVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
Information published.
CVE-2026-23444
Sin clasificar
Microsoft
CVE-2026-31408 Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
Information published.
CVE-2026-31408
Sin clasificar
Microsoft
CVE-2026-35414
Information published.
CVE-2026-35414
Sin clasificar
Microsoft
CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)
Information published.
CVE-2026-34978
Sin clasificar
Microsoft
CVE-2026-27447 OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup
Information published.
CVE-2026-27447
Sin clasificar
Microsoft
CVE-2026-23473 io_uring/poll: fix multishot recv missing EOF on wakeup race
Information published.
CVE-2026-23473
Sin clasificar
Microsoft
CVE-2026-31394 mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations
Information published.
CVE-2026-31394
Sin clasificar
Microsoft
CVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
Information published.
CVE-2026-23468
Sin clasificar
Microsoft
CVE-2026-23442 ipv6: add NULL checks for idev in SRv6 paths
Information published.
CVE-2026-23442
Sin clasificar
Microsoft
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
Information published.
CVE-2026-27456
Sin clasificar
Microsoft
CVE-2026-35535
Information published.
CVE-2026-35535
Baja
Microsoft
CVE-2026-34979 OpenPrinting CUPS: Heap overflow in `get_options()`
Information published.
CVE-2026-34979
Sin clasificar
Microsoft
CVE-2026-34980 OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
Information published.
CVE-2026-34980
Sin clasificar
Microsoft
CVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printers
Information published.
CVE-2026-34990
Sin clasificar
Microsoft
CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN
Information published.
CVE-2026-23472
Sin clasificar
Microsoft
CVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
Information published.
CVE-2026-23444
Sin clasificar
Microsoft
CVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control
Information published.
CVE-2026-5107
Sin clasificar
Microsoft
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input
Information published.
CVE-2026-4897
Baja
Microsoft
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Information published.
CVE-2025-49010
Sin clasificar
Microsoft
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Information published.
CVE-2025-66038
Sin clasificar
Microsoft
CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters
Information published.
CVE-2026-2100
Sin clasificar
Microsoft
CVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer names
Information published.
CVE-2026-34073
Baja
Azure
CVE-2026-32213 Azure AI Foundry Elevation of Privilege Vulnerability
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32213
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5289 Use after free in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5289
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5286 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5286
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5287 Use after free in PDF
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5287
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5285 Use after free in WebGL
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5285
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5284 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5284
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5283 Inappropriate implementation in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5283
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5281 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informati...
CVE-2026-5281
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5280 Use after free in WebCodecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5280
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5279 Object corruption in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5279
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5292 Out of bounds read in WebCodecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5292
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5290 Use after free in Compositing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5290
Baja
Microsoft Edge
Chromium: CVE-2026-5277 Integer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5277
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5276 Insufficient policy enforcement in WebUSB
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5276
Baja
Microsoft Edge
Chromium: CVE-2026-5275 Heap buffer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5275
Baja
Microsoft Edge
Chromium: CVE-2026-5274 Integer overflow in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5274
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5273 Use after free in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5273
Baja
Microsoft Edge
Chromium: CVE-2026-5272 Heap buffer overflow in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5272
Sin clasificar
Microsoft
CVE-2026-32186 Microsoft Bing Elevation of Privilege Vulnerability
Information published.
CVE-2026-32186
Baja
Azure
CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-33107
Baja
Azure
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
CVE-2026-26135
Baja
Azure
CVE-2026-33105 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-33105
Baja
Azure
CVE-2026-32173 Azure SRE Agent Information Disclosure Vulnerability
Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
CVE-2026-32173
Crítica
Azure
CVE-2026-32211 Azure MCP Server Information Disclosure Vulnerability
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.
CVE-2026-32211
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-5291 Inappropriate implementation in WebGL
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-5291
Sin clasificar
Microsoft
CVE-2026-2739 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
Information published.
CVE-2026-2739
Sin clasificar
Microsoft
CVE-2026-29111 systemd: Local unprivileged user can trigger an assert
Information published.
CVE-2026-29111
Sin clasificar
Microsoft
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Information published.
