Microsoft Security Response Center

Vulnerabilidades Microsoft centradas para el monitor Salud365.

Consulta el RSS oficial de MSRC en un panel compacto, centrado y filtrable por severidad, producto o CVE.

Panel de vulnerabilidades

Explora publicaciones recientes de seguridad Microsoft.

5411 publicaciones visibles

Baja Windows

CVE-2026-59117 Windows Terminal Remote Code Execution Vulnerability

Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code over a network.

CVE-2026-59117
Sin clasificar Azure

CVE-2026-50652 Azure Active Directory Denial of Service Vulnerability

Updated product information in the Software Update table. This is an informational change only.

CVE-2026-50652
Sin clasificar Azure

CVE-2026-50653 Azure Active Directory Denial of Service Vulnerability

Updated product information in the Software Update table. This is an informational change only.

CVE-2026-50653
Baja Windows

CVE-2026-58643 Windows Admin Center Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58643
Baja Windows

CVE-2026-58598 Windows Backup Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Backup Engine allows an authorized attacker to elevate privileges locally.

CVE-2026-58598
Sin clasificar Windows

CVE-2026-50304 Windows Active Directory Federation Services Denial of Service Vulnerability

Updated product information in the Software Update table. This is an informational change only.

CVE-2026-50304
Sin clasificar Windows

CVE-2026-50368 Windows Active Directory Federation Services Denial of Service Vulnerability

Updated product information in the Software Update table. This is an informational change only.

CVE-2026-50368
Sin clasificar Windows

CVE-2026-50324 Windows Active Directory Federation Services Denial of Service Vulnerability

Updated product information in the Software Update table. This is an informational change only.

CVE-2026-50324
Sin clasificar Windows

CVE-2026-50355 Windows Active Directory Federation Services Denial of Service Vulnerability

Updated product information in the Software Update table. This is an informational change only.

CVE-2026-50355
Sin clasificar Windows

CVE-2026-50411 Windows Active Directory Federation Services Denial of Service Vulnerability

Updated product information in the Software Update table. This is an informational change only.

CVE-2026-50411
Sin clasificar Microsoft

CVE-2026-50647 Active Directory Federation Server Denial of Service Vulnerability

Updated product information in the Software Update table. This is an informational change only.

CVE-2026-50647
Baja Windows

CVE-2026-56171 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network.

CVE-2026-56171
Baja Microsoft

CVE-2026-59831 GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace

Information published.

CVE-2026-59831
Sin clasificar SharePoint

CVE-2026-58644 Microsoft SharePoint Remote Code Execution Vulnerability

Corrected the Exploitability Index, Exploited flag and CVSS vector which was incorrect at the time of publication on 7/14/2026. This is an informational change only.

CVE-2026-58644
Sin clasificar Windows

CVE-2026-50341 Windows NTFS Information Disclosure Vulnerability

Updated acknowledgment. This is an informational change only.

CVE-2026-50341
Sin clasificar Microsoft

CVE-2026-50375 DirectX Graphics Kernel Elevation of Privilege Vulnerability

Updated acknowledgment. This is an informational change only.

CVE-2026-50375
Sin clasificar Windows

CVE-2026-56182 Windows NTFS Elevation of Privilege Vulnerability

Updated acknowledgment. This is an informational change only.

CVE-2026-56182
Sin clasificar Microsoft

CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability

Updated acknowledgment. This is an informational change only.

CVE-2026-45637
Sin clasificar Microsoft

CVE-2026-56288 NULL Pointer Dereference in GNU patch

Information published.

CVE-2026-56288
Baja Microsoft

CVE-2026-58207 NATS Server: Remote crash via integer overflow in Connz pagination

Information published.

CVE-2026-58207
Sin clasificar Microsoft

CVE-2026-58251 NATS Server: Queue Subscribe Authz Bypass

Information published.

CVE-2026-58251
Sin clasificar Microsoft

CVE-2026-58208 NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled

Information published.

CVE-2026-58208
Sin clasificar Microsoft

CVE-2026-58252 NATS Server: Subscribe Authz Bypass via Wildcard-Overlap

Information published.

CVE-2026-58252
Sin clasificar Microsoft

CVE-2026-58209 NATS Server: MQTT retained and QoS replay bypass subscribe deny filters

Information published.

CVE-2026-58209
Sin clasificar Microsoft

CVE-2026-58253 NATS Server: Route API Auth Bypass

Information published.

CVE-2026-58253
Baja Microsoft

CVE-2026-57432 Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack

Information published.

CVE-2026-57432
Sin clasificar Microsoft

CVE-2026-39822 Root escape via symlink plus trailing slash in os

Information published.

CVE-2026-39822
Sin clasificar Microsoft

CVE-2026-42505 Invoking Encrypted Client Hello privacy leak in crypto/tls

Information published.

CVE-2026-42505
Baja Microsoft

CVE-2026-15028 Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header

Information published.

CVE-2026-15028
Sin clasificar Microsoft

CVE-2026-57219 RabbitMQ: Unauthenticated disclosure of OAuth client credentials via an HTTP API endpoint with certain less common OAuth 2 configurations

Information published.

CVE-2026-57219
Sin clasificar Microsoft

CVE-2026-56289 Loop with Unreachable Exit Condition in GNU patch

Information published.

CVE-2026-56289
Sin clasificar Microsoft

CVE-2026-58250 NATS Server: Pre-auth server crash via double INFO in leafnode handshake

Information published.

CVE-2026-58250
Baja Microsoft

CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations

Information published.

CVE-2026-15308
Sin clasificar Microsoft

CVE-2026-13221 Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk

Information published.

CVE-2026-13221
Sin clasificar Microsoft

CVE-2026-59875 node-tar: Uncaught Exception DoS via NUL byte in PAX path/linkpath records

Information published.

CVE-2026-59875
Baja Microsoft

CVE-2026-59831 GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace

Information published.

CVE-2026-59831
Sin clasificar Microsoft

CVE-2026-57220 RabbitMQ: Stream listener does not enforce configured frame-size limit during authentication, permitting unauth'd mem-exhaust DoS

Information published.

CVE-2026-57220
Sin clasificar Microsoft

CVE-2026-57217 RabbitMQ: Topic authorization can lead to cross-tenant routing-key bypass

Information published.

CVE-2026-57217
Sin clasificar Microsoft

CVE-2026-57213 RabbitMQ: Stored XSS federation management plugin via unsanitized consumer_tag rendering

Information published.

CVE-2026-57213
Sin clasificar Microsoft

CVE-2026-57216 RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks

Information published.

CVE-2026-57216
Sin clasificar Windows

CVE-2026-57211 RabbitMQ: UNC SSRF affecting the management UI on Windows

Information published.

CVE-2026-57211
Sin clasificar Microsoft

CVE-2026-57215 RabbitMQ: Direct-reply-to binding persistence can lead to unauthorized reply-channel injection and persistent phantom

Information published.

CVE-2026-57215
Baja Microsoft

CVE-2025-44904 hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.

Information published.

CVE-2025-44904
Baja Microsoft

CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI

Information published.

CVE-2026-44839
Sin clasificar Microsoft

CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2

Information published.

CVE-2026-43966
Baja Microsoft

CVE-2026-48561 Microsoft Copilot Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to execute code over a network.

CVE-2026-48561
Baja Windows

CVE-2026-42982 Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Improper validation of consistency within input in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.

CVE-2026-42982
Baja SQL Server

CVE-2026-47296 Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

CVE-2026-47296
Media Windows

CVE-2026-34349 Windows Media Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.

CVE-2026-34349
Baja Windows

CVE-2026-34346 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.

CVE-2026-34346
Baja Windows

CVE-2026-42900 Microsoft Windows App Store Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows App Store allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-42900
Baja Windows

CVE-2026-42975 Windows Bluetooth Port Driver Remote Code Execution

Heap-based buffer overflow in Windows Bluetooth Port Driver allows an unauthorized attacker to execute code over an adjacent network.

CVE-2026-42975
Baja Microsoft

CVE-2026-47300 ASP.NET Core Elevation of Privilege Vulnerability

Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

CVE-2026-47300
Baja Microsoft

CVE-2026-47302 .NET Denial of Service Vulnerability

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

CVE-2026-47302
Baja Microsoft

CVE-2026-47303 ASP.NET Core Elevation of Privilege Vulnerability

Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

CVE-2026-47303
Baja SQL Server

CVE-2026-42990 SQL Server ODBC driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in SQL Server ODBC driver allows an unauthorized attacker to execute code over a network.

CVE-2026-42990
Baja Windows

CVE-2026-48572 Windows App Package Installer Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows App Installer allows an authorized attacker to elevate privileges locally.

CVE-2026-48572
Baja Windows

CVE-2026-48571 Windows App Package Installer Elevation of Privilege Vulnerability

Use after free in Windows App Installer allows an authorized attacker to elevate privileges locally.

CVE-2026-48571
Baja Microsoft

CVE-2026-49162 Microsoft Brokering File System Elevation of Privilege Vulnerability

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

CVE-2026-49162
Baja Windows

CVE-2026-49164 Windows Active Directory Domain Services Remote Code Execution Vulnerability

Heap-based buffer overflow in Active Directory Domain Services allows an unauthorized attacker to execute code over a network.

CVE-2026-49164
Baja Windows

CVE-2026-49165 Microsoft Windows App Store Information Disclosure Vulnerability

Use of uninitialized resource in Microsoft Windows App Store allows an authorized attacker to disclose information locally.

CVE-2026-49165
Baja Windows

CVE-2026-49166 Windows Print Configuration Elevation of Privilege Vulnerability

Use after free in Microsoft Printer Drivers allows an authorized attacker to elevate privileges locally.

CVE-2026-49166
Baja Windows

CVE-2026-49167 Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-49167
Baja Windows

CVE-2026-49168 Storage Spaces Direct Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to elevate privileges with a physical attack.

CVE-2026-49168
Baja Windows

CVE-2026-49169 Windows DNS Server Remote Code Execution Vulnerability

Use after free in DNS Server allows an authorized attacker to execute code over a network.

CVE-2026-49169
Baja Windows

CVE-2026-49170 Windows StateRepository API Server file Elevation of Privilege Vulnerability

Insufficient granularity of access control in Windows StateRepository API allows an authorized attacker to elevate privileges locally.

CVE-2026-49170
Baja Windows

CVE-2026-49171 Windows Speech Runtime Elevation of Privilege Vulnerability

Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.

CVE-2026-49171
Baja Windows

CVE-2026-49176 Windows WalletService Elevation of Privilege Vulnerability

Improper privilege management in Windows WalletService allows an authorized attacker to elevate privileges locally.

CVE-2026-49176
Baja Windows

CVE-2026-49175 Windows DNS Client Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows DNS allows an authorized attacker to elevate privileges locally.

CVE-2026-49175
Baja Windows

CVE-2026-49172 Windows FTP Service Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows FTP Service allows an unauthorized attacker to execute code over a network.

CVE-2026-49172
Baja Windows

CVE-2026-49173 Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-49173
Crítica Windows

CVE-2026-49174 DNS Client Tampering Vulnerability

Missing authentication for critical function in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.

CVE-2026-49174
Baja Windows

CVE-2026-49177 Windows TCP/IP Information Disclosure Vulnerability

Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.

CVE-2026-49177
Baja Windows

CVE-2026-49784 Microsoft Windows App Store Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally.

CVE-2026-49784
Baja Microsoft

CVE-2026-50506 OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

CVE-2026-50506
Baja Visual Studio

CVE-2026-47282 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability

Insufficiently protected credentials in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.

CVE-2026-47282
Baja Visual Studio

CVE-2026-45496 Visual Studio Code Security Feature Bypass Vulnerability

Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-45496
Baja Microsoft

CVE-2026-50663 Game: Age of Empires II: Definitive Edition Remote Code Execution Vulnerability

Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network.

CVE-2026-50663
Baja Windows

CVE-2026-54983 Windows Active Directory Federation Services Denial of Service Vulnerability

Stack-based buffer overflow in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.

CVE-2026-54983
Baja Windows

CVE-2026-50695 Windows Active Directory Federation Services Denial of Service Vulnerability

Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.

CVE-2026-50695
Baja Windows

CVE-2026-54129 Windows Hyper-V Elevation of Privilege Vulnerability

Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

CVE-2026-54129
Baja Windows

CVE-2026-54989 Quality Windows Audio/Video Experience (QWAVE) Elevation of Privilege Vulnerability

Use after free in Quality Windows Audio/Video Experience (QWAVE) service allows an authorized attacker to elevate privileges locally.

CVE-2026-54989
Baja Windows

CVE-2026-54987 Windows Overlay Filter Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Overlay Filter allows an authorized attacker to elevate privileges locally.

CVE-2026-54987
Baja Windows

CVE-2026-50696 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

Heap-based buffer overflow in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.

CVE-2026-50696
Baja Microsoft

CVE-2026-54990 Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-54990
Baja Windows

CVE-2026-50697 Windows Common Log File System Driver Elevation of Privilege Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-50697
Baja Windows

CVE-2026-55000 Windows USB Print Driver Elevation of Privilege Vulnerability

Use after free in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.

CVE-2026-55000
Baja Windows

CVE-2026-54111 Universal Print Management Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-54111
Baja Windows

CVE-2026-54991 Windows USB Print Driver Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-54991
Baja Windows

CVE-2026-54132 Windows Kernel Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack.

CVE-2026-54132
Baja Windows

CVE-2026-54107 Windows Win32k Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally.

CVE-2026-54107
Baja Windows

CVE-2026-54986 Windows Win32k Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Win32K allows an authorized attacker to elevate privileges locally.

CVE-2026-54986
Media Windows

CVE-2026-54993 Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.

CVE-2026-54993
Baja Windows

CVE-2026-55001 Active Directory Domain Services Elevation of Privilege Vulnerability

Improper certificate validation in Windows Active Directory allows an authorized attacker to elevate privileges locally.

CVE-2026-55001
Baja Windows

CVE-2026-54112 Windows Win32k Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally.

CVE-2026-54112
Baja Windows

CVE-2026-55004 Windows Print Configuration Elevation of Privilege Vulnerability

Double free in Microsoft Printer Drivers allows an authorized attacker to elevate privileges locally.

CVE-2026-55004
Baja Windows

CVE-2026-54992 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Message Queuing Queue Manager allows an unauthorized attacker to execute code locally.

CVE-2026-54992
Baja Windows

CVE-2026-54109 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Integer overflow or wraparound in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.

CVE-2026-54109
Baja Windows

CVE-2026-54982 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

Integer underflow (wrap or wraparound) in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over an adjacent network.

CVE-2026-54982
Baja Windows

CVE-2026-54114 Windows Win32k Elevation of Privilege Vulnerability

Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.

CVE-2026-54114
Baja Windows

CVE-2026-54996 Windows USB Print Driver Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-54996
Baja Windows

CVE-2026-54119 Windows Active Directory Denial of Service Vulnerability

Loop with unreachable exit condition ('infinite loop') in Windows Active Directory allows an unauthorized attacker to deny service over a network.

CVE-2026-54119
Baja Windows

CVE-2026-54997 Windows SMB Information Disclosure Vulnerability

Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.

CVE-2026-54997
Baja Windows

CVE-2026-54999 Windows TCP/IP Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over an adjacent network.

CVE-2026-54999
Baja Windows

CVE-2026-55003 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

CVE-2026-55003
Baja Windows

CVE-2026-54995 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

Use after free in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over a network.

CVE-2026-54995
Baja Windows

CVE-2026-54122 Windows GDI+ Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally.

CVE-2026-54122
Baja Exchange Server

CVE-2026-55005 Microsoft Exchange Server Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network.

CVE-2026-55005
Baja Exchange Server

CVE-2026-55006 Microsoft Exchange Server Elevation of Privilege Vulnerability

Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.

CVE-2026-55006
Baja Exchange Server

CVE-2026-55009 Microsoft Exchange Server Elevation of Privilege Vulnerability

Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.

CVE-2026-55009
Baja Azure

CVE-2026-50338 Azure Spring Apps Elevation of Privilege Vulnerability

Improper authentication in Azure Spring Apps allows an authorized attacker to elevate privileges over a network.

CVE-2026-50338
Baja Defender

CVE-2026-55011 Microsoft Defender Remote Code Execution Vulnerability

Integer underflow (wrap or wraparound) in Microsoft Defender allows an unauthorized attacker to execute code locally.

CVE-2026-55011
Baja Defender

CVE-2026-55012 Microsoft Defender Remote Code Execution Vulnerability

Integer overflow or wraparound in Microsoft Defender allows an unauthorized attacker to execute code locally.

CVE-2026-55012
Baja Microsoft

CVE-2026-50524 .NET Framework Denial of Service Vulnerability

Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.

CVE-2026-50524
Baja SQL Server

CVE-2026-54117 Microsoft SQL Server Remote Code Execution Vulnerability

Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.

CVE-2026-54117
Baja SQL Server

CVE-2026-54118 Microsoft SQL Server Remote Code Execution Vulnerability

Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.

CVE-2026-54118
Baja SQL Server

CVE-2026-55002 Microsoft SQL Server Elevation of Privilege Vulnerability

External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally.

CVE-2026-55002
Baja Windows

CVE-2026-55144 Windows Cryptography API: Next Generation (CNG) Tampering Vulnerability

Missing cryptographic step in Windows CryptoAPI allows an authorized attacker to perform tampering locally.

CVE-2026-55144
Baja Visual Studio

CVE-2026-50520 Visual Studio Code Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code allows an unauthorized attacker to execute code locally.

CVE-2026-50520
Baja Microsoft Office

CVE-2026-54108 Microsoft SharePoint Server Spoofing Vulnerability

External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-54108
Baja Microsoft Office

CVE-2026-50675 Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-50675
Baja Microsoft Office

CVE-2026-50678 Microsoft Excel Information Disclosure Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-50678
Baja Microsoft Office

CVE-2026-54988 Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-54988
Baja Microsoft Office

CVE-2026-55899 Microsoft Excel Remote Code Execution Vulnerability

Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55899
Baja Microsoft Office

CVE-2026-55948 Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55948
Baja Microsoft

CVE-2026-56155 Active Directory Federation Services Elevation of Privilege Vulnerability

Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.

CVE-2026-56155
Crítica Microsoft Office

CVE-2026-56164 Microsoft SharePoint Server Elevation of Privilege Vulnerability

Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-56164
Baja Windows

CVE-2026-56169 Windows Admin Center Elevation of Privilege Vulnerability

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

CVE-2026-56169
Baja Microsoft

CVE-2026-56170 ASP.NET Core Denial of Service Vulnerability

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

CVE-2026-56170
Baja Windows

CVE-2026-50694 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Use after free in Windows Secure Socket Tunneling Protocol (SSTP) allows an unauthorized attacker to execute code over a network.

CVE-2026-50694
Baja Windows

CVE-2026-54127 Windows Hyper-V Elevation of Privilege Vulnerability

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

CVE-2026-54127
Baja Microsoft Office

CVE-2026-56193 Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-56193
Baja Windows

CVE-2026-56185 Windows Admin Center Information Disclosure Vulnerability

Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network.

CVE-2026-56185
Baja Microsoft

CVE-2026-57097 Microsoft XML Security Feature Bypass Vulnerability

Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2026-57097
Baja Windows

CVE-2026-57107 Windows Admin Center Elevation of Privilege Vulnerability

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally.

CVE-2026-57107
Crítica Azure

CVE-2026-57969 Azure CycleCloud Elevation of Privilege Vulnerability

Missing authentication for critical function in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.

CVE-2026-57969
Sin clasificar Windows

CVE-2026-57976 Windows Active Directory Domain Services Denial of Service Vulnerability

Information published.

CVE-2026-57976
Baja Windows

CVE-2026-57979 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

CVE-2026-57979
Baja Windows

CVE-2026-55014 Windows Remote Help Defense Elevation of Privilege Vulnerability

Improper access control in Windows Remote Help Defense allows an authorized attacker to elevate privileges locally.

CVE-2026-55014
Baja Azure

CVE-2026-58279 Azure CycleCloud Elevation of Privilege Vulnerability

Missing authorization in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.

CVE-2026-58279
Baja Windows

CVE-2026-58526 Windows Storage Elevation of Privilege Vulnerability

Use after free in Windows Storage allows an authorized attacker to elevate privileges locally.

CVE-2026-58526
Baja Microsoft

CVE-2026-58595 Microsoft Bing App for IOS Spoofing Vulnerability

Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58595
Baja Microsoft Office

CVE-2026-50522 Microsoft SharePoint Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

CVE-2026-50522
Baja Microsoft

CVE-2026-58601 Virtual Hard Disk (VHD) Miniport Driver Elevation of Privilege Vulernability

Heap-based buffer overflow in Virtual Hard Disk (VHD) Miniport Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-58601
Baja Windows

CVE-2026-58602 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Use after free in Windows Kernel Mode Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-58602
Baja Windows

CVE-2026-58608 Windows Print Spooler Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to execute code over a network.

CVE-2026-58608
Baja Windows

CVE-2026-58609 Windows Graphics Component Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.

CVE-2026-58609
Media Windows

CVE-2026-58610 Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.

CVE-2026-58610
Baja Windows

CVE-2026-58614 Windows Kernel Security Feature Bypass Vulnerability

Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally.

CVE-2026-58614
Baja Microsoft

CVE-2026-47301 Configuration Manager Elevation of Privilege Vulnerability

Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over a network.

CVE-2026-47301
Baja Microsoft Office

CVE-2026-58618 Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-58618
Baja Windows

CVE-2026-58631 Windows Admin Center (WAC) Remote Code Execution Vulnerability

Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally.

CVE-2026-58631
Baja Windows

CVE-2026-58635 Windows Narrator Braille Elevation of Privilege Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.

CVE-2026-58635
Baja Microsoft

CVE-2026-58636 Microsoft PC Manager Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Window PC Manager allows an authorized attacker to elevate privileges locally.

CVE-2026-58636
Baja Windows

CVE-2026-58640 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

CVE-2026-58640
Sin clasificar SharePoint

CVE-2026-58644 Microsoft SharePoint Remote Code Execution Vulnerability

The Patch for this issue was released but the CVE was inadvertently left out of the Patch Tuesday June 2026 release

CVE-2026-58644
Baja Microsoft

CVE-2026-58647 Microsoft PowerBI Report Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Power BI allows an authorized attacker to perform spoofing over a network.

CVE-2026-58647
Baja Azure

CVE-2026-50652 Azure Active Directory Denial of Service Vulnerability

Deserialization of untrusted data in Azure Active Directory allows an unauthorized attacker to deny service over a network.

CVE-2026-50652
Baja Azure

CVE-2026-50653 Azure Active Directory Denial of Service Vulnerability

Loop with unreachable exit condition ('infinite loop') in Azure Active Directory allows an unauthorized attacker to deny service over a network.

CVE-2026-50653
Baja Windows

CVE-2026-33842 Windows File Explorer Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-33842
Baja Windows

CVE-2026-34328 Windows Audio Service Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Audio Service allows an authorized attacker to disclose information locally.

CVE-2026-34328
Baja Windows

CVE-2026-40422 Windows File Explorer Information Disclosure Vulnerability

Use of uninitialized resource in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-40422
Baja Windows

CVE-2026-41087 Windows File Explorer Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-41087
Baja Windows

CVE-2026-40400 Windows PowerShell Remote Code Execution Vulnerability

Relative path traversal in Windows PowerShell allows an authorized attacker to execute code over a network.

CVE-2026-40400
Baja Windows

CVE-2026-34348 Windows Event Logging Service Information Disclosure Vulnerability

Protection mechanism failure in Windows Event Logging Service allows an authorized attacker to disclose information over a network.

CVE-2026-34348
Baja Windows

CVE-2026-44806 Windows Secure Channel Denial of Service Vulnerability

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.

CVE-2026-44806
Baja Windows

CVE-2026-40378 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

Memory allocation with excessive size value in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

CVE-2026-40378
Baja Microsoft

CVE-2026-47304 .NET Security Feature Bypass Vulnerability

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-47304
Baja Windows

CVE-2026-44800 Windows Push Notifications Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

CVE-2026-44800
Baja Azure

CVE-2026-47632 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability

Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network.

CVE-2026-47632
Baja Windows

CVE-2026-48564 DHCP Server Service Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to execute code over a network.

CVE-2026-48564
Baja Microsoft

CVE-2026-48581 Surface Broker SDMA Elevation of Privilege Vulnerability

Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally.

CVE-2026-48581
Baja Microsoft

CVE-2026-45646 OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

CVE-2026-45646
Baja Windows

CVE-2026-49178 Windows Active Directory Domain Services Remote Code Execution Vulnerability

Heap-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.

CVE-2026-49178
Baja Microsoft

CVE-2026-49180 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

CVE-2026-49180
Baja Windows

CVE-2026-49181 Windows DHCP Client Elevation of Privilege Vulnerability

Integer underflow (wrap or wraparound) in Windows DHCP Client allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-49181
Baja Windows

CVE-2026-49184 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

CVE-2026-49184
Baja Windows

CVE-2026-49183 Windows Clipboard Server Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clipboard Server allows an authorized attacker to elevate privileges locally.

CVE-2026-49183
Baja Windows

CVE-2026-49783 Secure Boot Security Feature Bypass Vulnerability

Improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-49783
Baja Windows

CVE-2026-49787 HTTP.sys Denial of Service Vulnerability

Allocation of resources without limits or throttling in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.

CVE-2026-49787
Baja Microsoft

CVE-2026-49788 HTTP/2 Denial of Service Vulnerability

Allocation of resources without limits or throttling in HTTP/2 allows an unauthorized attacker to deny service over a network.

CVE-2026-49788
Baja Windows

CVE-2026-49789 Windows NTFS Elevation of Privilege Vulnerability

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.

CVE-2026-49789
Sin clasificar Windows

CVE-2026-49790 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Information published.

CVE-2026-49790
Baja Windows

CVE-2026-49791 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.

CVE-2026-49791
Baja Windows

CVE-2026-49792 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Numeric truncation error in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.

CVE-2026-49792
Baja Windows

CVE-2026-49793 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.

CVE-2026-49793
Baja Windows

CVE-2026-49794 Windows USB Audio Class Driver Information Disclosure Vulnerability

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

CVE-2026-49794
Baja Windows

CVE-2026-49796 Windows GDI+ Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally.

CVE-2026-49796
Baja Windows

CVE-2026-49795 Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-49795
Baja Windows

CVE-2026-49797 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

CVE-2026-49797
Baja Windows

CVE-2026-49798 Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.

CVE-2026-49798
Baja Windows

CVE-2026-50299 Windows Storage Spaces Direct Remote Code Execution Vulnerability

Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to execute code with a physical attack.

CVE-2026-50299
Baja Windows

CVE-2026-49800 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate privileges locally.

CVE-2026-49800
Baja Windows

CVE-2026-49799 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.

CVE-2026-49799
Baja Windows

CVE-2026-50308 Windows NTFS Remote Code Execution Vulnerability

Integer underflow (wrap or wraparound) in Windows NTFS allows an unauthorized attacker to execute code locally.

CVE-2026-50308
Baja Windows Server

CVE-2026-50311 Windows Server Elevation of Privilege Vulnerability

Improper access control in Windows Server allows an authorized attacker to elevate privileges locally.

CVE-2026-50311
Baja Windows

CVE-2026-49804 Windows USB Video Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows USB Video Driver allows an unauthorized attacker to elevate privileges with a physical attack.

CVE-2026-49804
Baja Windows

CVE-2026-50294 Windows Kernel Information Disclosure Vulnerability

Exposure of sensitive system information to an unauthorized control sphere in Windows Kernel allows an unauthorized attacker to disclose information locally.

CVE-2026-50294
Crítica Windows

CVE-2026-50333 Windows Spaceport.sys Elevation of Privilege Vulnerability

Missing authentication for critical function in Windows Spaceport.sys allows an authorized attacker to elevate privileges locally.

CVE-2026-50333
Baja Windows

CVE-2026-49801 Windows SMB Information Disclosure Vulnerability

Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.

CVE-2026-49801
Baja Windows

CVE-2026-49802 Windows USB Print Driver Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-49802
Baja Windows

CVE-2026-49806 Windows USB Print Driver Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-49806
Baja Windows

CVE-2026-49805 Win32k Elevation of Privilege Vulnerability

Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.

CVE-2026-49805
Baja Windows

CVE-2026-49803 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.

CVE-2026-49803
Baja Windows

CVE-2026-50323 Windows Runtime Elevation of Privilege Vulnerability

Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.

CVE-2026-50323
Baja Windows

CVE-2026-50318 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Stack-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.

CVE-2026-50318
Baja Windows

CVE-2026-50351 Windows Audio Compression Manager (ACM) Elevation of Privilege Vulnerability

Improper access control in Windows Audio Compression Manager (ACM) allows an authorized attacker to elevate privileges locally.

CVE-2026-50351
Baja Windows

CVE-2026-49807 Windows DirectX Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows DirectX allows an unauthorized attacker to disclose information locally.

CVE-2026-49807
Baja Windows

CVE-2026-50342 Windows MIDI Service Module Elevation of Privileges Vulnerability

Improper access control in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally.

CVE-2026-50342
Baja Windows

CVE-2026-50298 Windows Spaceport.sys Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows Spaceport.sys allows an unauthorized attacker to elevate privileges with a physical attack.

CVE-2026-50298
Baja Windows

CVE-2026-49808 Windows Kernel Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-49808
Baja Windows

CVE-2026-50293 Windows Internal Task Bar Elevation of Privilege Vulnerability

Use after free in Windows Internal Task Bar allows an authorized attacker to elevate privileges locally.

CVE-2026-50293
Baja Windows

CVE-2026-50316 Windows Kernel Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

CVE-2026-50316
Baja Windows

CVE-2026-50354 Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50354
Baja Microsoft

CVE-2026-50296 DirectX Graphics Kernel Elevation of Privilege Vulnerability

Use after free in Graphics Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50296
Baja Windows

CVE-2026-50297 Win32k Elevation of Privilege Vulnerability

Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.

CVE-2026-50297
Baja Windows

CVE-2026-50325 Win32k Elevation of Privilege Vulnerability

Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.

CVE-2026-50325
Baja Windows

CVE-2026-50356 Microsoft Windows App Store Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally.

CVE-2026-50356
Baja Windows

CVE-2026-50384 Windows Clip Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clip Service allows an authorized attacker to elevate privileges locally.

CVE-2026-50384
Baja Windows

CVE-2026-50295 Windows Zero Trust DNS Security Feature Bypass Vulnerability

Improper privilege management in Microsoft Windows DNS allows an authorized attacker to bypass a security feature locally.

CVE-2026-50295
Baja Windows

CVE-2026-50350 Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

CVE-2026-50350
Baja Microsoft

CVE-2026-50381 Composite Image File System driver (cimfs.sys) Information Disclosure Vulnerability

Access of resource using incompatible type ('type confusion') in Composite Image File System Driver allows an authorized attacker to disclose information locally.

CVE-2026-50381
Baja Windows

CVE-2026-50300 Windows DWM Core Library Information Disclosure Vulnerability

Integer underflow (wrap or wraparound) in Windows Kernel allows an authorized attacker to disclose information locally.

CVE-2026-50300
Baja Windows

CVE-2026-50303 Windows Key Guard Security Feature Bypass Vulnerability

Use of a cryptographic primitive with a risky implementation in Windows Key Guard allows an authorized attacker to bypass a security feature locally.

CVE-2026-50303
Baja Windows Server

CVE-2026-50364 Windows Backup Service Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Windows Server Backup allows an authorized attacker to elevate privileges locally.

CVE-2026-50364
Baja Windows

CVE-2026-50302 Windows Cryptographic Services Security Feature Bypass Vulnerability

Improper certificate validation in Windows Cryptographic Services allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-50302
Baja Windows

CVE-2026-50332 Windows Kernel Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50332
Baja Windows

CVE-2026-50372 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability

Buffer over-read in Windows Redirected Drive Buffering allows an authorized attacker to elevate privileges locally.

CVE-2026-50372
Baja Microsoft

CVE-2026-50305 Microsoft Brokering File System Elevation of Privilege Vulnerability

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

CVE-2026-50305
Baja Windows

CVE-2026-50329 Microsoft DWM Core Library Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50329
Baja Windows

CVE-2026-50363 Windows Push Notifications Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

CVE-2026-50363
Baja Windows

CVE-2026-50392 Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Use after free in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.

CVE-2026-50392
Baja Windows

CVE-2026-50304 Windows Active Directory Federation Services Denial of Service Vulnerability

Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.

CVE-2026-50304
Baja Windows Server

CVE-2026-50328 Windows Server Update Service (WSUS) Tampering Vulnerability

Uncaught exception in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.

CVE-2026-50328
Baja Windows

CVE-2026-50306 Windows TCP/IP Elevation of Privilege Vulnerability

Use after free in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2026-50306
Baja Windows

CVE-2026-50360 Windows SMB Server Elevation of Privilege Vulnerability

Incorrect implementation of authentication algorithm in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-50360
Baja Windows

CVE-2026-50393 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

CVE-2026-50393
Baja Windows

CVE-2026-50412 Windows NTFS Elevation of Privilege Vulnerability

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.

CVE-2026-50412
Baja Windows

CVE-2026-50337 Windows Notification Elevation of Privilege Vulnerability

Incorrect type conversion or cast in Windows Notification allows an authorized attacker to elevate privileges locally.

CVE-2026-50337
Baja Windows

CVE-2026-50386 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

CVE-2026-50386
Baja Windows

CVE-2026-50400 Windows App Package Installer Elevation of Privilege Vulnerability

Stack-based buffer overflow in Windows App Installer allows an authorized attacker to elevate privileges locally.

CVE-2026-50400
Baja Windows

CVE-2026-50309 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

CVE-2026-50309
Baja Windows

CVE-2026-50419 Windows Kernel Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

CVE-2026-50419
Baja Windows

CVE-2026-50368 Windows Active Directory Federation Services Denial of Service Vulnerability

Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.

CVE-2026-50368
Baja Windows

CVE-2026-50307 Windows TCP/IP Elevation of Privilege Vulnerability

Use after free in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2026-50307
Baja Windows

CVE-2026-50326 Windows Unified Consent System Elevation of Privilege Vulnerability

Use after free in Windows Unified Consent System allows an authorized attacker to elevate privileges locally.

CVE-2026-50326
Baja Windows

CVE-2026-50313 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

CVE-2026-50313
Baja Windows

CVE-2026-50440 Windows Audio Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Audio Service allows an authorized attacker to elevate privileges locally.

CVE-2026-50440
Baja Windows

CVE-2026-50380 Windows GDI+ Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.

CVE-2026-50380
Media Windows

CVE-2026-50327 Windows Media Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.

CVE-2026-50327
Baja Windows

CVE-2026-50341 Windows NTFS Information Disclosure Vulnerability

Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally.

CVE-2026-50341
Baja Windows

CVE-2026-50407 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.

CVE-2026-50407
Baja Windows

CVE-2026-50331 Windows Application Model Core API Elevation of Privilege Vulnerability

Use after free in Windows Application Model allows an authorized attacker to elevate privileges locally.

CVE-2026-50331
Baja Microsoft

CVE-2026-50343 Microsoft Install Service Elevation of Privilege Vulnerability

Improper privilege management in Microsoft Install Service allows an authorized attacker to elevate privileges locally.

CVE-2026-50343
Baja Windows

CVE-2026-50396 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

CVE-2026-50396
Baja Windows

CVE-2026-50370 DHCP Server Service Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over an adjacent network.

CVE-2026-50370
Baja Windows

CVE-2026-50347 Windows Data.dll Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Data dll allows an unauthorized attacker to execute code locally.