CVE-2026-33636
Sin clasificar
Microsoft
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Information published.
CVE-2026-0965
Sin clasificar
Microsoft
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Information published.
CVE-2026-33750
Sin clasificar
Microsoft
CVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control
Information published.
CVE-2026-5107
Sin clasificar
Microsoft
CVE-2025-66037 OpenSC: Out of Bounds vulnerability
Information published.
CVE-2025-66037
Sin clasificar
Microsoft
CVE-2026-34714
Information published.
CVE-2026-34714
Sin clasificar
Microsoft
CVE-2026-4046 iconv crash due to assertion failure with untrusted input
Information published.
CVE-2026-4046
Sin clasificar
Microsoft
CVE-2026-5119 Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment
Information published.
CVE-2026-5119
Sin clasificar
Microsoft
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input
Information published.
CVE-2026-4897
Sin clasificar
Microsoft
CVE-2026-29785 NATS Server panic via malicious compression on leafnode port
Information published.
CVE-2026-29785
Sin clasificar
Microsoft
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Information published.
CVE-2026-33936
Sin clasificar
Microsoft
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Information published.
CVE-2026-33416
Sin clasificar
Microsoft
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Information published.
CVE-2026-0967
Baja
Microsoft
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Information published.
CVE-2026-0966
Sin clasificar
Microsoft
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Information published.
CVE-2026-0964
Sin clasificar
Microsoft
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers
Information published.
CVE-2026-33542
Baja
Microsoft
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Information published.
CVE-2025-49010
Baja
Microsoft
CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur
Information published.
CVE-2025-66215
Sin clasificar
Microsoft
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Information published.
CVE-2025-66038
Sin clasificar
Microsoft
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
Information published.
CVE-2026-4176
Sin clasificar
Microsoft
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
Information published.
CVE-2026-34043
Baja
Microsoft
CVE-2026-4739 Integer overflow vulnerabilities in InsightSoftwareConsortium/ITK
Information published.
CVE-2026-4739
Sin clasificar
Microsoft
CVE-2026-33554
Information published.
CVE-2026-33554
Baja
Microsoft
CVE-2026-5201 Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image
Information published.
CVE-2026-5201
Baja
Microsoft
CVE-2026-5121 Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing
Information published.
CVE-2026-5121
Sin clasificar
Microsoft
CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters
Information published.
CVE-2026-2100
Baja
Microsoft
CVE-2026-4732 Out-of-bounds Read Overflow in tildearrow/furnace
Information published.
CVE-2026-4732
Sin clasificar
Microsoft
CVE-2026-2436 Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake
Information published.
CVE-2026-2436
Sin clasificar
Microsoft
CVE-2026-33216 NATS has MQTT plaintext password disclosure
Information published.
CVE-2026-33216
Sin clasificar
Microsoft
CVE-2026-32287 Infinite loop in github.com/antchfx/xpath
Information published.
CVE-2026-32287
Sin clasificar
Microsoft
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work
Information published.
CVE-2025-68822
Sin clasificar
Microsoft
CVE-2024-41013 xfs: don't walk off the end of a directory data block
Information published.
CVE-2024-41013
Baja
Microsoft
CVE-2023-52676 bpf: Guard stack limits against 32bit overflow
Information published.
CVE-2023-52676
Sin clasificar
Microsoft
CVE-2024-35839 netfilter: bridge: replace physindev with physinif in nf_bridge_info
Information published.
CVE-2024-35839
Sin clasificar
Microsoft
CVE-2026-29111 systemd: Local unprivileged user can trigger an assert
Information published.
CVE-2026-29111
Sin clasificar
Microsoft
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions
Information published.
CVE-2026-4645
Sin clasificar
Microsoft
CVE-2025-67030
Information published.
CVE-2025-67030
Sin clasificar
Microsoft
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Information published.
CVE-2026-0965
Sin clasificar
Microsoft
CVE-2026-21712
Information published.
CVE-2026-21712
Sin clasificar
Microsoft
CVE-2026-34353
Information published.
CVE-2026-34353
Sin clasificar
Microsoft
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Information published.