CVE-2026-50347
Baja Windows

CVE-2026-50321 Windows USB Driver Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-50321
Baja Windows

CVE-2026-50425 Windows Internal System User Profile Elevation of Privilege Vulnerability

Use after free in Windows Internal System User Profile allows an authorized attacker to elevate privileges locally.

CVE-2026-50425
Sin clasificar Windows

CVE-2026-50315 Windows Image Acquisition Elevation of Privilege Vulnerability

Information published.

CVE-2026-50315
Baja Windows

CVE-2026-50434 Windows Push Notification Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-50434
Baja Windows

CVE-2026-50339 Windows Push Notification Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-50339
Baja Windows

CVE-2026-50430 Windows Push Notification Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-50430
Baja Windows

CVE-2026-50310 Windows Human Interface Device Information Disclosure Vulnerability

Integer overflow or wraparound in Windows Devices Human Interface allows an authorized attacker to disclose information locally.

CVE-2026-50310
Baja Windows

CVE-2026-50324 Windows Active Directory Federation Services Denial of Service Vulnerability

Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.

CVE-2026-50324
Baja Windows

CVE-2026-50312 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-50312
Baja Windows

CVE-2026-50330 Windows Remote Desktop Client Elevation of Privilege Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-50330
Baja Windows

CVE-2026-50357 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Numeric truncation error in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.

CVE-2026-50357
Baja Windows

CVE-2026-50377 Windows Kernel Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50377
Baja Windows

CVE-2026-50390 Windows Kernel Elevation of Privilege Vulnerability

Access of resource using incompatible type ('type confusion') in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50390
Baja Windows

CVE-2026-50452 Windows Runtime Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-50452
Baja Windows

CVE-2026-50348 Windows Runtime Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-50348
Baja Windows

CVE-2026-50345 Windows Runtime Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.

CVE-2026-50345
Baja Windows

CVE-2026-50322 Windows Runtime Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.

CVE-2026-50322
Baja Windows

CVE-2026-50335 Windows Operating Systems Elevation of Privilege Vulnerability

Improper access control in Windows Operating Systems allows an authorized attacker to elevate privileges locally.

CVE-2026-50335
Baja Windows

CVE-2026-50375 DirectX Graphics Kernel Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows DirectX allows an authorized attacker to elevate privileges locally.

CVE-2026-50375
Baja Microsoft

CVE-2026-50361 Microsoft Brokering File System Elevation of Privilege Vulnerability

Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

CVE-2026-50361
Baja Windows

CVE-2026-50317 Windows Operating Systems Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Operating Systems allows an authorized attacker to elevate privileges locally.

CVE-2026-50317
Baja Windows

CVE-2026-50340 Windows Runtime Elevation of Privilege Vulnerability

Use after free in Windows Runtime allows an authorized attacker to elevate privileges over a network.

CVE-2026-50340
Media Windows

CVE-2026-50404 Windows Media Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges locally.

CVE-2026-50404
Sin clasificar Windows

CVE-2026-50366 Windows Active Directory Domain Services Denial of Service Vulnerability

Information published.

CVE-2026-50366
Baja Windows

CVE-2026-50416 Win32k Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.

CVE-2026-50416
Media Windows

CVE-2026-50358 Windows Media Elevation of Privilege Vulnerability

Use after free in Windows Media allows an authorized attacker to elevate privileges locally.

CVE-2026-50358
Baja Windows

CVE-2026-50355 Windows Active Directory Federation Services Denial of Service Vulnerability

Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.

CVE-2026-50355
Baja Windows

CVE-2026-50428 Windows Container Isolation FS Filter Driver (unionfs.sys) Information Disclosure Vulnerability

Out-of-bounds read in Windows Container Isolation FS Filter Driver (unionfs.sys) allows an authorized attacker to disclose information locally.

CVE-2026-50428
Baja Windows

CVE-2026-50373 Windows Search Service Elevation of Privilege Vulnerability

Improper access control in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.

CVE-2026-50373
Baja Windows

CVE-2026-50353 DirectX Graphics Kernel Elevation of Privilege Vulnerability

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

CVE-2026-50353
Baja Windows

CVE-2026-50388 Windows NTFS Remote Code Execution Vulnerability

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to execute code locally.

CVE-2026-50388
Baja Windows

CVE-2026-50410 Windows Runtime Elevation of Privilege Vulnerability

Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.

CVE-2026-50410
Baja Windows

CVE-2026-50449 Windows Runtime Elevation of Privilege Vulnerability

Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.

CVE-2026-50449
Baja Windows

CVE-2026-50371 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows LUAFV allows an authorized attacker to elevate privileges locally.

CVE-2026-50371
Media Windows

CVE-2026-50336 Windows Media Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Media allows an authorized attacker to elevate privileges locally.

CVE-2026-50336
Media Windows

CVE-2026-50398 Windows Media Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network.

CVE-2026-50398
Media Windows

CVE-2026-50414 Windows Media Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network.

CVE-2026-50414
Media Windows

CVE-2026-50379 Windows Media Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network.

CVE-2026-50379
Baja Windows

CVE-2026-50463 Windows Kernel Information Disclosure Vulnerability

Out-of-bounds read in Windows Kernel allows an unauthorized attacker to disclose information over a network.

CVE-2026-50463
Baja Windows

CVE-2026-50460 Windows Runtime Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-50460
Baja Windows

CVE-2026-50403 Windows Runtime Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.

CVE-2026-50403
Media Windows

CVE-2026-50433 Windows Media Elevation of Privilege Vulnerability

Use after free in Windows Media allows an authorized attacker to elevate privileges locally.

CVE-2026-50433
Baja Windows

CVE-2026-50391 Windows Group Policy Elevation of Privilege Vulnerability

Improper privilege management in Windows Group Policy allows an authorized attacker to elevate privileges locally.

CVE-2026-50391
Baja Windows

CVE-2026-50418 Windows System Secure Feature Bypass Vulnerability

Improper access control in Windows System allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-50418
Baja Windows

CVE-2026-50423 Windows Kernel Elevation of Privilege Vulnerability

Improper access control in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50423
Baja Windows

CVE-2026-50378 Windows Key Guard Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Key Guard allows an authorized attacker to elevate privileges locally.

CVE-2026-50378
Baja Windows

CVE-2026-50401 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.

CVE-2026-50401
Baja Microsoft

CVE-2026-50346 Netlogon RPC Elevation of Privilege Vulnerability

Improper authorization in RPC Runtime allows an authorized attacker to elevate privileges locally.

CVE-2026-50346
Baja Windows

CVE-2026-50376 Windows Remote Desktop Client Information Disclosure Vulnerability

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

CVE-2026-50376
Baja Windows

CVE-2026-50397 Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50397
Baja Windows

CVE-2026-50405 Windows Filtering Platform Elevation of Privilege Vulnerability

Insufficient granularity of access control in Windows Filtering Platform (WFP) allows an authorized attacker to elevate privileges locally.

CVE-2026-50405
Baja Windows

CVE-2026-50448 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

CVE-2026-50448
Baja Windows

CVE-2026-50387 Windows GDI Elevation of Privilege Vulnerability

Stack-based buffer overflow in Windows GDI allows an authorized attacker to elevate privileges locally.

CVE-2026-50387
Baja Windows

CVE-2026-50334 Windows Push Notification Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Notification allows an authorized attacker to disclose information locally.

CVE-2026-50334
Baja Windows

CVE-2026-50445 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.

CVE-2026-50445
Baja Windows

CVE-2026-50344 Windows OLE Elevation of Privilege Vulnerability

Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally.

CVE-2026-50344
Baja Windows

CVE-2026-50352 Windows Cryptographic Services Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

CVE-2026-50352
Baja Windows

CVE-2026-50382 DirectX Graphics Kernel Remote Code Execution Vulnerability

Untrusted pointer dereference in Windows DirectX allows an authorized attacker to execute code locally.

CVE-2026-50382
Baja Windows

CVE-2026-50436 Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50436
Baja Windows

CVE-2026-50437 Windows DWM Core Library Information Disclosure Vulnerability

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

CVE-2026-50437
Baja Windows

CVE-2026-50471 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

CVE-2026-50471
Baja Windows

CVE-2026-50369 Windows Remote Desktop Services Elevation of Privilege Vulnerability

Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges over a network.

CVE-2026-50369
Baja Windows

CVE-2026-50469 Windows Projected File System Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Windows Projected File System allows an authorized attacker to elevate privileges locally.

CVE-2026-50469
Baja Windows

CVE-2026-50454 Windows User Interface Core Elevation of Privilege Vulnerability

Relative path traversal in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

CVE-2026-50454
Baja Windows

CVE-2026-50365 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability

Improper authentication in Windows RPC API allows an unauthorized attacker to elevate privileges over an adjacent network.

CVE-2026-50365
Baja Windows

CVE-2026-50426 Windows DNS Server Remote Code Execution Vulnerability

Relative path traversal in DNS Server allows an authorized attacker to execute code over an adjacent network.

CVE-2026-50426
Baja Windows

CVE-2026-50385 Windows Runtime Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.

CVE-2026-50385
Baja Windows

CVE-2026-50413 Windows Runtime Elevation of Privilege Vulnerability

Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.

CVE-2026-50413
Baja Microsoft

CVE-2026-50427 Content Delivery Manager Elevation of Privilege Vulnerability

Use after free in Content Delivery Manager allows an authorized attacker to elevate privileges locally.

CVE-2026-50427
Baja Windows

CVE-2026-50422 Windows NTFS Elevation of Privilege Vulnerability

Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.

CVE-2026-50422
Baja Windows

CVE-2026-50421 Windows Connected User Experiences and Telemetry Elevation of Privilege Vulnerability

Access of resource using incompatible type ('type confusion') in Windows Connected User Experiences and Telemetry allows an authorized attacker to elevate privileges locally.

CVE-2026-50421
Baja Windows

CVE-2026-50374 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges with a physical attack.

CVE-2026-50374
Baja Windows

CVE-2026-50367 Windows Sensor Data Service Elevation of Privilege Vulnerability

Incorrect access of indexable resource ('range error') in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.

CVE-2026-50367
Baja Windows

CVE-2026-50383 Windows Print Spooler Information Disclosure Vulnerability

Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.

CVE-2026-50383
Crítica Windows

CVE-2026-50451 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability

Missing authentication for critical function in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.

CVE-2026-50451
Baja Microsoft

CVE-2026-50455 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability

Use of uninitialized resource in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

CVE-2026-50455
Baja Windows

CVE-2026-50466 Microsoft Brokering File System Elevation of Privilege Vulnerability

Use after free in Windows Brokering File System allows an authorized attacker to elevate privileges locally.

CVE-2026-50466
Baja Windows

CVE-2026-50402 NTFS Elevation of Privilege Vulnerability

Incorrect conversion between numeric types in Windows NTFS allows an authorized attacker to elevate privileges locally.

CVE-2026-50402
Baja Windows

CVE-2026-50435 Windows Overlay Filter Elevation of Privilege Vulnerability

Buffer over-read in Windows Overlay Filter allows an authorized attacker to elevate privileges locally.

CVE-2026-50435
Baja Windows

CVE-2026-50409 Windows Overlay Filter Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Overlay Filter allows an authorized attacker to disclose information locally.

CVE-2026-50409
Baja Windows

CVE-2026-50441 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.

CVE-2026-50441
Baja Windows

CVE-2026-50465 Windows DNS Client Tampering Vulnerability

Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.

CVE-2026-50465
Baja Microsoft

CVE-2026-50439 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability

Use after free in Microsoft Message Queuing Queue Manager allows an unauthorized attacker to execute code over a network.

CVE-2026-50439
Baja Windows

CVE-2026-50462 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-50462
Baja Windows

CVE-2026-50457 Windows Runtime Elevation of Privilege Vulnerability

Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.

CVE-2026-50457
Baja Windows

CVE-2026-50473 Windows File Explorer Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-50473
Baja Windows

CVE-2026-50442 Windows File Explorer Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-50442
Baja Windows

CVE-2026-50389 Windows File Explorer Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-50389
Baja Windows

CVE-2026-50456 Windows File Explorer Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-50456
Baja Windows

CVE-2026-50432 Window Virtual Filtering Platform (VFP) Denial of Service Vulnerability

Use after free in Windows Virtual Filtering Platform (VFP) allows an authorized attacker to deny service over a network.

CVE-2026-50432
Baja Windows

CVE-2026-50399 Windows Kernel Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50399
Baja Windows

CVE-2026-50461 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

CVE-2026-50461
Sin clasificar Windows

CVE-2026-50431 Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability

Information published.

CVE-2026-50431
Baja Windows

CVE-2026-50453 Windows USB Audio Class Driver Information Disclosure Vulnerability

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

CVE-2026-50453
Baja Windows

CVE-2026-50417 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

CVE-2026-50417
Baja Windows

CVE-2026-50447 Windows Message Queuing Service (MSMQ) Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over a network.

CVE-2026-50447
Baja Microsoft

CVE-2026-50438 Microsoft PC Manager Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

CVE-2026-50438
Baja Windows

CVE-2026-50420 HTTP.sys Information Disclosure Vulnerability

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to disclose information locally.

CVE-2026-50420
Baja Windows

CVE-2026-50362 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally.

CVE-2026-50362
Baja Microsoft

CVE-2026-50474 Remote Desktop Client Remote Code Execution Vulnerability

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-50474
Baja Windows

CVE-2026-50411 Windows Active Directory Federation Services Denial of Service Vulnerability

Stack-based buffer overflow in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.

CVE-2026-50411
Crítica Windows Server

CVE-2026-50444 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability

Missing authentication for critical function in Windows Server Update Service allows an authorized attacker to elevate privileges over a network.

CVE-2026-50444
Media Windows

CVE-2026-50394 Windows Media Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.

CVE-2026-50394
Media Windows

CVE-2026-50415 Windows Media Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Media allows an unauthorized attacker to disclose information over a network.

CVE-2026-50415
Baja Microsoft

CVE-2026-50458 Microsoft Brokering File System Elevation of Privilege Vulnerability

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

CVE-2026-50458
Baja Windows

CVE-2026-50475 Windows Kernel Information Disclosure Vulnerability

Buffer over-read in Windows Kernel allows an authorized attacker to disclose information locally.

CVE-2026-50475
Baja Windows

CVE-2026-50476 Windows Network Connections Service Elevation of Privilege Vulnerability

Use after free in Microsoft Windows allows an authorized attacker to elevate privileges locally.

CVE-2026-50476
Baja Windows

CVE-2026-50429 Windows Kernel Information Disclosure Vulnerability

Out-of-bounds read in Windows Kernel allows an unauthorized attacker to disclose information over a network.

CVE-2026-50429
Baja Windows

CVE-2026-50450 Windows Network Connections Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Wide Area Network Service allows an authorized attacker to elevate privileges locally.

CVE-2026-50450
Baja Windows

CVE-2026-50424 Windows Domain Controller Denial of Service Vulnerability

Untrusted pointer dereference in Windows Domain Controller allows an unauthorized attacker to deny service over a network.

CVE-2026-50424
Baja Windows

CVE-2026-50406 Windows Backup Engine Elevation of Privilege Vulnerability

Use after free in Windows Backup Engine allows an authorized attacker to elevate privileges locally.

CVE-2026-50406
Baja Windows

CVE-2026-50470 Windows Network Policy Server SNMP Information Disclosure Vulnerability

Out-of-bounds read in Windows Network Policy Server SNMP allows an unauthorized attacker to disclose information over a network.

CVE-2026-50470
Baja Windows

CVE-2026-50459 Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.

CVE-2026-50459
Baja Windows

CVE-2026-50477 Windows Kernel Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50477
Baja Windows

CVE-2026-50478 Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50478
Baja Windows

CVE-2026-50479 Windows USB Hub Driver Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows USB Hub Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-50479
Baja Windows

CVE-2026-50480 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate privileges locally.

CVE-2026-50480
Baja Windows

CVE-2026-50482 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

CVE-2026-50482
Baja Windows

CVE-2026-50495 DNS Client Tampering Vulnerability

Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.

CVE-2026-50495
Baja Windows

CVE-2026-50483 Windows Graphics Component Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information locally.

CVE-2026-50483
Baja Windows

CVE-2026-50484 Windows Kernel Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50484
Baja Windows

CVE-2026-50493 DirectX Graphics Kernel Elevation of Privilege Vulnerability

Use after free in Windows Graphics Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50493
Baja Windows

CVE-2026-50502 Windows Event Logging Service Remote Code Execution Vulnerability

Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network.

CVE-2026-50502
Baja Windows

CVE-2026-50485 Windows Hyper-V Denial of Service Vulnerability

Buffer over-read in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.

CVE-2026-50485
Baja Windows

CVE-2026-50486 Windows Runtime Elevation of Privilege Vulnerability

Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.

CVE-2026-50486
Baja Windows

CVE-2026-50487 Windows DNS Client Elevation of Privilege Vulnerability

Use after free in Microsoft Windows DNS allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-50487
Baja Windows

CVE-2026-50488 Clipboard User Service Elevation of Privilege Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Windows Clipboard User Service allows an authorized attacker to elevate privileges locally.

CVE-2026-50488
Baja Windows

CVE-2026-50500 Windows Netlogon Elevation of Privilege Vulnerability

Use after free in Windows Netlogon allows an authorized attacker to elevate privileges over a network.

CVE-2026-50500
Baja Windows

CVE-2026-50499 Windows Print Spooler Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

CVE-2026-50499
Baja Windows

CVE-2026-50489 Win32k Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Win32K allows an authorized attacker to elevate privileges locally.

CVE-2026-50489
Baja Windows

CVE-2026-50494 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

CVE-2026-50494
Baja Windows

CVE-2026-50490 Windows Installer Elevation of Privilege Vulnerability

Use after free in Windows Installer allows an authorized attacker to elevate privileges locally.

CVE-2026-50490
Sin clasificar Windows

CVE-2026-50498 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Information published.

CVE-2026-50498
Baja Windows

CVE-2026-50505 Windows Message Queuing Service (MSMQ) Remote Code Execution Vulnerability

Use after free in Windows Message Queuing allows an authorized attacker to execute code over a network.

CVE-2026-50505
Baja Microsoft

CVE-2026-50491 Code Integrity DLL (ci.dll) Elevation of Privilege Vulnerability

Out-of-bounds read in Code Integrity DLL (ci.dll) allows an authorized attacker to elevate privileges locally.

CVE-2026-50491
Baja Windows

CVE-2026-50492 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code with a physical attack.

CVE-2026-50492
Baja Windows

CVE-2026-50501 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Stack-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally.

CVE-2026-50501
Baja Windows

CVE-2026-50503 Windows Runtime Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.

CVE-2026-50503
Baja Windows

CVE-2026-50497 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Off-by-one error in Windows Remote Desktop Protocol allows an unauthorized attacker to disclose information over a network.

CVE-2026-50497
Baja Windows

CVE-2026-50496 Windows Network Policy Server SNMP Information Disclosure Vulnerability

Out-of-bounds read in Windows Network Policy Server SNMP allows an unauthorized attacker to disclose information over a network.

CVE-2026-50496
Baja Windows

CVE-2026-50504 Windows Remote Desktop Client Information Disclosure Vulnerability

Buffer over-read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.

CVE-2026-50504
Baja SQL Server

CVE-2026-47295 Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-47295
Baja Windows

CVE-2026-50509 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Deserialization of untrusted data in Windows Wireless Wide Area Network Service allows an authorized attacker to elevate privileges locally.

CVE-2026-50509
Baja Microsoft

CVE-2026-50510 GitHub Copilot Remote Code Execution Vulnerability

Improper restriction of names for files and other resources in Github Copilot allows an unauthorized attacker to execute code locally.

CVE-2026-50510
Baja Windows

CVE-2026-50518 Windows DHCP Server Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network.

CVE-2026-50518
Baja Microsoft

CVE-2026-50525 .NET Denial of Service Vulnerability

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

CVE-2026-50525
Baja Microsoft

CVE-2026-50526 .NET Tampering Vulnerability

Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.

CVE-2026-50526
Baja Microsoft

CVE-2026-50527 .NET Framework Denial of Service Vulnerability

Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.

CVE-2026-50527
Baja Microsoft

CVE-2026-50528 .NET Security Feature Bypass Vulnerability

Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-50528
Baja Microsoft

CVE-2026-50646 .NET Framework Remote Code Execution Vulnerability

Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.

CVE-2026-50646
Baja Microsoft

CVE-2026-50647 Active Directory Federation Server Denial of Service Vulnerability

Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.

CVE-2026-50647
Baja Microsoft

CVE-2026-50648 .NET Framework Denial of Service Vulnerability

Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.

CVE-2026-50648
Baja Microsoft

CVE-2026-50649 .NET Remote Code Execution Vulnerability

Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.

CVE-2026-50649
Baja Microsoft

CVE-2026-50650 .NET Framework Elevation of Privilege Vulnerability

Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.

CVE-2026-50650
Baja Microsoft

CVE-2026-50651 .NET Denial of Service Vulnerability

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

CVE-2026-50651
Media Windows

CVE-2026-50655 Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

CVE-2026-50655
Baja Defender

CVE-2026-50657 Microsoft Defender for Endpoint for Mac Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to disclose information locally.

CVE-2026-50657
Baja Defender

CVE-2026-50658 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Microsoft Defender allows an authorized attacker to elevate privileges locally.

CVE-2026-50658
Baja Microsoft

CVE-2026-50659 .NET Spoofing Vulnerability

Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.

CVE-2026-50659
Baja Windows

CVE-2026-50661 Windows BitLocker Security Feature Bypass Vulnerability

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2026-50661
Baja Windows

CVE-2026-50666 Windows Remote Access Elevation of Privilege Vulnerability

Use after free in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges over a network.

CVE-2026-50666
Baja Windows

CVE-2026-50667 Windows Common Log File System Driver Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows NTFS allows an authorized attacker to elevate privileges locally.

CVE-2026-50667
Baja Windows

CVE-2026-50668 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to elevate privileges with a physical attack.

CVE-2026-50668
Baja Windows

CVE-2026-50669 Windows Telephony Server Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

CVE-2026-50669
Baja Windows

CVE-2026-50670 Windows Win32k Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50670
Baja Windows

CVE-2026-50672 Windows NTFS Elevation of Privilege Vulnerability

Use after free in Windows NTFS allows an authorized attacker to elevate privileges locally.

CVE-2026-50672
Sin clasificar Windows

CVE-2026-50673 Windows Kernel Elevation of Privilege Vulnerability

Information published.

CVE-2026-50673
Baja Windows

CVE-2026-50674 Windows USB Print Driver Elevation of Privilege Vulnerability

Use after free in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-50674
Media Windows

CVE-2026-50676 Windows Media Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges locally.

CVE-2026-50676
Media Windows

CVE-2026-50677 Windows Media Elevation of Privilege Vulnerability

Use after free in Windows Media allows an authorized attacker to elevate privileges locally.

CVE-2026-50677
Baja Windows

CVE-2026-54115 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows Active Directory allows an authorized attacker to elevate privileges locally.

CVE-2026-54115
Baja Microsoft

CVE-2026-50684 Active Directory Federation Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Active Directory Federation Services (AD FS) allows an authorized attacker to perform spoofing over a network.

CVE-2026-50684
Baja Windows

CVE-2026-50679 Windows Search Service Elevation of Privilege Vulnerability

Heap-based buffer overflow in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.

CVE-2026-50679
Baja Windows

CVE-2026-50688 Windows Win32k Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50688
Baja Windows

CVE-2026-50680 Windows Hyper-V Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

CVE-2026-50680
Baja Windows

CVE-2026-50681 Windows Secure Channel Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

CVE-2026-50681
Baja Microsoft

CVE-2026-54121 Active Directory Certificate Services Elevation of Privilege Vulnerability

Improper authorization in Active Directory Certificate Services (AD CS) allows an authorized attacker to elevate privileges over a network.

CVE-2026-54121
Baja Windows

CVE-2026-50682 Active Directory Denial of Service Vulnerability

Out-of-bounds read in Windows Active Directory allows an authorized attacker to deny service over a network.

CVE-2026-50682
Baja Windows

CVE-2026-50685 Windows DHCP Server Remote Code Execution Vulnerability

Double free in Windows DHCP Server allows an authorized attacker to execute code over a network.

CVE-2026-50685
Baja Windows

CVE-2026-50683 Windows DHCP Client Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to elevate privileges over an adjacent network.

CVE-2026-50683
Baja Windows

CVE-2026-50687 Windows Win32k Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-50687
Baja Windows

CVE-2026-50686 Windows OLE Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Windows OLE allows an unauthorized attacker to execute code over a network.

CVE-2026-50686
Baja Windows

CVE-2026-50689 Windows Clipboard Server Elevation of Privilege Vulnerability

Use after free in Windows Clipboard Server allows an authorized attacker to elevate privileges locally.

CVE-2026-50689
Baja Windows

CVE-2026-54125 Windows Runtime Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.

CVE-2026-54125
Baja Windows

CVE-2026-50690 Windows SMB Information Disclosure Vulnerability

Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.

CVE-2026-50690
Baja Microsoft

CVE-2026-50692 Desktop Window Manager Elevation of Privilege Vulnerability

Heap-based buffer overflow in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

CVE-2026-50692
Baja Windows

CVE-2026-54128 Windows DHCP Client Remote Code Execution Vulnerability

Use after free in Windows DHCP Client allows an unauthorized attacker to execute code locally.

CVE-2026-54128
Baja Windows

CVE-2026-54126 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

CVE-2026-54126
Baja Microsoft

CVE-2026-55010 Minecraft Bedrock Dedicated Server Remote Code Execution Vulnerability

Heap-based buffer overflow in Minecraft Bedrock Dedicated Server allows an unauthorized attacker to execute code over a network.

CVE-2026-55010
Baja Microsoft Office

CVE-2026-47290 Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-47290
Baja Microsoft Office

CVE-2026-47642 Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-47642
Baja Microsoft Office

CVE-2026-48580 Microsoft Excel Information Disclosure Vulnerability

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-48580
Baja Microsoft Office

CVE-2026-50301 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-50301
Baja Microsoft Office

CVE-2026-50314 Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-50314
Baja Microsoft Office

CVE-2026-50467 Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-50467
Baja Microsoft Office

CVE-2026-55017 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-55017
Baja Microsoft Office

CVE-2026-55016 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-55016
Baja Microsoft Office

CVE-2026-55024 Microsoft Excel Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55024
Baja Microsoft Office

CVE-2026-50408 Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-50408
Baja Microsoft Office

CVE-2026-55019 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-55019
Baja Microsoft Office

CVE-2026-55018 Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-55018
Baja Microsoft Office

CVE-2026-55046 Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-55046
Baja Microsoft Office

CVE-2026-55020 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-55020
Baja Microsoft Office

CVE-2026-55021 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-55021
Baja Microsoft Office

CVE-2026-55022 Microsoft Office Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-55022
Baja Microsoft Office

CVE-2026-55023 Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-55023
Baja Microsoft Office

CVE-2026-55025 Microsoft Excel Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55025
Baja Microsoft Office

CVE-2026-55030 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-55030
Baja Microsoft Office

CVE-2026-55125 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-55125
Baja Microsoft Office

CVE-2026-55031 Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55031
Baja Microsoft Office

CVE-2026-55026 Microsoft Office Information Disclosure Vulnerability

Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-55026
Baja Microsoft Office

CVE-2026-55048 Microsoft Excel Remote Code Execution Vulnerability

Integer overflow or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55048
Baja Microsoft Office

CVE-2026-55034 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-55034
Baja Microsoft Office

CVE-2026-55027 Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-55027
Baja Microsoft Office

CVE-2026-55029 Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55029
Baja Microsoft Office

CVE-2026-55028 Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-55028
Baja Microsoft Office

CVE-2026-55047 Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-55047
Baja Microsoft Office

CVE-2026-55039 Microsoft Excel Remote Code Execution Vulnerability

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55039
Baja Microsoft Office

CVE-2026-55045 Microsoft Office Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-55045
Baja Microsoft Office

CVE-2026-55050 Microsoft Word Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

CVE-2026-55050
Baja Microsoft Office

CVE-2026-55049 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-55049
Baja Microsoft Office

CVE-2026-55032 Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-55032
Baja Microsoft Office

CVE-2026-55033 Microsoft Word Remote Code Execution Vulnerability

Integer overflow or wraparound in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-55033
Baja Microsoft Office

CVE-2026-55041 Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55041
Baja Microsoft Office

CVE-2026-55138 Microsoft Excel Information Disclosure Vulnerability

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-55138
Baja Microsoft Office

CVE-2026-55124 Microsoft Word Information Disclosure Vulnerability

Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

CVE-2026-55124
Baja Microsoft Office

CVE-2026-55127 Microsoft Word Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-55127
Baja Microsoft Office

CVE-2026-55136 Microsoft Excel Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55136
Baja Microsoft Office

CVE-2026-55141 Microsoft Excel Remote Code Execution Vulnerability

Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55141
Baja Microsoft Office

CVE-2026-55129 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-55129
Baja Microsoft Office

CVE-2026-55035 Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-55035
Baja Microsoft Office

CVE-2026-55036 Microsoft Excel Remote Code Execution Vulnerability

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55036
Baja Microsoft Office

CVE-2026-55044 Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55044
Baja Microsoft Office

CVE-2026-55055 Microsoft Word Remote Code Execution Vulnerability

Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-55055
Baja Microsoft Office

CVE-2026-55054 Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

CVE-2026-55054
Baja Microsoft Office

CVE-2026-55037 Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55037
Baja Microsoft Office

CVE-2026-55058 Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55058
Baja Microsoft Office

CVE-2026-55038 Microsoft Word Remote Code Execution Vulnerability

Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-55038
Baja Microsoft Office

CVE-2026-55132 Microsoft Word Remote Code Execution Vulnerability

Double free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-55132
Baja Microsoft Office

CVE-2026-55137 Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55137
Baja Microsoft Office

CVE-2026-55053 Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55053
Baja Microsoft Office

CVE-2026-55122 Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-55122
Baja Microsoft Office

CVE-2026-55057 Microsoft Office Information Disclosure Vulnerability

Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-55057
Baja Microsoft Office

CVE-2026-55131 Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55131
Baja Microsoft Office

CVE-2026-55126 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-55126
Baja Microsoft Office

CVE-2026-55051 Microsoft SharePoint Server Information Disclosure Vulnerability

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

CVE-2026-55051
Baja Microsoft Office

CVE-2026-55134 Microsoft Word Remote Code Execution Vulnerability

Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-55134
Baja Microsoft Office

CVE-2026-55056 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-55056
Baja Microsoft Office

CVE-2026-55040 Microsoft SharePoint Server Security Feature Bypass Vulnerability

Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-55040
Baja Microsoft Office

CVE-2026-55142 Microsoft Word Information Disclosure Vulnerability

Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

CVE-2026-55142
Baja Microsoft Office

CVE-2026-55140 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-55140
Baja Microsoft Office

CVE-2026-55128 Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-55128
Baja Microsoft Office

CVE-2026-55130 Microsoft Word Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-55130
Baja Microsoft Office

CVE-2026-55042 Microsoft Office Information Disclosure Vulnerability

Use of uninitialized resource in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-55042
Baja Microsoft Office

CVE-2026-55139 Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-55139
Baja Microsoft Office

CVE-2026-55043 Microsoft PowerPoint Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

CVE-2026-55043
Baja Microsoft Office

CVE-2026-55133 Microsoft OneNote Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office OneNote allows an unauthorized attacker to execute code locally.

CVE-2026-55133
Baja Microsoft Office

CVE-2026-55123 Microsoft PowerPoint Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

CVE-2026-55123
Baja Microsoft Office

CVE-2026-55120 Microsoft PowerPoint Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

CVE-2026-55120
Baja Microsoft Office

CVE-2026-55052 Microsoft SharePoint Elevation of Privilege Vulnerability

Missing authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

CVE-2026-55052
Baja Microsoft Office

CVE-2026-55135 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-55135
Baja SQL Server

CVE-2026-50468 Microsoft SQL Server Information Disclosure Vulnerability

Buffer over-read in SQL Server allows an authorized attacker to disclose information over a network.

CVE-2026-50468
Baja SQL Server

CVE-2026-54116 Microsoft SQL Server Information Disclosure Vulnerability

Access of resource using incompatible type ('type confusion') in SQL Server allows an authorized attacker to disclose information over a network.

CVE-2026-54116
Baja Microsoft

CVE-2026-55145 Outlook Copilot Tampering Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Outlook Copilot allows an authorized attacker to perform tampering over a network.

CVE-2026-55145
Baja Microsoft Office

CVE-2026-54131 Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-54131
Baja Microsoft Office

CVE-2026-55898 Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-55898
Baja Dynamics

CVE-2026-55944 Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Dynamics NAV allows an unauthorized attacker to execute code over a network.

CVE-2026-55944
Baja Microsoft Office

CVE-2026-55947 Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55947
Baja Microsoft Office

CVE-2026-55949 Microsoft Excel Remote Code Execution Vulnerability

Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-55949
Baja Microsoft Office

CVE-2026-56156 Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-56156
Baja Microsoft Office

CVE-2026-56157 Microsoft SharePoint Server Spoofing Vulnerability

Improper access control in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-56157
Baja Visual Studio

CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-41109
Baja Windows

CVE-2026-56159 DHCP Server Service Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network.

CVE-2026-56159
Baja Microsoft

CVE-2026-50359 Microsoft XML Core Services Elevation of Privilege Vulnerability

Use after free in Microsoft XML Core Services allows an authorized attacker to elevate privileges locally.

CVE-2026-50359
Sin clasificar Windows

CVE-2026-56168 Windows SMB Server Denial of Service Vulnerability

Information published.

CVE-2026-56168
Baja Windows

CVE-2026-56173 Windows WebView Elevation of Privilege Vulnerability

Use after free in Windows WebView allows an authorized attacker to elevate privileges locally.

CVE-2026-56173
Baja Windows

CVE-2026-56176 Windows Win32k Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-56176
Baja Windows

CVE-2026-56175 Windows NTFS Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.

CVE-2026-56175
Baja Windows

CVE-2026-56182 Windows NTFS Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows NTFS allows an authorized attacker to elevate privileges locally.

CVE-2026-56182
Baja Windows

CVE-2026-56183 Windows MIDI Service Module Elevation of Privileges Vulnerability

Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally.

CVE-2026-56183
Baja Windows

CVE-2026-56190 Remote Desktop Protocol Remote Code Execution Vulnerability

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to execute code over a network.

CVE-2026-56190
Baja Windows

CVE-2026-56184 Win32k Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.

CVE-2026-56184
Baja Windows

CVE-2026-56187 Windows MIDI Service Module Elevation of Privileges Vulnerability

Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally.

CVE-2026-56187
Baja Windows

CVE-2026-56186 Windows Secure Channel Information Disclosure Vulnerability

Out-of-bounds read in Windows Schannel allows an authorized attacker to disclose information over a network.

CVE-2026-56186
Baja Windows Server

CVE-2026-56188 Windows Server Network driver Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Network driver allows an unauthorized attacker to execute code over a network.

CVE-2026-56188
Media Windows

CVE-2026-56189 Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.

CVE-2026-56189
Baja Microsoft Office

CVE-2026-50665 Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-50665
Baja Microsoft Office

CVE-2026-56192 Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-56192
Baja Microsoft Office

CVE-2026-56195 Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-56195
Baja Windows

CVE-2026-56196 Windows Admin Center (WAC) Remote Code Execution Vulnerability

Relative path traversal in Windows Admin Center allows an authorized attacker to execute code over a network.

CVE-2026-56196
Baja Windows

CVE-2026-56197 Windows Admin Center (WAC) Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Windows Admin Center allows an authorized attacker to execute code over a network.

CVE-2026-56197
Baja Defender

CVE-2026-56178 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

CVE-2026-56178
Baja Microsoft

CVE-2026-56642 Microsoft Fabric Data Warehouse Remote Code Execution Vulnerability

Stack-based buffer overflow in Microsoft Fabric Data Warehouse allows an authorized attacker to execute code over a network.