CVE-2026-33750
Sin clasificar
Microsoft
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion
Information published.
CVE-2026-33937
Sin clasificar
Microsoft
CVE-2025-66037 OpenSC: Out of Bounds vulnerability
Information published.
CVE-2025-66037
Sin clasificar
Microsoft
CVE-2026-34714
Information published.
CVE-2026-34714
Sin clasificar
Microsoft
CVE-2026-21717
Information published.
CVE-2026-21717
Sin clasificar
Microsoft
CVE-2026-21715
Information published.
CVE-2026-21715
Sin clasificar
Microsoft
CVE-2026-21714
Information published.
CVE-2026-21714
Sin clasificar
Microsoft
CVE-2026-4746 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton
Information published.
CVE-2026-4746
Sin clasificar
Microsoft
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Information published.
CVE-2026-0967
Baja
Microsoft
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Information published.
CVE-2026-0966
Sin clasificar
Microsoft
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Information published.
CVE-2026-0964
Sin clasificar
Microsoft
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers
Information published.
CVE-2026-33542
Baja
Microsoft
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Information published.
CVE-2025-49010
Baja
Microsoft
CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur
Information published.
CVE-2025-66215
Sin clasificar
Microsoft
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Information published.
CVE-2025-66038
Sin clasificar
Microsoft
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
Information published.
CVE-2026-4176
Sin clasificar
Microsoft
CVE-2026-21710
Information published.
CVE-2026-21710
Sin clasificar
Microsoft
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
Information published.
CVE-2026-34043
Sin clasificar
Microsoft
CVE-2026-21716
Information published.
CVE-2026-21716
Sin clasificar
Microsoft
CVE-2026-21713
Information published.
CVE-2026-21713
Sin clasificar
Microsoft
CVE-2026-21711
Information published.
CVE-2026-21711
Sin clasificar
Microsoft
CVE-2026-23229 crypto: virtio - Add spinlock protection with virtqueue notification
Information published.
CVE-2026-23229
Sin clasificar
Microsoft
CVE-2026-23221 bus: fsl-mc: fix use-after-free in driver_override_show()
Information published.
CVE-2026-23221
Sin clasificar
Microsoft
CVE-2025-71232 scsi: qla2xxx: Free sp in error path to fix system crash
Information published.
CVE-2025-71232
Sin clasificar
Microsoft
CVE-2026-23222 crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly
Information published.
CVE-2026-23222
Sin clasificar
Microsoft
CVE-2026-23228 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
Information published.
CVE-2026-23228
Sin clasificar
Microsoft
CVE-2025-71235 scsi: qla2xxx: Delay module unload while fabric scan in progress
Information published.
CVE-2025-71235
Sin clasificar
Microsoft
CVE-2025-71233 PCI: endpoint: Avoid creating sub-groups asynchronously
Information published.
CVE-2025-71233
Sin clasificar
Microsoft
CVE-2025-71236 scsi: qla2xxx: Validate sp before freeing associated memory
Information published.
CVE-2025-71236
Baja
Microsoft
CVE-2025-71237 nilfs2: Fix potential block overflow that cause system hang
Information published.
CVE-2025-71237
Sin clasificar
Microsoft
CVE-2026-23169 mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
Information published.
CVE-2026-23169
Sin clasificar
Microsoft
CVE-2025-68358 btrfs: fix racy bitfield write in btrfs_clear_space_info_full()
Information published.
CVE-2025-68358
Sin clasificar
Microsoft
CVE-2026-23237 platform/x86: classmate-laptop: Add missing NULL pointer checks
Information published.
CVE-2026-23237
Sin clasificar
Microsoft
CVE-2026-23238 romfs: check sb_set_blocksize() return value
Information published.
CVE-2026-23238
Sin clasificar
Microsoft
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Information published.
CVE-2026-33636
Sin clasificar
Microsoft
CVE-2025-67030
Information published.
CVE-2025-67030
Sin clasificar
Microsoft
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Information published.
CVE-2026-0965
Sin clasificar
Microsoft
CVE-2026-21712
Information published.
CVE-2026-21712
Sin clasificar
Microsoft
CVE-2026-34353
Information published.
CVE-2026-34353
Sin clasificar
Microsoft
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Information published.
CVE-2026-33750
Sin clasificar
Microsoft
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
Information published.
CVE-2026-33938
Sin clasificar
Microsoft
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
Information published.
CVE-2026-33939
Sin clasificar
Microsoft
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion
Information published.
CVE-2026-33937
Sin clasificar
Microsoft
CVE-2026-23236 fbdev: smscufx: properly copy ioctl memory to kernelspace
Information published.
CVE-2026-23236
Sin clasificar
Microsoft
CVE-2025-71238 scsi: qla2xxx: Fix bsg_done() causing double free
Information published.
CVE-2025-71238
Sin clasificar
Microsoft
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Information published.
CVE-2026-33936
Sin clasificar
Microsoft
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Information published.
CVE-2026-33416
Sin clasificar
Microsoft
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Information published.
CVE-2026-25645
Sin clasificar
Microsoft
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Information published.
CVE-2026-0967
Baja
Microsoft
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Information published.
CVE-2026-0966
Sin clasificar
Microsoft
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Information published.
CVE-2026-0964
Sin clasificar
Microsoft
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
Information published.
CVE-2026-33895
Sin clasificar
Microsoft
CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
Information published.
CVE-2026-33896
Sin clasificar
Microsoft
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Information published.
CVE-2026-33891
Sin clasificar
Microsoft
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers
Information published.
CVE-2026-33542
Sin clasificar
Microsoft
CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
Information published.
CVE-2026-33941
Sin clasificar
Microsoft
CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection
Information published.
CVE-2026-33916
Sin clasificar
Microsoft
CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
Information published.
CVE-2026-33940
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-4676 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-4676
Sin clasificar
Microsoft
CVE-2026-3104 Memory leak in code preparing DNSSEC proofs of non-existence
Information published.
CVE-2026-3104
Sin clasificar
Microsoft
CVE-2026-3591 A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass
Information published.
CVE-2026-3591
Sin clasificar
Microsoft
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Information published.
CVE-2026-33636
Sin clasificar
Microsoft
CVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error path
Information published.
CVE-2026-23399
Sin clasificar
Microsoft
CVE-2025-67030
Information published.
CVE-2025-67030
Sin clasificar
Microsoft
CVE-2025-70888
Information published.
CVE-2025-70888
Sin clasificar
Microsoft
CVE-2026-34085
Information published.
CVE-2026-34085
Sin clasificar
Microsoft
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation
Information published.
CVE-2026-1519
Sin clasificar
Microsoft
CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection
Information published.
CVE-2026-32241
Sin clasificar
Microsoft
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Information published.
CVE-2026-33936
Sin clasificar
Microsoft
CVE-2026-3119 Authenticated query containing a TKEY record may cause named to terminate unexpectedly
Information published.
CVE-2026-3119
Sin clasificar
Microsoft
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Information published.
CVE-2026-33416
Sin clasificar
Microsoft
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Information published.
CVE-2026-25645
Sin clasificar
Microsoft
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Information published.
CVE-2026-33671
Sin clasificar
Microsoft
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Information published.
CVE-2026-33672
Sin clasificar
Microsoft
CVE-2026-4833 Orc discount Markdown markdown.c compile recursion
Information published.
CVE-2026-4833
Sin clasificar
Microsoft
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions
Information published.
CVE-2026-4645
Sin clasificar
Microsoft
CVE-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks
Information published.
CVE-2026-33343
Sin clasificar
Microsoft
CVE-2026-33413 etcd: Authorization bypasses in multiple APIs
Information published.
CVE-2026-33413
Baja
Microsoft
CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
Information published.