CVE-2026-56642
Baja Windows

CVE-2026-56643 DirectX Graphics Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-56643
Baja Windows

CVE-2026-56644 DirectX Graphics Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-56644
Baja Windows

CVE-2026-54124 Windows Terminal Remote Code Execution Vulnerability

Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code locally.

CVE-2026-54124
Baja Windows

CVE-2026-56194 Windows NFS Server Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges over a network.

CVE-2026-56194
Baja Windows

CVE-2026-56647 Windows Remote Access Service Infrastructure Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows Remote Access Service Infrastructure allows an authorized attacker to elevate privileges over a network.

CVE-2026-56647
Baja Windows

CVE-2026-56648 Windows NFS Server Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows Network File System allows an authorized attacker to elevate privileges over a network.

CVE-2026-56648
Baja Windows

CVE-2026-56649 Windows Network File System Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.

CVE-2026-56649
Media Windows

CVE-2026-57083 Windows Media Photo Codec Information Disclosure Vulnerability

Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.

CVE-2026-57083
Baja Windows

CVE-2026-57084 Windows File Explorer Information Disclosure Vulnerability

Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally.

CVE-2026-57084
Baja Windows

CVE-2026-56650 Windows Network File System Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges locally.

CVE-2026-56650
Baja Windows

CVE-2026-57095 Win32k Elevation of Privilege Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally.

CVE-2026-57095
Media Windows

CVE-2026-57090 Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.

CVE-2026-57090
Media Windows

CVE-2026-57094 Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.

CVE-2026-57094
Baja Windows

CVE-2026-57091 Windows File History Service Elevation of Privilege Vulnerability

Stack-based buffer overflow in Windows File History Service allows an authorized attacker to elevate privileges locally.

CVE-2026-57091
Baja Windows

CVE-2026-57089 Windows SMB Server Network Transport Driver (srvnet.sys) Remote Code Execution Vulnerability

Use after free in Windows SMB Server Network Transport Driver (srvnet.sys) allows an unauthorized attacker to execute code over a network.

CVE-2026-57089
Baja Windows

CVE-2026-57085 Windows Print Spooler Information Disclosure Vulnerability

Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.

CVE-2026-57085
Baja Windows

CVE-2026-57092 Microsoft Windows VMSwitch Elevation of Privilege Vulnerability

Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a network.

CVE-2026-57092
Media Windows

CVE-2026-57087 Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.

CVE-2026-57087
Baja Microsoft

CVE-2026-57088 Extensible Storage Engine (ESENT) Elevation of Privilege Vulnerability

Improper access control in Extensible Storage Engine (ESENT) allows an authorized attacker to elevate privileges locally.

CVE-2026-57088
Baja Windows

CVE-2026-57093 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-57093
Baja Windows

CVE-2026-57096 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.

CVE-2026-57096
Baja Visual Studio

CVE-2026-57101 Visual Studio Code Security Feature Bypass Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-57101
Baja Visual Studio

CVE-2026-57102 Visual Studio Code Security Feature Bypass Vulnerability

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-57102
Baja Microsoft

CVE-2026-57108 .NET Denial of Service Vulnerability

Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network.

CVE-2026-57108
Baja Windows

CVE-2026-57968 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability

Buffer over-read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

CVE-2026-57968
Baja Windows

CVE-2026-57973 Windows Subsystem for Linux (WSL2) Kernel Tampering Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering locally.

CVE-2026-57973
Baja Windows

CVE-2026-57982 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Use of uninitialized resource in Windows RDP allows an authorized attacker to disclose information over a network.

CVE-2026-57982
Baja Microsoft Office

CVE-2026-58277 Microsoft SharePoint Elevation of Privilege Vulnerability

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

CVE-2026-58277
Baja Windows

CVE-2026-58527 Windows Runtime Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.

CVE-2026-58527
Baja Windows

CVE-2026-58528 Windows USB Audio Class Driver Information Disclosure Vulnerability

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

CVE-2026-58528
Baja Windows

CVE-2026-58530 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally.

CVE-2026-58530
Baja Windows

CVE-2026-58538 Windows Bluetooth Service Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

CVE-2026-58538
Baja Windows

CVE-2026-58533 Windows Remote Desktop Client Information Disclosure Vulnerability

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

CVE-2026-58533
Baja Windows

CVE-2026-58535 Windows Remote Desktop Client Information Disclosure Vulnerability

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

CVE-2026-58535
Baja Windows

CVE-2026-58546 Windows Remote Desktop Client Information Disclosure Vulnerability

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

CVE-2026-58546
Baja Windows

CVE-2026-58539 Windows Remote Desktop Client Information Disclosure Vulnerability

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

CVE-2026-58539
Baja Windows

CVE-2026-58540 Windows Installer Elevation of Privilege Vulnerability

Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally.

CVE-2026-58540
Baja Windows

CVE-2026-58531 Windows SMB Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an authorized attacker to elevate privileges over a network.

CVE-2026-58531
Baja Windows

CVE-2026-58532 Windows Kernel Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-58532
Baja Microsoft

CVE-2026-58537 Microsoft NAT Helper Components (ipnathlp.dll) Elevation of Privilege Vulnerability

Use after free in Microsoft NAT Helper Components (ipnathlp.dll) allows an authorized attacker to elevate privileges locally.

CVE-2026-58537
Baja Windows

CVE-2026-58534 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability

Heap-based buffer overflow in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

CVE-2026-58534
Baja Windows

CVE-2026-58536 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-58536
Baja Windows

CVE-2026-58547 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability

Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally.

CVE-2026-58547
Baja Windows

CVE-2026-58545 Windows Kernel Security Feature Bypass Vulnerability

Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.

CVE-2026-58545
Baja Windows

CVE-2026-58544 Windows Management Services Elevation of Privilege Vulnerability

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-58544
Media Windows

CVE-2026-58542 Windows Media Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

CVE-2026-58542
Baja Windows

CVE-2026-58543 Universal Print Management Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack.

CVE-2026-58543
Baja Windows

CVE-2026-58541 Microsoft DWM Core Library Elevation of Privilege Vulnerability

Access of resource using incompatible type ('type confusion') in Windows DWM allows an authorized attacker to elevate privileges locally.

CVE-2026-58541
Baja Windows

CVE-2026-58594 Remote Desktop Client Remote Code Execution Vulnerability

Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.

CVE-2026-58594
Baja Visual Studio

CVE-2026-47305 Visual Studio Remote Code Execution Vulnerability

Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally.

CVE-2026-47305
Baja Windows

CVE-2026-58613 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-58613
Baja Microsoft 365

CVE-2026-58617 M365 Copilot for iOS Elevation of Privilege Vulnerability

Improper access control in Microsoft 365 Copilot for iOS allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-58617
Baja Windows

CVE-2026-58619 Windows Sensor Data Service Elevation of Privilege Vulnerability

Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.

CVE-2026-58619
Baja Windows

CVE-2026-58626 Windows Remote Desktop Services Remote Code Execution Vulnerability

Use after free in Windows Remote Desktop Services allows an authorized attacker to execute code over a network.

CVE-2026-58626
Baja Windows

CVE-2026-58627 Windows DHCP Server Denial of Service Vulnerability

Uncontrolled resource consumption in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

CVE-2026-58627
Baja Windows

CVE-2026-58628 Windows Wireless Network Manager Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Networking allows an authorized attacker to elevate privileges locally.

CVE-2026-58628
Baja Windows

CVE-2026-58629 DirectX Graphics Kernel Elevation of Privilege Vulnerability

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

CVE-2026-58629
Baja Windows

CVE-2026-58632 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.

CVE-2026-58632
Baja Microsoft

CVE-2026-58633 Desktop Window Manager Elevation of Privilege Vulnerability

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

CVE-2026-58633
Baja Microsoft

CVE-2026-58634 Desktop Window Manager Elevation of Privilege Vulnerability

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

CVE-2026-58634
Baja Windows

CVE-2026-58637 Windows Client-Side Caching Elevation of Privilege Vulnerability

Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

CVE-2026-58637
Baja Windows

CVE-2026-58638 Windows Boot Loader Security Feature Bypass Vulnerability

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

CVE-2026-58638
Baja Windows

CVE-2026-56181 Windows Network Address Translation (NAT) Spoofing Vulnerability

Origin validation error in Windows Network Address Translation (NAT) allows an unauthorized attacker to perform spoofing over an adjacent network.

CVE-2026-56181
Baja Microsoft Office

CVE-2026-55121 Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-55121
Baja Windows

CVE-2026-58529 Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability

Out-of-bounds read in Active Directory Federation Services (AD FS) allows an authorized attacker to disclose information over a network.

CVE-2026-58529
Baja Exchange Server

CVE-2026-55008 Microsoft Exchange Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-55008
Sin clasificar Microsoft

ADV990001 Latest Servicing Stack Updates

Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.

Sin clasificar Exchange Server

CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability

Updated FAQ information. This is an informational change only.

CVE-2026-42897
Sin clasificar Microsoft

CVE-2026-12480 Arbitrary HDF5 File Read via Virtual Dataset Bypass in keras-team/keras

Information published.

CVE-2026-12480
Baja Microsoft

CVE-2026-40468 Heap buffer overflow in gawk

Information published.

CVE-2026-40468
Sin clasificar Microsoft

CVE-2026-14461 Out-of-bound read in mtr

Information published.

CVE-2026-14461
Baja Microsoft

CVE-2026-40553 Stack-based buffer overflow in gawk

Information published.

CVE-2026-40553
Baja Microsoft

CVE-2026-40469 Heap buffer overflow in gawk

Information published.

CVE-2026-40469
Sin clasificar Microsoft

CVE-2026-40467 Use after free in gawk

Information published.

CVE-2026-40467
Sin clasificar Microsoft

CVE-2025-71072 shmem: fix recovery on rename failures

Information published.

CVE-2025-71072
Baja Microsoft

CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.

Information published.

CVE-2022-4543
Sin clasificar Microsoft

CVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW error

Information published.

CVE-2025-38096
Sin clasificar Microsoft Edge

CVE-2026-45489 Microsoft Edge (Chromium-based) Spoofing Vulnerability

CWE added. Informational change only.

CVE-2026-45489
Baja Microsoft

CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations

Information published.

CVE-2026-15308
Sin clasificar Microsoft

CVE-2026-59871 node-tar: Process crash via PAX numeric path type confusion

Information published.

CVE-2026-59871
Sin clasificar Microsoft

CVE-2026-59873 node-tar: Decompression/parse DoS via unlimited input

Information published.

CVE-2026-59873
Sin clasificar Microsoft

CVE-2026-59874 node-tar: Negative tar entry size causes infinite loop in archive replace

Information published.

CVE-2026-59874
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14428 Insufficient validation of untrusted input in Dawn

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14428
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13777 Insufficient validation of untrusted input in iOSWeb

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13777
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13778 Use after free in WebUSB

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13778
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14394 Use after free in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14394
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14396 Out of bounds read in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14396
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14395 Out of bounds write in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14395
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14397 Out of bounds write in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14397
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14398 Use after free in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14398
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14399 Uninitialized Use in Dawn

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14399
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14400 Out of bounds write in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14400
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14401 Insufficient validation of untrusted input in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14401
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14402 Uninitialized Use in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14402
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14403 Use after free in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14403
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14405 Uninitialized Use in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14405
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14404 Inappropriate implementation in PDFium

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14404
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14406 Out of bounds read in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14406
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14410 Inappropriate implementation in Skia

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14410
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14407 Inappropriate implementation in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14407
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14409 Inappropriate implementation in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14409
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14412 Insufficient validation of untrusted input in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14412
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14408 Uninitialized Use in Dawn

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14408
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14411 Insufficient validation of untrusted input in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14411
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14413 Uninitialized Use in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14413
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14415 Inappropriate implementation in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14415
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14418 Uninitialized Use in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14418
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14417 Use after free in Dawn

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14417
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14416 Out of bounds read in Dawn

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14416
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14419 Use after free in Skia

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14419
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14420 Out of bounds read and write in Dawn

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14420
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14421 Uninitialized Use in Dawn

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14421
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14422 Out of bounds read and write in Tint

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14422
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14423 Type Confusion in Tint

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14423
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14425 Use after free in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14425
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14426 Use after free in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14426
Baja Microsoft Edge

Chromium: CVE-2026-14427 Heap buffer overflow in Skia

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14427
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14424 Use after free in Dawn

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14424
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14429 Insufficient validation of untrusted input in Skia

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14429
Baja Microsoft Edge

Chromium: CVE-2026-14430 Integer overflow in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14430
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14432 Use after free in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14432
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14431 Type Confusion in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14431
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14414 Insufficient validation of untrusted input in Skia

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14414
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13785 Use after free in Bluetooth

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13785
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13788 Use after free in Fullscreen

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13788
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13791 Insufficient validation of untrusted input in Downloads

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13791
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13807 Use after free in Import

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13807
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13795 Insufficient policy enforcement in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13795
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13792 Use after free in Touchbar

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13792
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13805 Use after free in GFX

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13805
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13808 Insufficient data validation in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13808
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13812 Insufficient validation of untrusted input in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13812
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13809 Side-channel information leakage in Safe Browsing

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13809
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13813 Insufficient validation of untrusted input in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13813
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13816 Insufficient validation of untrusted input in File Input

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13816
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13822 Inappropriate implementation in Extensions

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13822
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13819 Out of bounds read in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13819
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13825 Uninitialized Use in Dawn

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13825
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13826 Inappropriate implementation in Autofill

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13826
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13827 Use after free in Updater

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13827
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13842 Incorrect security UI in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13842
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13843 Insufficient validation of untrusted input in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13843
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13833 Uninitialized Use in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13833
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13846 Use after free in USB

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13846
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13847 Insufficient validation of untrusted input in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13847
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13850 Insufficient validation of untrusted input in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13850
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13851 Insufficient validation of untrusted input in WebAppInstalls

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13851
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13856 Insufficient validation of untrusted input in Speech

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13856
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13852 Insufficient validation of untrusted input in WebAppInstalls

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13852
Sin clasificar Microsoft

CVE-2026-13862

CVE-2026-13862

CVE-2026-13862
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13863 Insufficient validation of untrusted input in CustomTabs

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13863
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13866 Insufficient validation of untrusted input in Input

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13866
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13872 Insufficient validation of untrusted input in WebAppInstalls

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13872
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13868 Inappropriate implementation in Network

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13868
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13870 Use after free in WebView

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13870
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13878 Use after free in Bluetooth

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13878
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13885 Use after free in Skia

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13885
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13880 Use after free in USB

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13880
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13889 Insufficient validation of untrusted input in WebAuthentication

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13889
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13892 Inappropriate implementation in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13892
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13887 Insufficient policy enforcement in NFC

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13887
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13902 Inappropriate implementation in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13902
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13904 Incorrect security UI in Safe Browsing

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13904
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13905 Incorrect security UI in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13905
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13907 Inappropriate implementation in iOSWeb

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13907
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13908 Insufficient validation of untrusted input in Omnibox

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13908
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13910 Insufficient policy enforcement in WebXR

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13910
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13912 Incorrect security UI in Safe Browsing

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13912
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13914 Inappropriate implementation in Passwords

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13914
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13913 Insufficient policy enforcement in Autofill

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13913
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13915 Use after free in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13915
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13916 Inappropriate implementation in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13916
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13917 Insufficient validation of untrusted input in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13917
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13918 Use after free in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13918
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13924 Insufficient validation of untrusted input in WebView

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13924
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13923 Uninitialized Use in GPU

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13923
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13926 Insufficient validation of untrusted input in Network

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13926
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13927 Insufficient validation of untrusted input in UI

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13927
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13932 Inappropriate implementation in Sharing

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13932
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13929 Insufficient validation of untrusted input in DevTools

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13929
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13936 Inappropriate implementation in Passwords

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13936
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13939 Insufficient validation of untrusted input in WebShare

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13939
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13944 Inappropriate implementation in DataTransfer

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13944
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13943 Uninitialized Use in CSS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13943
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13949 Insufficient policy enforcement in Payments

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13949
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13946 Inappropriate implementation in ScriptInjections

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13946
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13955 Insufficient validation of untrusted input in CustomTabs

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13955
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13964 Insufficient policy enforcement in WebView

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13964
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13969 Uninitialized Use in UI

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13969
Baja Microsoft Edge

Chromium: CVE-2026-13974 Integer overflow in Safe Browsing

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13974
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13975 Out of bounds read in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13975
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13980 Incorrect security UI in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13980
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13994 Inappropriate implementation in Credential Management

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13994
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13983 Incorrect security UI in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13983
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13981 Inappropriate implementation in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13981
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13991 Insufficient validation of untrusted input in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13991
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13992 Inappropriate implementation in UI

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13992
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13987 Incorrect security UI in Mobile

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13987
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13997 Incorrect security UI in Extensions

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13997
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13998 Incorrect security UI in File Input

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13998
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14028 Incorrect security UI in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14028
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13995 Insufficient validation of untrusted input in Autofill

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13995
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14005 Use after free in Omnibox

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14005
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14066 Insufficient validation of untrusted input in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14066
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14067 Use after free in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14067
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14075 Policy bypass in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14075
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14099 Use after free in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14099
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14096 Object lifecycle issue in Input

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14096
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14101 Insufficient policy enforcement in Sandbox

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14101
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14114 Inappropriate implementation in WebAppInstalls

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14114
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14126 Incorrect security UI in UI

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14126
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14123 Incorrect security UI in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14123
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14128 Insufficient data validation in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14128
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14382 Insufficient validation of untrusted input in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14382
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14136 Incorrect security UI in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14136
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14137 Insufficient validation of untrusted input in Chrome for iOS

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14137
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14386 Out of bounds read in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14386
Baja Microsoft Edge

Chromium: CVE-2026-14385 Heap buffer overflow in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14385
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14388 Out of bounds read in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14388
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14390 Use after free in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14390
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14393 Use after free in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14393
Baja Microsoft Edge

Chromium: CVE-2026-14391 Integer overflow in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14391
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14392 Out of bounds write in Tint

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-14392
Baja Microsoft Edge

CVE-2026-58281 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58281
Sin clasificar Microsoft

CVE-2024-7598 Network restriction bypass via race condition during namespace termination

Information published.

CVE-2024-7598
Sin clasificar Microsoft

CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop

Information published.

CVE-2026-54886
Sin clasificar Microsoft

CVE-2026-56000 xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent()

Information published.

CVE-2026-56000
Sin clasificar Microsoft

CVE-2026-54908 Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message

Information published.

CVE-2026-54908
Sin clasificar Microsoft

CVE-2026-59856 Vim: Arbitrary Code Execution via PHP Omni-Completion

Information published.

CVE-2026-59856
Sin clasificar Microsoft

CVE-2026-20214 ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability

Information published.

CVE-2026-20214
Sin clasificar Microsoft

CVE-2026-20215 ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability

Information published.

CVE-2026-20215
Sin clasificar Microsoft

CVE-2026-20216 ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability

Information published.

CVE-2026-20216
Sin clasificar Microsoft

CVE-2026-20217 ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerability

Information published.

CVE-2026-20217
Sin clasificar Microsoft

CVE-2026-20244 ClamAV DMG File Processing Denial of Service Vulnerability

Information published.

CVE-2026-20244
Sin clasificar Windows

CVE-2026-59998 sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.

Information published.

CVE-2026-59998
Sin clasificar Microsoft

CVE-2026-14380 DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile

Information published.

CVE-2026-14380
Sin clasificar Microsoft

CVE-2026-14740 DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment

Information published.

CVE-2026-14740
Sin clasificar Microsoft

CVE-2026-59926 Mistune: XSS via unescaped class option in Admonition directive

Information published.

CVE-2026-59926
Sin clasificar Microsoft

CVE-2026-59925 inline_parser: quadratic-time parsing on long runs of `**x**` and `***x***` emphasis pairs

Information published.

CVE-2026-59925
Baja Microsoft

CVE-2026-59930 Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content

Information published.

CVE-2026-59930
Sin clasificar Microsoft

CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

Information published.

CVE-2026-59890
Baja Microsoft

CVE-2026-58207 NATS Server: Remote crash via integer overflow in Connz pagination

Information published.

CVE-2026-58207
Sin clasificar Microsoft

CVE-2026-58251 NATS Server: Queue Subscribe Authz Bypass

Information published.

CVE-2026-58251
Sin clasificar Microsoft

CVE-2026-58208 NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled

Information published.

CVE-2026-58208
Sin clasificar Microsoft

CVE-2026-58252 NATS Server: Subscribe Authz Bypass via Wildcard-Overlap

Information published.

CVE-2026-58252
Sin clasificar Microsoft

CVE-2026-58209 NATS Server: MQTT retained and QoS replay bypass subscribe deny filters

Information published.

CVE-2026-58209
Sin clasificar Microsoft

CVE-2026-58253 NATS Server: Route API Auth Bypass

Information published.

CVE-2026-58253
Sin clasificar Microsoft

CVE-2026-20213 ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability

Information published.

CVE-2026-20213
Sin clasificar Microsoft

CVE-2026-20243 ClamAV ALZ Archive Processing Denial of Service Vulnerability

Information published.

CVE-2026-20243
Sin clasificar Microsoft

CVE-2026-14461 Out-of-bound read in mtr

Information published.

CVE-2026-14461
Baja Microsoft

CVE-2026-14739 DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders

Information published.

CVE-2026-14739
Sin clasificar Microsoft

CVE-2026-59928 Mistune block_parser: quadratic-time parsing on long lists of repeated reference-link definitions

Information published.

CVE-2026-59928
Sin clasificar Microsoft

CVE-2026-59922 Mistune plugins/formatting: quadratic-time parsing on long runs of `~~x~~`, `==x==`, and `^^x^^` markers (strikethrough / mark / insert)

Information published.

CVE-2026-59922
Sin clasificar Microsoft

CVE-2026-59869 js-yaml: YAML merge-key chains can force quadratic CPU consumption

Information published.

CVE-2026-59869
Sin clasificar Microsoft

CVE-2026-58250 NATS Server: Pre-auth server crash via double INFO in leafnode handshake

Information published.

CVE-2026-58250
Sin clasificar Microsoft

CVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directories

Information published.

CVE-2026-45571
Sin clasificar Microsoft

CVE-2026-45570 go-git: Improper single-quote escaping in go-git SSH transport

Information published.

CVE-2026-45570
Sin clasificar Microsoft

CVE-2026-56288 NULL Pointer Dereference in GNU patch

Information published.

CVE-2026-56288
Sin clasificar Microsoft

CVE-2026-59818 etcd: gRPC client listener does not enforce `--client-crl-file` certificate revocation

Information published.

CVE-2026-59818
Sin clasificar Microsoft

CVE-2026-56289 Loop with Unreachable Exit Condition in GNU patch

Information published.

CVE-2026-56289
Sin clasificar Microsoft

CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509

Information published.

CVE-2025-61727
Sin clasificar Microsoft

CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509

Information published.

CVE-2025-58188
Sin clasificar Microsoft

CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto

Information published.

CVE-2025-61724
Sin clasificar Microsoft

CVE-2025-23131 dlm: prevent NPD when writing a positive value to event_done

Information published.

CVE-2025-23131
Sin clasificar Microsoft

CVE-2026-9545 exposing HTTP/3 early data

Information published.

CVE-2026-9545
Sin clasificar Microsoft

CVE-2026-8932 incomplete mTLS config matching in conn reuse

Information published.

CVE-2026-8932
Sin clasificar Microsoft

CVE-2026-9547 SSH improper host validation

Information published.

CVE-2026-9547
Sin clasificar Microsoft

CVE-2026-8458 wrong reuse for different services

Information published.

CVE-2026-8458
Sin clasificar Microsoft

CVE-2026-8924 trailing dot domain super cookie

Information published.

CVE-2026-8924
Sin clasificar Microsoft

CVE-2026-10536 HTTP/2 stream-dependency tree UAF

Information published.

CVE-2026-10536
Sin clasificar Microsoft

CVE-2026-11856 cross-origin Digest auth state leak

Information published.

CVE-2026-11856
Sin clasificar Microsoft

CVE-2026-8286 wrong STARTTLS connection reuse

Information published.

CVE-2026-8286
Sin clasificar Microsoft

CVE-2026-8926 password leak with netrc and user in URL

Information published.

CVE-2026-8926
Sin clasificar Microsoft

CVE-2026-9080 UAF after pause in socket callback

Information published.

CVE-2026-9080
Sin clasificar Microsoft

CVE-2026-8925 SASL double-free

Information published.

CVE-2026-8925
Sin clasificar Microsoft

CVE-2026-53359 KVM: x86: Fix shadow paging use-after-free due to unexpected role

Information published.

CVE-2026-53359
Sin clasificar Microsoft

CVE-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD

Information published.

CVE-2026-14355
Sin clasificar Microsoft

CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension

Information published.

CVE-2026-55952
Alta Microsoft

CVE-2026-59997 internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.

Information published.

CVE-2026-59997
Sin clasificar Microsoft

CVE-2026-59996 scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.

Information published.

CVE-2026-59996
Sin clasificar Microsoft

CVE-2026-59995 sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.

Information published.

CVE-2026-59995
Sin clasificar Microsoft

CVE-2026-60001 sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.

Information published.

CVE-2026-60001
Baja Microsoft

CVE-2026-60000 sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication.

Information published.

CVE-2026-60000
Sin clasificar Microsoft

CVE-2026-59999 In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.

Information published.

CVE-2026-59999
Sin clasificar Microsoft

CVE-2026-60002 ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)

Information published.

CVE-2026-60002
Baja Microsoft

CVE-2026-56002 libXfont2 PCF Font Parsing Heap Buffer Overflow

Information published.

CVE-2026-56002
Sin clasificar Microsoft

CVE-2026-56000 xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent()

Information published.

CVE-2026-56000
Sin clasificar Microsoft

CVE-2026-38968 ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding session cookies under attacker-controlled timing.

Information published.

CVE-2026-38968
Sin clasificar Microsoft

CVE-2026-38969 ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling.

Information published.

CVE-2026-38969
Sin clasificar Microsoft

CVE-2026-54908 Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message

Information published.

CVE-2026-54908
Sin clasificar Microsoft

CVE-2026-53354 arm64: errata: Mitigate TLBI errata on various Arm CPUs

Information published.

CVE-2026-53354
Sin clasificar Microsoft

CVE-2026-53345 KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying

Information published.

CVE-2026-53345
Sin clasificar Microsoft

CVE-2026-53332 slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd

Information published.

CVE-2026-53332
Sin clasificar Microsoft

CVE-2026-53336 nvmem: layouts: onie-tlv: fix hang on unknown types

Information published.

CVE-2026-53336
Sin clasificar Microsoft

CVE-2026-53327 debugobjects: Do not fill_pool() if pi_blocked_on

Information published.

CVE-2026-53327
Sin clasificar Microsoft

CVE-2026-53339 i2c: qcom-cci: Fix NULL pointer dereference in cci_remove()

Information published.

CVE-2026-53339
Sin clasificar Microsoft

CVE-2026-9079 stale proxy password leak

Information published.

CVE-2026-9079
Sin clasificar Microsoft

CVE-2026-8927 env-set cross-proxy Digest auth state leak

Information published.

CVE-2026-8927
Sin clasificar Microsoft

CVE-2026-12064 proto-default skips SSH verification

Information published.

CVE-2026-12064
Sin clasificar Microsoft

CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl

Information published.

CVE-2026-54891
Baja Microsoft

CVE-2026-56001 libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow

Information published.

CVE-2026-56001
Baja Microsoft

CVE-2026-56003 libXfont2 computeProps Property Buffer Heap Buffer Overflow

Information published.

CVE-2026-56003
Baja Microsoft

CVE-2026-55999 xorg-server / xwayland glamor font atlas Heap Buffer Overflow

Information published.

CVE-2026-55999
Sin clasificar Microsoft

CVE-2026-14191 WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader

Information published.

CVE-2026-14191
Sin clasificar Microsoft

CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements

Information published.

CVE-2026-23278
Sin clasificar Microsoft

CVE-2026-43010 bpf: Reject sleepable kprobe_multi programs at attach time

Information published.

CVE-2026-43010
Sin clasificar Microsoft

CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks

Information published.

CVE-2026-46054
Sin clasificar Microsoft

CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown

Information published.

CVE-2026-46135
Sin clasificar Microsoft

CVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAF

Information published.

CVE-2026-46242
Sin clasificar Microsoft

CVE-2026-46140 Bluetooth: btmtk: validate WMT event SKB length before struct access

Information published.

CVE-2026-46140
Sin clasificar Microsoft

CVE-2026-46252 regulator: core: fix locking in regulator_resolve_supply() error path

Information published.

CVE-2026-46252
Sin clasificar Microsoft

CVE-2026-53269 netfilter: synproxy: add mutex to guard hook reference counting

Information published.

CVE-2026-53269
Sin clasificar Microsoft

CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption

Information published.

CVE-2026-46331
Sin clasificar Microsoft

CVE-2026-47241 Net::IMAP: Denial of Service via incomplete raw argument validation

Information published.

CVE-2026-47241
Sin clasificar Microsoft

CVE-2026-53167 fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios

Information published.

CVE-2026-53167
Sin clasificar Microsoft

CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length

Information published.

CVE-2026-58055
Sin clasificar Microsoft

CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter

Information published.

CVE-2026-4360
Sin clasificar Microsoft

CVE-2026-42980 NT OS Kernel Elevation of Privilege Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-42980
Sin clasificar Defender

CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability

Microsoft has released an update to the Microsoft Malware Protection Engine that addresses the vulnerability identified by CVE-2026-50656. Please see the FAQ for more information on how to check if the new version ha...

CVE-2026-50656
Baja Microsoft Edge

CVE-2026-58525 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-58525
Sin clasificar Windows

CVE-2026-45638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-45638
Sin clasificar Microsoft

CVE-2026-9545 exposing HTTP/3 early data

Information published.

CVE-2026-9545
Sin clasificar Microsoft

CVE-2026-8932 incomplete mTLS config matching in conn reuse

Information published.

CVE-2026-8932
Sin clasificar Microsoft

CVE-2026-8458 wrong reuse for different services

Information published.

CVE-2026-8458
Sin clasificar Microsoft

CVE-2026-8924 trailing dot domain super cookie

Information published.

CVE-2026-8924
Sin clasificar Microsoft

CVE-2026-10536 HTTP/2 stream-dependency tree UAF

Information published.

CVE-2026-10536
Sin clasificar Microsoft

CVE-2026-8286 wrong STARTTLS connection reuse

Information published.

CVE-2026-8286
Sin clasificar Microsoft

CVE-2026-8926 password leak with netrc and user in URL

Information published.

CVE-2026-8926
Sin clasificar Microsoft

CVE-2026-9080 UAF after pause in socket callback

Information published.

CVE-2026-9080
Sin clasificar Microsoft

CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension

Information published.

CVE-2026-55952
Sin clasificar Microsoft

CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop

Information published.

CVE-2026-54886
Sin clasificar Microsoft

CVE-2026-12480 Arbitrary HDF5 File Read via Virtual Dataset Bypass in keras-team/keras

Information published.

CVE-2026-12480
Sin clasificar Microsoft

CVE-2026-14647 onnx onnxruntime old.cc convPoolShapeInference_opset19 out-of-bounds

Information published.

CVE-2026-14647
Sin clasificar Microsoft

CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl

Information published.

CVE-2026-54891
Sin clasificar Microsoft

CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

Information published.

CVE-2026-25681
Sin clasificar Microsoft

CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

Information published.

CVE-2026-39827
Sin clasificar Microsoft

CVE-2026-53223 net: guard timestamp cmsgs to real error queue skbs

Information published.

CVE-2026-53223
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13933 Insufficient policy enforcement in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13933
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14153 Inappropriate implementation in Glic

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14153
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14125 Uninitialized Use in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14125
Baja Microsoft Edge

CVE-2026-55945 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Edge (Chromium-based) allows an authorized attacker to disclose information locally.

CVE-2026-55945
Baja Microsoft Edge

CVE-2026-56645 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-56645
Baja Microsoft Edge

CVE-2026-57975 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-57975
Baja Microsoft Edge

CVE-2026-57983 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-57983
Baja Microsoft Edge

CVE-2026-57984 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-57984
Baja Microsoft Edge

CVE-2026-57985 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-57985
Baja Microsoft Edge

CVE-2026-57987 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-57987
Baja Microsoft Edge

CVE-2026-57988 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-57988
Baja Microsoft Edge

CVE-2026-57992 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-57992
Baja Microsoft Edge

CVE-2026-57993 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-57993
Baja Microsoft Edge

CVE-2026-56646 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-56646
Baja Microsoft Edge

CVE-2026-58282 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58282
Baja Microsoft Edge

CVE-2026-58283 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58283
Baja Microsoft Edge

CVE-2026-58287 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58287
Baja Microsoft Edge

CVE-2026-58299 Microsoft Edge for Android Remote Code Execution Vulnerability

Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.