CVE-2026-2369
Baja
Microsoft Edge
Chromium: CVE-2026-4673 Heap buffer overflow in WebAudio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-4673
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-4680 Use after free in FedCM
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-4680
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-4677 Out of bounds read in WebAudio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-4677
Baja
Microsoft Edge
Chromium: CVE-2026-4675 Heap buffer overflow in WebGL
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-4675
Baja
Microsoft Edge
Chromium: CVE-2026-4679 Integer overflow in Fonts
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-4679
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-4674 Out of bounds read in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-4674
Baja
Microsoft Edge
Chromium: CVE-2026-4442 Heap buffer overflow in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-4442
Sin clasificar
Microsoft Edge
CVE-2026-32187 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
Information published.
CVE-2026-32187
Sin clasificar
Microsoft
CVE-2026-23068 spi: spi-sprd-adi: Fix double free in probe error path
Information published.
CVE-2026-23068
Sin clasificar
Microsoft
CVE-2025-71221 dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()
Information published.
CVE-2025-71221
Sin clasificar
Microsoft
CVE-2026-23227 drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free
Information published.
CVE-2026-23227
Sin clasificar
Microsoft
CVE-2025-71109 MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits
Information published.
CVE-2025-71109
Sin clasificar
Microsoft
CVE-2025-71183 btrfs: always detect conflicting inodes when logging inode refs
Information published.
CVE-2025-71183
Sin clasificar
Microsoft
CVE-2025-71184 btrfs: fix NULL dereference on root when tracing inode eviction
Information published.
CVE-2025-71184
Sin clasificar
Microsoft
CVE-2026-23004 dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()
Information published.
CVE-2026-23004
Sin clasificar
Microsoft
CVE-2025-71095 net: stmmac: fix the crash issue for zero copy XDP_TX action
Information published.
CVE-2025-71095
Sin clasificar
Microsoft
CVE-2025-71073 Input: lkkbd - disable pending work before freeing device
Information published.
CVE-2025-71073
Sin clasificar
Microsoft
CVE-2025-71074 functionfs: fix the open/removal races
Information published.
CVE-2025-71074
Sin clasificar
Microsoft
CVE-2026-23234 f2fs: fix to avoid UAF in f2fs_write_end_io()
Information published.
CVE-2026-23234
Sin clasificar
Microsoft
CVE-2026-23235 f2fs: fix out-of-bounds access in sysfs attribute read/write
Information published.
CVE-2026-23235
Sin clasificar
Microsoft
CVE-2026-25679 Incorrect parsing of IPv6 host literals in net/url
Information published.
CVE-2026-25679
Sin clasificar
Microsoft
CVE-2026-23868
Information published.
CVE-2026-23868
Sin clasificar
Microsoft
CVE-2026-3783 token leak with redirect and netrc
Information published.
CVE-2026-3783
Sin clasificar
Windows
CVE-2025-66413 Git for Windows leaks NTLM hash when cloning from an attacker-controlled server
Information published.
CVE-2025-66413
Sin clasificar
Microsoft
CVE-2026-23233 f2fs: fix to avoid mapping wrong physical block for swapfile
Information published.
CVE-2026-23233
Sin clasificar
Microsoft
CVE-2026-23265 f2fs: fix to do sanity check on node footer in {read,write}_end_io
Information published.
CVE-2026-23265
Baja
Microsoft
CVE-2026-3549 ECH parsing heap buffer overflow
Information published.
CVE-2026-3549
Sin clasificar
Microsoft
CVE-2026-29111 systemd: Local unprivileged user can trigger an assert
Information published.
CVE-2026-29111
Sin clasificar
Microsoft
CVE-2026-23325 wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()
Information published.
CVE-2026-23325
Sin clasificar
Microsoft
CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior
Information published.
CVE-2026-23378
Sin clasificar
Microsoft
CVE-2026-28753 NGINX ngx_mail_proxy_module vulnerability
Information published.
CVE-2026-28753
Sin clasificar
Microsoft
CVE-2026-32647 NGINX ngx_http_mp4_module vulnerability
Information published.
CVE-2026-32647
Sin clasificar
Microsoft
CVE-2026-23398 icmp: fix NULL pointer dereference in icmp_tag_validation()
Information published.
CVE-2026-23398
Sin clasificar
Microsoft
CVE-2026-23396 wifi: mac80211: fix NULL deref in mesh_matches_local()
Information published.
CVE-2026-23396
Sin clasificar
Microsoft
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions
Information published.
CVE-2026-4645
Baja
Microsoft
CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow
Information published.
CVE-2026-3713
Sin clasificar
Microsoft
CVE-2026-1965 bad reuse of HTTP Negotiate connection
Information published.
CVE-2026-1965
Sin clasificar
Microsoft
CVE-2026-3784 wrong proxy connection reuse with credentials
Information published.
CVE-2026-3784
Sin clasificar
Microsoft
CVE-2026-3904
Information published.
CVE-2026-3904
Sin clasificar
Microsoft
CVE-2026-23267 f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes
Information published.
CVE-2026-23267
Sin clasificar
Microsoft
CVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validation
Information published.
CVE-2026-27135
Baja
Microsoft
CVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow
Information published.
CVE-2026-25075
Baja
Microsoft
CVE-2026-3548 Buffer overflow in CRL number parsing in wolfSSL
Information published.
CVE-2026-3548
Sin clasificar
Microsoft
CVE-2026-3547 wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation
Information published.
CVE-2026-3547
Sin clasificar
Microsoft
CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase
Information published.
CVE-2026-32141
Sin clasificar
Microsoft
CVE-2026-33228 flatted: Prototype Pollution via parse()
Information published.
CVE-2026-33228
Baja
Microsoft
CVE-2026-4519 webbrowser.open() allows leading dashes in URLs
Information published.
CVE-2026-4519
Sin clasificar
Microsoft
CVE-2026-33412 Vim affected by Command injection via newline in glob()
Information published.
CVE-2026-33412
Sin clasificar
Microsoft
CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown
Information published.
CVE-2026-23372
Sin clasificar
Microsoft
CVE-2026-23330 nfc: nci: complete pending data exchange on device close
Information published.
CVE-2026-23330
Sin clasificar
Microsoft
CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths
Information published.
CVE-2026-23339
Sin clasificar
Microsoft
CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
Information published.
CVE-2026-23335
Sin clasificar
Microsoft
CVE-2026-23386 gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL
Information published.
CVE-2026-23386
Sin clasificar
Microsoft
CVE-2026-23308 pinctrl: equilibrium: fix warning trace on load
Information published.
CVE-2026-23308
Sin clasificar
Microsoft
CVE-2026-23287 irqchip/sifive-plic: Fix frozen interrupt due to affinity setting
Information published.
CVE-2026-23287
Baja
Microsoft
CVE-2026-23327 cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()
Information published.
CVE-2026-23327
Sin clasificar
Microsoft
CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion
Information published.
CVE-2026-23393
Sin clasificar
Microsoft
CVE-2026-34085
Information published.
CVE-2026-34085
Sin clasificar
Microsoft
CVE-2026-33526 Squid vulnerable to Denial of Service in ICP Request handling
Information published.
CVE-2026-33526
Sin clasificar
Microsoft
CVE-2026-33515 Squid has issues in ICP message handling
Information published.
CVE-2026-33515
Sin clasificar
Microsoft
CVE-2026-32748 Squid has Denial of Service in ICP Response handling
Information published.
CVE-2026-32748
Sin clasificar
Microsoft
CVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerability
Information published.
CVE-2026-27651
Sin clasificar
Microsoft
CVE-2026-27654 NGINX ngx_http_dav_module vulnerability
Information published.
CVE-2026-27654
Sin clasificar
Microsoft
CVE-2026-27784 NGINX ngx_http_mp4_module vulnerability
Information published.
CVE-2026-27784
Sin clasificar
Microsoft
CVE-2026-28755 NGINX ngx_stream_ssl_module vulnerability
Information published.
CVE-2026-28755
Sin clasificar
Microsoft
CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints
Information published.
CVE-2026-23397
Sin clasificar
Microsoft
CVE-2026-4647 Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library
Information published.
CVE-2026-4647
Sin clasificar
Microsoft
CVE-2026-4746 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton
Information published.
CVE-2026-4746
Baja
Microsoft
CVE-2026-4775 Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing
Information published.
CVE-2026-4775