CVE-2026-58299
Baja Microsoft Edge

CVE-2026-58522 Microsoft Edge for Android Information Disclosure Vulnerability

Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

CVE-2026-58522
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13775 Use after free in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13775
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13776 Type Confusion in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13776
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13779 Use after free in Chromoting

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13779
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13780 Insufficient validation of untrusted input in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13780
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13781 Insufficient validation of untrusted input in Skia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13781
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13782 Use after free in Browser

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13782
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13783 Use after free in Views

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13783
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13784 Use after free in Views

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13784
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13786 Use after free in Ozone

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13786
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13787 Use after free in Chromoting

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13787
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13790 Side-channel information leakage in Scroll

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13790
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13793 Insufficient policy enforcement in SVG

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13793
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13794 Insufficient validation of untrusted input in WebAppInstalls

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13794
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13797 Insufficient validation of untrusted input in Chromecast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13797
Baja Microsoft Edge

Chromium: CVE-2026-13801 Integer overflow in Chromecast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13801
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13802 Use after free in Views

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13802
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13803 Type Confusion in Chrome Tabs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13803
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13804 Use after free in Chromecast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13804
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13810 Inappropriate implementation in Input

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13810
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13811 Use after free in IME

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13811
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13814 Use after free in Views

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13814
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13817 Insufficient validation of untrusted input in Glic

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13817
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13815 Use after free in Blink

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13815
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13820 Out of bounds read in Skia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13820
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13821 Use after free in Canvas

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13821
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13823 Use after free in Glic

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13823
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13818 Inappropriate implementation in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13818
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13829 Insufficient validation of untrusted input in Settings

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13829
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13828 Inappropriate implementation in Enterprise

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13828
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13824 Insufficient validation of untrusted input in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13824
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13830 Use after free in Chromoting

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13830
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13832 Use after free in Headless

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13832
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13831 Use after free in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13831
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13837 Inappropriate implementation in CSS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13837
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13836 Inappropriate implementation in CSS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13836
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13835 Inappropriate implementation in XML

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13835
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13834 Insufficient validation of untrusted input in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13834
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13838 Inappropriate implementation in CSS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13838
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13839 Inappropriate implementation in CSS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13839
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13840 Insufficient policy enforcement in Canvas

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13840
Baja Microsoft Edge

Chromium: CVE-2026-13841 Integer overflow in Skia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13841
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13844 Use after free in Updater

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13844
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13845 Use after free in DOM

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13845
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13849 Insufficient validation of untrusted input in Chromoting

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13849
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13848 Use after free in Forms

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13848
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13853 Use after free in Journeys

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13853
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13854 Use after free in Ozone

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13854
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13855 Use after free in Ozone

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13855
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13858 Out of bounds read in FFmpeg

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13858
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13857 Inappropriate implementation in Geometry

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13857
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13859 Inappropriate implementation in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13859
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13860 Incorrect security UI in Autofill

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13860
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13861 Use after free in Core

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13861
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13864 Insufficient policy enforcement in WebHID

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13864
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13865 Insufficient validation of untrusted input in Enterprise

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13865
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13869 Use after free in Device

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13869
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13867 Inappropriate implementation in Geolocation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13867
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13871 Insufficient data validation in GuestView

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13871
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13873 Out of bounds memory access in Layout

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13873
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13874 Inappropriate implementation in DataTransfer

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13874
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13876 Inappropriate implementation in Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13876
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13875 Insufficient validation of untrusted input in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13875
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13881 Insufficient data validation in WebAppInstalls

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13881
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13882 Inappropriate implementation in USB

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13882
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13879 Use after free in Bluetooth

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13879
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13877 Insufficient validation of untrusted input in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13877
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13883 Type Confusion in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13883
Baja Microsoft Edge

Chromium: CVE-2026-13884 Heap buffer overflow in Chromecast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13884
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13890 Out of bounds read in Chromecast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13890
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13886 Policy bypass in Isolated Web Apps

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13886
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13888 Use after free in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13888
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13891 Insufficient validation of untrusted input in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13891
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13893 Insufficient validation of untrusted input in WebUI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13893
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13894 Insufficient policy enforcement in Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13894
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13899 Use after free in HTML

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13899
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13897 Insufficient policy enforcement in Chromecast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13897
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13895 Inappropriate implementation in Autofill

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13895
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13896 Insufficient policy enforcement in Glic

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13896
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13898 Use after free in Cast Receiver

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13898
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13900 Insufficient validation of untrusted input in Chromecast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13900
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13901 Insufficient validation of untrusted input in Serial

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13901
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13903 Insufficient policy enforcement in Bluetooth

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13903
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13906 Out of bounds read in Codecs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13906
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13909 Insufficient policy enforcement in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13909
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13911 Insufficient data validation in Spellcheck

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13911
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13919 Insufficient data validation in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13919
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13921 Insufficient validation of untrusted input in DeviceBoundSessionCredentials

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13921
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13922 Side-channel information leakage in Paint

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13922
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13925 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13925
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13928 Insufficient validation of untrusted input in Enterprise

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13928
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13930 Insufficient policy enforcement in Actor

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13930
Media Microsoft Edge

Chromium: CVE-2026-13931 Inappropriate implementation in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13931
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13934 Insufficient validation of untrusted input in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13934
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13935 Side-channel information leakage in ComputePressure

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13935
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13937 Insufficient policy enforcement in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13937
Baja Microsoft Edge

Chromium: CVE-2026-13938 Integer overflow in Fonts

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13938
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13940 Uninitialized Use in Cast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13940
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13941 Inappropriate implementation in SiteSettings

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13941
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13942 Insufficient validation of untrusted input in Video Capture

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13942
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13945 Insufficient policy enforcement in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13945
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13947 Uninitialized Use in XR

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13947
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13948 Insufficient policy enforcement in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13948
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13950 Uninitialized Use in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13950
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13951 Policy bypass in USB

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13951
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13952 Inappropriate implementation in PerformanceAPIs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13952
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13953 Inappropriate implementation in SplitView

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13953
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13956 Incorrect security UI in PageInfo

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13956
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13957 Incorrect security UI in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13957
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13958 Uninitialized Use in Codecs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13958
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13959 Insufficient validation of untrusted input in Blink

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13959
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13960 Inappropriate implementation in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13960
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13962 Insufficient data validation in PDF

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13962
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13774 Use after free in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13774
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14142 Inappropriate implementation in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14142
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14130 Incorrect security UI in Omnibox

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14130
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14116 Insufficient validation of untrusted input in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14116
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14105 Insufficient policy enforcement in Speech

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14105
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14092 Insufficient policy enforcement in Privacy

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14092
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14082 Race in Storage

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14082
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14071 Side-channel information leakage in WebAudio

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14071
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14059 Insufficient policy enforcement in Related-Website-Sets

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14059
Media Microsoft Edge

Chromium: CVE-2026-14039 Insufficient policy enforcement in GetUserMedia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14039
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14027 Use after free in SignIn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14027
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14016 Insufficient policy enforcement in SVG

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14016
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14006 Use after free in Navigation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14006
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13989 Insufficient policy enforcement in PageInfo

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13989
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13973 Inappropriate implementation in UI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13973
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13961 Insufficient validation of untrusted input in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13961
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14156 Policy bypass in StorageAccessAPI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14156
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14155 Insufficient policy enforcement in StorageAccessAPI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14155
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14154 Inappropriate implementation in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14154
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14152 Out of bounds write in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14152
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14151 Inappropriate implementation in AI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14151
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14150 Insufficient validation of untrusted input in Speech

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14150
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14149 Use after free in Audio

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14149
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14148 Type Confusion in CSS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14148
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14147 Inappropriate implementation in CSS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14147
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14146 Inappropriate implementation in CSS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14146
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14145 Inappropriate implementation in CSS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14145
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14144 Incorrect security UI in Views

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14144
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14143 Incorrect security UI in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14143
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14141 Incorrect security UI in Document Picture-in-Picture

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14141
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14140 Insufficient validation of untrusted input in Input

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14140
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14139 Inappropriate implementation in TabStrip

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14139
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14133 Race in History Embeddings

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14133
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14132 Inappropriate implementation in WebXR

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14132
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14131 Insufficient validation of untrusted input in WebAppInstalls

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14131
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14129 Incorrect security UI in PreviewTab

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14129
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14127 Inappropriate implementation in Printing

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14127
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14124 Inappropriate implementation in CredentialProvider

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14124
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14122 Insufficient validation of untrusted input in WebAppInstalls

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14122
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14121 Use after free in Chromoting

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14121
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14119 Type Confusion in Bluetooth

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14119
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14117 Insufficient validation of untrusted input in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14117
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14115 Insufficient validation of untrusted input in Cast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14115
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14112 Inappropriate implementation in Enterprise

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14112
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14110 Inappropriate implementation in DarkMode

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14110
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14109 Insufficient policy enforcement in Mojo

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14109
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14104 Insufficient validation of untrusted input in WebAppInstalls

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14104
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14103 Use after free in SSL

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14103
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14102 Use after free in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14102
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14100 Insufficient data validation in NetworkCache

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14100
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14098 Inappropriate implementation in CSS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14098
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14097 Inappropriate implementation in WebAppInstalls

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14097
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14095 Insufficient validation of untrusted input in Browser

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14095
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14094 Use after free in Installer

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14094
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14093 Use after free in Cast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14093
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14091 Use after free in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14091
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14089 Insufficient validation of untrusted input in PopupBlocker

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14089
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14088 Uninitialized Use in Canvas

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14088
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14087 Insufficient validation of untrusted input in WebNN

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14087
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14086 Insufficient policy enforcement in HID

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14086
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14084 Insufficient validation of untrusted input in Chromoting

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14084
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14081 Insufficient policy enforcement in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14081
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14080 Insufficient validation of untrusted input in TabSwitcher

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14080
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14079 Policy bypass in Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14079
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14078 Policy bypass in WebRTC

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14078
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14077 Incorrect security UI in Select

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14077
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14076 Policy bypass in Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14076
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14074 Side-channel information leakage in WebAuthentication

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14074
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14072 Incorrect security UI in SplitView

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14072
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14070 Uninitialized Use in WebNN

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14070
Baja Microsoft Edge

Chromium: CVE-2026-14069 Integer overflow in WebNN

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14069
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14065 Insufficient validation of untrusted input in PageInfo

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14065
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14064 Use after free in PageInfo

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14064
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14063 Out of bounds memory access in Chromecast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14063
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14062 Inappropriate implementation in Views

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14062
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14061 Inappropriate implementation in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14061
Media Microsoft Edge

Chromium: CVE-2026-14056 Insufficient validation of untrusted input in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14056
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14055 Insufficient validation of untrusted input in Device Trust

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14055
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14052 Insufficient policy enforcement in FileSystem

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14052
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14051 Uninitialized Use in GamepadAPI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14051
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14050 Insufficient policy enforcement in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14050
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14048 Use after free in Chromecast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14048
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14047 Insufficient policy enforcement in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14047
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14046 Inappropriate implementation in CustomTabs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14046
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14045 Insufficient validation of untrusted input in Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14045
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14044 Use after free in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14044
Media Microsoft Edge

Chromium: CVE-2026-14043 Use after free in GetUserMedia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14043
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14042 Inappropriate implementation in Isolated Web Apps

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14042
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14041 Insufficient policy enforcement in Serial

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14041
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14040 Use after free in BrowserTag

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14040
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14038 Insufficient validation of untrusted input in New Tab Page

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14038
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14037 Insufficient policy enforcement in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14037
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14036 Insufficient policy enforcement in Bluetooth

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14036
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14035 Insufficient policy enforcement in Bluetooth

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14035
Media Microsoft Edge

Chromium: CVE-2026-14033 Insufficient policy enforcement in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14033
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14032 Use after free in Bluetooth

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14032
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14031 Incorrect security UI in File Input

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14031
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14026 Incorrect security UI in SplitView

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14026
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14024 Use after free in Ozone

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14024
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14022 Insufficient validation of untrusted input in Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14022
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14020 Insufficient validation of untrusted input in WebXR

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14020
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14019 Inappropriate implementation in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14019
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14018 Use after free in Updater

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14018
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14015 Inappropriate implementation in WebRTC

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14015
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14014 Inappropriate implementation in Paint

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14014
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14013 Inappropriate implementation in SVG

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14013
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14012 Side-channel information leakage in CSS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14012
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14011 Out of bounds read in SurfaceCapture

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14011
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14009 Insufficient data validation in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14009
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14008 Uninitialized Use in WebXR

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14008
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14004 Inappropriate implementation in CSS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14004
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14003 Insufficient policy enforcement in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14003
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14002 Inappropriate implementation in Geolocation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14002
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14001 Inappropriate implementation in Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14001
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14000 Inappropriate implementation in XML

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14000
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13999 Inappropriate implementation in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13999
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13988 Inappropriate implementation in Paint

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13988
Media Microsoft Edge

Chromium: CVE-2026-13985 Inappropriate implementation in MediaCapture

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13985
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13979 Inappropriate implementation in Paint

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13979
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13978 Insufficient policy enforcement in PageInfo

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13978
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13977 Inappropriate implementation in HTMLParser

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13977
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13972 Inappropriate implementation in Paint

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13972
Media Microsoft Edge

Chromium: CVE-2026-13970 Uninitialized Use in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13970
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13968 Insufficient validation of untrusted input in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13968
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13967 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13967
Crítica Microsoft Edge

CVE-2026-45488 Microsoft Edge (Chromium-based) Spoofing Vulnerability

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-45488
Baja Microsoft Edge

CVE-2026-57974 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-57974
Baja Microsoft Edge

CVE-2026-57977 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-57977
Baja Microsoft Edge

CVE-2026-57981 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-57981
Baja Microsoft Edge

CVE-2026-57986 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-57986
Baja Microsoft Edge

CVE-2026-58276 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58276
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13954 Insufficient policy enforcement in XML

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13954
Baja Microsoft Edge

CVE-2026-58278 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58278
Baja Microsoft Edge

CVE-2026-58284 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58284
Baja Microsoft Edge

CVE-2026-58285 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58285
Baja Microsoft Edge

CVE-2026-58286 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58286
Baja Microsoft Edge

CVE-2026-58288 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58288
Baja Microsoft Edge

CVE-2026-58289 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58289
Baja Microsoft Edge

CVE-2026-58290 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58290
Baja Microsoft Edge

CVE-2026-58292 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58292
Baja Microsoft Edge

CVE-2026-58293 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58293
Baja Microsoft Edge

CVE-2026-58294 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58294
Baja Microsoft Edge

CVE-2026-58295 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-58295
Baja Microsoft Edge

CVE-2026-58296 Microsoft Edge for Android Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

CVE-2026-58296
Baja Microsoft Edge

CVE-2026-58297 Microsoft Edge for Android Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

CVE-2026-58297
Baja Microsoft Edge

CVE-2026-58298 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58298
Baja Microsoft Edge

CVE-2026-58300 Microsoft Edge for Android Information Disclosure Vulnerability

Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

CVE-2026-58300
Baja Microsoft Edge

CVE-2026-58524 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58524
Baja Microsoft Edge

CVE-2026-58597 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58597
Baja Microsoft Edge

Chromium: CVE-2026-13796 Integer overflow in Chromecast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13796
Baja Microsoft Edge

Chromium: CVE-2026-13798 Heap buffer overflow in Chromecast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13798
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13799 Use after free in QUIC

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13799
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13800 Inappropriate implementation in Updater

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13800
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13806 Insufficient validation of untrusted input in Accessibility

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13806
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14138 Inappropriate implementation in WebAppInstalls

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14138
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14135 Insufficient validation of untrusted input in Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14135
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14134 Inappropriate implementation in Autofill

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14134
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14120 Inappropriate implementation in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14120
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14118 Insufficient data validation in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14118
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14113 Use after free in Updater

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14113
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14111 Use after free in WebProtect

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14111
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14108 Use after free in PDFium

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14108
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14107 Use after free in Scheduling

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14107
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14106 Insufficient validation of untrusted input in Text

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14106
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14085 Side-channel information leakage in CSS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14085
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14083 Insufficient validation of untrusted input in HTML

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14083
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14073 Insufficient policy enforcement in WebXR

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14073
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14068 Inappropriate implementation in Omnibox

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14068
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14060 Insufficient validation of untrusted input in Chromoting

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14060
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14058 Policy bypass in Parser

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14058
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14057 Insufficient policy enforcement in FedCM

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14057
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14054 Insufficient policy enforcement in Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14054
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14053 Insufficient policy enforcement in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14053
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14034 Inappropriate implementation in WebXR

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14034
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14030 Incorrect security UI in SplitView

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14030
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14025 Use after free in Views

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14025
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14023 Insufficient validation of untrusted input in SanitizerAPI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14023
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14021 Insufficient validation of untrusted input in StorageAccessAPI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14021
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14017 Inappropriate implementation in Navigation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14017
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14010 Uninitialized Use in Codecs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14010
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14007 Insufficient policy enforcement in PermissionsPolicy

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14007
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13996 Incorrect security UI in Permissions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13996
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13993 Incorrect security UI in WebAppInstalls

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13993
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13990 Insufficient validation of untrusted input in DataTransfer

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13990
Media Microsoft Edge

Chromium: CVE-2026-13986 Inappropriate implementation in Media UI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13986
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13984 Incorrect security UI in TabStrip

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13984
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13982 Incorrect security UI in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13982
Baja Microsoft Edge

Chromium: CVE-2026-13976 Heap buffer overflow in Storage

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13976
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13971 Uninitialized Use in Skia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13971
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13966 Inappropriate implementation in History

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13966
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13965 Use after free in Oilpan

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13965
Sin clasificar Microsoft Edge

CVE-2026-45489 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Information published.

CVE-2026-45489
Baja Microsoft Edge

CVE-2026-58291 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

CVE-2026-58291
Media Microsoft Edge

Chromium: CVE-2026-13920 Insufficient validation of untrusted input in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13920
Sin clasificar Microsoft Edge

Chromium: CVE-2026-14049 Inappropriate implementation in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-14049
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13963 Inappropriate implementation in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-13963
Baja Microsoft Edge

CVE-2026-58523 Microsoft Edge for Android Security Feature Bypass Vulnerability

Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-58523
Sin clasificar Microsoft

CVE-2026-56149 Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service

Information published.

CVE-2026-56149
Sin clasificar Microsoft

CVE-2026-14258 Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling

Information published.

CVE-2026-14258
Sin clasificar Microsoft

CVE-2026-49090 Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service

Information published.

CVE-2026-49090
Sin clasificar Microsoft

CVE-2026-53357 Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del()

Information published.

CVE-2026-53357
Baja Microsoft

CVE-2026-56405 libexpat before 2.8.2 has an integer overflow in getAttributeId.

Information published.

CVE-2026-56405
Baja Microsoft

CVE-2026-56406 libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

Information published.

CVE-2026-56406
Sin clasificar Microsoft

CVE-2026-53043 ocfs2/dlm: validate qr_numregions in dlm_match_regions()

Information published.

CVE-2026-53043
Sin clasificar Microsoft

CVE-2026-56131 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).

Information published.

CVE-2026-56131 CVE-2026-50219
Baja Microsoft

CVE-2026-52911 ksmbd: scope conn->binding slowpath to bound sessions only

Information published.

CVE-2026-52911
Sin clasificar Microsoft

CVE-2026-53049 gfs2: add some missing log locking

Information published.

CVE-2026-53049
Sin clasificar Microsoft

CVE-2026-53045 memory: tegra124-emc: Fix dll_change check

Information published.

CVE-2026-53045
Sin clasificar Microsoft

CVE-2026-53097 wifi: mt76: mt7996: fix use-after-free bugs in mt7996_mac_dump_work()

Information published.

CVE-2026-53097
Sin clasificar Microsoft

CVE-2026-53039 ocfs2: validate group add input before caching

Information published.

CVE-2026-53039
Sin clasificar Microsoft

CVE-2026-53010 ksmbd: fix use-after-free in smb2_open during durable reconnect

Information published.

CVE-2026-53010
Sin clasificar Microsoft

CVE-2026-53046 ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine

Information published.

CVE-2026-53046
Sin clasificar Microsoft

CVE-2026-53048 gfs2: prevent NULL pointer dereference during unmount

Information published.

CVE-2026-53048
Baja Microsoft

CVE-2026-53196 USB: serial: io_ti: fix heap overflow in get_manuf_info()

Information published.

CVE-2026-53196
Baja Microsoft

CVE-2026-58050 libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation

Information published.

CVE-2026-58050
Sin clasificar Microsoft

CVE-2026-58051 libssh2 - Free of Uninitialized Pointer in publickey List Cleanup

Information published.

CVE-2026-58051
Sin clasificar Microsoft

CVE-2026-48779 ws: Memory exhaustion DoS from tiny fragments and data chunks

Information published.

CVE-2026-48779
Sin clasificar Microsoft

CVE-2026-13322 Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service

Information published.

CVE-2026-13322
Baja Microsoft

CVE-2026-57918 libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker.

Information published.

CVE-2026-57918
Baja Microsoft

CVE-2026-12912 Libtiff: libtiff: heap-based buffer overflow via crafted pixarlog-compressed tiff image

Information published.

CVE-2026-12912
Sin clasificar Microsoft

CVE-2026-14164 Libarchive: double-free vulnerability in rar5 decompression logic via dangling filtered_buf pointer in init_unpack()

Information published.

CVE-2026-14164
Baja Microsoft

CVE-2026-53195 USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr()

Information published.

CVE-2026-53195
Baja Microsoft

CVE-2026-56407 libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.

Information published.

CVE-2026-56407
Baja Microsoft

CVE-2026-56404 libexpat before 2.8.2 has an integer overflow in addBinding.

Information published.

CVE-2026-56404
Sin clasificar Microsoft

CVE-2026-52913 batman-adv: v: stop OGMv2 on disabled interface

Information published.

CVE-2026-52913
Baja Microsoft

CVE-2026-56403 libexpat before 2.8.2 has an integer overflow in storeAtts.

Information published.

CVE-2026-56403
Baja Microsoft

CVE-2026-56132 In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

Information published.

CVE-2026-56132
Sin clasificar Microsoft

CVE-2026-56412 libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.

Information published.

CVE-2026-56412 CVE-2026-50219
Baja Microsoft

CVE-2026-3195 Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730)

Information published.

CVE-2026-3195 CVE-2024-7730
Sin clasificar Microsoft

CVE-2026-11972 tarfile opened in streaming mode mishandles EOF

Information published.

CVE-2026-11972
Sin clasificar Microsoft

CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method

Information published.

CVE-2026-0864
Sin clasificar Microsoft

CVE-2026-55199 libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler

Information published.

CVE-2026-55199
Sin clasificar Microsoft

CVE-2026-55200 libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c

Information published.

CVE-2026-55200
Sin clasificar Microsoft

CVE-2025-15661 libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c

Information published.

CVE-2025-15661
Sin clasificar Microsoft

CVE-2026-53052 ASoC: qcom: qdsp6: topology: check widget type before accessing data

Information published.

CVE-2026-53052
Sin clasificar Microsoft

CVE-2026-53098 wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work()

Information published.

CVE-2026-53098
Sin clasificar Microsoft

CVE-2026-52946 fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling

Information published.

CVE-2026-52946
Sin clasificar Microsoft

CVE-2026-52992 fs/adfs: validate nzones in adfs_validate_bblk()

Information published.

CVE-2026-52992
Sin clasificar Microsoft

CVE-2026-52954 libceph: handle rbtree insertion error in decode_choose_args()

Information published.

CVE-2026-52954
Sin clasificar Microsoft

CVE-2026-53160 misc: fastrpc: fix use-after-free race in fastrpc_map_create

Information published.

CVE-2026-53160
Sin clasificar Microsoft

CVE-2026-53130 fs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_START

Information published.

CVE-2026-53130
Sin clasificar Microsoft

CVE-2026-53016 crypto: ccp - copy IV using skcipher ivsize

Information published.

CVE-2026-53016
Sin clasificar Microsoft

CVE-2026-52962 ceph: fix a buffer leak in __ceph_setxattr()

Information published.

CVE-2026-52962
Sin clasificar Microsoft

CVE-2026-52935 xfrm: espintcp: do not reuse an in-progress partial send

Information published.

CVE-2026-52935
Sin clasificar Microsoft

CVE-2026-52944 ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE

Information published.

CVE-2026-52944
Sin clasificar Microsoft

CVE-2026-53320 nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()

Information published.

CVE-2026-53320
Sin clasificar Microsoft

CVE-2026-53296 mailbox: mailbox-test: free channels on probe error

Information published.

CVE-2026-53296
Sin clasificar Microsoft

CVE-2026-53309 ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison

Information published.

CVE-2026-53309
Sin clasificar Microsoft

CVE-2026-53306 tty: hvc_iucv: fix off-by-one in number of supported devices

Information published.

CVE-2026-53306
Sin clasificar Microsoft

CVE-2026-53294 mailbox: mailbox-test: don't free the reused channel

Information published.

CVE-2026-53294
Sin clasificar Microsoft

CVE-2026-53303 f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()

Information published.

CVE-2026-53303
Sin clasificar Microsoft

CVE-2026-53279 drm/gma500/oaktrail_lvds: fix hang on init failure

Information published.

CVE-2026-53279
Sin clasificar Microsoft

CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length

Information published.

CVE-2026-58055
Sin clasificar Microsoft

CVE-2026-41991 Predictable Temporary File in GNU gzip

Information published.

CVE-2026-41991
Sin clasificar Microsoft

CVE-2026-57231 Podman: Malformed Image can trick podman run into leaking host environment variables into the container

Information published.

CVE-2026-57231
Sin clasificar Microsoft

CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter

Information published.

CVE-2026-4360
Sin clasificar Microsoft

CVE-2026-13757 P11-kit: stack exhaustion via unbounded recursion in rpc attribute parsing

Information published.

CVE-2026-13757
Sin clasificar Microsoft

CVE-2026-57585 MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error

Information published.

CVE-2026-57585
Sin clasificar Microsoft Edge

CVE-2026-50521 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Added Edge software to the Security Updates table. Customers that are running supported version of Edge are encouraged to update to the indicated version to be protected from this vulnerability.

CVE-2026-50521
Baja Microsoft

CVE-2026-57100 Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.

CVE-2026-57100
Baja Azure

CVE-2026-45499 Azure OpenAI Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.

CVE-2026-45499
Baja Azure

CVE-2026-26145 Microsoft Azure Synapse Elevation of Privilege Vulnerability

Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network.

CVE-2026-26145
Baja Microsoft 365

CVE-2026-41106 Microsoft 365 Copilot Elevation of Privilege Vulnerability

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-41106
Baja Microsoft

CVE-2026-54998 Microsoft Exchange Online Elevation of Privilege Vulnerability

Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

CVE-2026-54998
Sin clasificar Microsoft

CVE-2026-32208 Microsoft Entra ID Spoofing Vulnerability

Corrected the CVE description and title. This is an informational change only.

CVE-2026-32208
Sin clasificar Microsoft

CVE-2026-57062 CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182.

Information published.

CVE-2026-57062 CVE-2026-34182
Baja Microsoft

CVE-2026-58050 libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation

Information published.

CVE-2026-58050
Sin clasificar Microsoft

CVE-2026-58051 libssh2 - Free of Uninitialized Pointer in publickey List Cleanup

Information published.

CVE-2026-58051
Sin clasificar Microsoft

CVE-2026-42055 NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability

Information published.

CVE-2026-42055
Sin clasificar Microsoft

CVE-2026-48779 ws: Memory exhaustion DoS from tiny fragments and data chunks

Information published.

CVE-2026-48779
Sin clasificar Microsoft

CVE-2026-58010 Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal()

Information published.

CVE-2026-58010
Sin clasificar Microsoft

CVE-2026-58015 Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive

Information published.

CVE-2026-58015
Baja Microsoft

CVE-2026-58016 Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

Information published.

CVE-2026-58016
Sin clasificar Microsoft

CVE-2026-58012 Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()

Information published.

CVE-2026-58012
Sin clasificar Microsoft

CVE-2026-58011 Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime

Information published.

CVE-2026-58011
Sin clasificar Microsoft

CVE-2026-58013 Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"

Information published.

CVE-2026-58013
Sin clasificar Microsoft

CVE-2026-58014 Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list"

Information published.

CVE-2026-58014
Sin clasificar Microsoft

CVE-2026-13322 Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service

Information published.

CVE-2026-13322
Sin clasificar Microsoft

CVE-2026-13208 Kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts vmi identity from unauthenticated grpc request body

Information published.

CVE-2026-13208
Baja Microsoft

CVE-2026-13218 Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher

Information published.

CVE-2026-13218
Sin clasificar Microsoft

CVE-2026-13325 Virt-handler-rhel9: kubevirt: kubevirt: disabletls migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces

Information published.

CVE-2026-13325
Baja Microsoft

CVE-2026-57918 libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker.

Information published.

CVE-2026-57918
Sin clasificar Microsoft

CVE-2026-6291 Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption

Information published.

CVE-2026-6291
Sin clasificar Microsoft

CVE-2026-7532 iPAddress name constraints not enforced when WOLFSSL_IP_ALT_NAME is undefined

Information published.

CVE-2026-7532
Crítica Microsoft

CVE-2026-6450 CRL critical extension bypass in ParseCRL_Extensions

Information published.

CVE-2026-6450
Sin clasificar Microsoft

CVE-2026-55960 Un-negotiated Raw Public Key (RFC 7250) accepted in place of X.509, bypassing chain validation

Information published.

CVE-2026-55960
Media Microsoft

CVE-2026-55964 Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA (temporary CA exemption)

Information published.

CVE-2026-55964
Sin clasificar Microsoft

CVE-2026-6329 PKCS#12 MAC verification uses attacker-controlled comparison length

Information published.

CVE-2026-6329
Sin clasificar Microsoft

CVE-2026-55961 wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer

Information published.

CVE-2026-55961
Baja Microsoft

CVE-2026-6678 Integer underflow in wc_PKCS7_DecryptOri handling crafted Other Recipient Info

Information published.

CVE-2026-6678
Sin clasificar Microsoft

CVE-2026-6094 Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData

Information published.

CVE-2026-6094
Sin clasificar Microsoft

CVE-2026-6331 HMAC zero-length tag forgery in EVP_DigestVerifyFinal

Information published.

CVE-2026-6331
Sin clasificar Microsoft

CVE-2026-6330 ML-KEM ARM64 NEON ciphertext comparison only compares half of the input

Information published.

CVE-2026-6330
Sin clasificar Microsoft

CVE-2026-6731 X.509 name constraint bypass via Subject CN treated as a DNS name

Information published.

CVE-2026-6731
Sin clasificar Microsoft

CVE-2026-55958 Renesas TSIP TLS 1.3 transcript buffer out-of-bounds write in tsip_StoreMessage

Information published.

CVE-2026-55958
Sin clasificar Microsoft

CVE-2026-6325 Out-of-bounds write in SetSuitesHashSigAlgo on oversized signature algorithms list

Information published.

CVE-2026-6325
Sin clasificar Microsoft

CVE-2026-10592 Wildcard DNS SAN bypasses CA name-constraint checks

Information published.

CVE-2026-10592
Sin clasificar Microsoft

CVE-2026-10512 X25519 x86_64 assembly final reduction leaves non-canonical field element

Information published.

CVE-2026-10512
Sin clasificar Microsoft

CVE-2026-8720 HMAC-BLAKE2 final discards message when key length exceeds block size

Information published.

CVE-2026-8720
Sin clasificar Microsoft

CVE-2026-10098 OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status

Information published.

CVE-2026-10098
Sin clasificar Microsoft

CVE-2026-10097 ML-KEM-1024 x64 AVX2 incomplete cipher text comparison enables IND-CCA2 break and static private-key recovery

Information published.

CVE-2026-10097
Media Microsoft

CVE-2026-11310 X.509 trust-chain bypass in wolfSSL_X509_verify_cert() via untrusted intermediate anchoring

Information published.

CVE-2026-11310
Sin clasificar Microsoft

CVE-2026-13595 Util-linux: util-linux: heap use-after-free in libblkid nested partition probing

Information published.

CVE-2026-13595
Sin clasificar Microsoft

CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length

Information published.

CVE-2026-58055
Sin clasificar Microsoft

CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr

Information published.

CVE-2026-54371
Baja Microsoft

CVE-2026-41992 Global Buffer Overflow in GNU gzip

Information published.

CVE-2026-41992
Sin clasificar Microsoft

CVE-2026-13318 Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip

Information published.

CVE-2026-13318
Sin clasificar Microsoft

CVE-2026-57231 Podman: Malformed Image can trick podman run into leaking host environment variables into the container

Information published.

CVE-2026-57231
Sin clasificar Microsoft

CVE-2026-11703 Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption

Information published.

CVE-2026-11703
Sin clasificar Microsoft

CVE-2026-55967 AES-GCM streaming APIs do not reject >64 GiB cumulative single messages, enabling counter wrap and keystream reuse

Information published.

CVE-2026-55967
Sin clasificar Microsoft

CVE-2026-55962 TLS 1.3 post-handshake authentication: server accepts Finished without client Certificate/CertificateVerify

Information published.

CVE-2026-55962
Sin clasificar Microsoft

CVE-2026-11999 X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()

Information published.

CVE-2026-11999
Baja Microsoft

CVE-2026-7511 PKCS7_verify signer confusion allows forged signatures to be accepted

Information published.

CVE-2026-7511
Media Microsoft

CVE-2026-6091 Partial-chain verification accepts untrusted intermediate as trust anchor

Information published.

CVE-2026-6091
Sin clasificar Microsoft

CVE-2026-12340 Out-of-bounds heap read in SM2/SM3 certificate Subject Key Identifier computation

Information published.

CVE-2026-12340
Sin clasificar Microsoft

CVE-2026-6092 Encrypt-then-MAC could fall back to MAC-then-Encrypt when HAVE_ENCRYPT_THEN_MAC is configured

Information published.

CVE-2026-6092
Sin clasificar Microsoft

CVE-2026-6412 Continued acceptance of SHA-1/MD5 digests in certificate processing

Information published.

CVE-2026-6412
Sin clasificar Microsoft

CVE-2026-7531 Use-after-free in PQC hybrid key-share handling

Information published.

CVE-2026-7531
Sin clasificar Microsoft

CVE-2026-11625 Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes

Information published.

CVE-2026-11625
Sin clasificar Windows

CVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-42910
Sin clasificar Microsoft

CVE-2026-54369 acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions

Information published.

CVE-2026-54369
Sin clasificar Microsoft

CVE-2026-41991 Predictable Temporary File in GNU gzip

Information published.

CVE-2026-41991
Sin clasificar Microsoft

CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr

Information published.

CVE-2026-54371
Sin clasificar Microsoft

CVE-2026-53325 agp/amd64: Fix broken error propagation in agp_amd64_probe()

Information published.

CVE-2026-53325
Baja Microsoft

CVE-2026-41992 Global Buffer Overflow in GNU gzip

Information published.

CVE-2026-41992
Baja Microsoft

CVE-2026-11979 Stack-Based Buffer Overflow in libxml2

Information published.

CVE-2026-11979
Sin clasificar Microsoft

CVE-2026-52910 bpf: Free reuseport cBPF prog after RCU grace period.

Information published.

CVE-2026-52910
Sin clasificar Microsoft

CVE-2026-52908 RDMA: During rereg_mr ensure that REREG_ACCESS is compatible

Information published.

CVE-2026-52908
Baja Microsoft

CVE-2026-58050 libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation

Information published.

CVE-2026-58050
Sin clasificar Microsoft

CVE-2026-58051 libssh2 - Free of Uninitialized Pointer in publickey List Cleanup

Information published.

CVE-2026-58051
Baja Microsoft

CVE-2026-58058 Nmap - Integer Underflow in IPv6 Extension Header Parsing

Information published.

CVE-2026-58058
Sin clasificar Microsoft

CVE-2026-52909 ip6_vti: set netns_immutable on the fallback device.

Information published.

CVE-2026-52909
Sin clasificar Microsoft

CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length

Information published.

CVE-2026-58055
Sin clasificar Microsoft

CVE-2023-6606 Kernel: out-of-bounds read vulnerability in smbcalcsize

Information published.

CVE-2023-6606
Sin clasificar Microsoft

CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT

Information published.

CVE-2025-21825
Sin clasificar Microsoft

CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed

Information published.

CVE-2024-58089
Baja Microsoft

CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP

Information published.

CVE-2025-21892
Sin clasificar Microsoft

CVE-2025-21885 RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers

Information published.

CVE-2025-21885
Sin clasificar Microsoft

CVE-2025-21833 iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE

Information published.

CVE-2025-21833
Baja Microsoft

CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment

Information published.

CVE-2025-29923
Sin clasificar Microsoft

CVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM type

Information published.

CVE-2025-21888
Sin clasificar Microsoft

CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers

Information published.

CVE-2025-21870
Sin clasificar Microsoft

CVE-2026-23214 btrfs: reject new transactions if the fs is fully read-only

Information published.

CVE-2026-23214
Sin clasificar Microsoft

CVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset

Information published.

CVE-2026-23213
Sin clasificar Microsoft

CVE-2025-71225 md: suspend array while updating raid_disks via sysfs

Information published.

CVE-2025-71225
Sin clasificar Microsoft

CVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channels

Information published.

CVE-2025-71227
Sin clasificar Microsoft

CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler

Information published.

CVE-2026-23207
Sin clasificar Microsoft

CVE-2025-40213 Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete

Information published.

CVE-2025-40213
Sin clasificar Microsoft

CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().

Information published.

CVE-2025-40139
Sin clasificar Microsoft

CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown

Information published.

CVE-2025-40146
Sin clasificar Microsoft

CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().

Information published.

CVE-2025-40168
Sin clasificar Microsoft

CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()

Information published.

CVE-2025-40170
Sin clasificar Microsoft

CVE-2025-40158 ipv6: use RCU in ip6_output()

Information published.

CVE-2025-40158
Sin clasificar Microsoft

CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop

Information published.

CVE-2025-40180
Sin clasificar Microsoft

CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work

Information published.

CVE-2025-68822
Baja Microsoft

CVE-2026-0989 Libxml2: unbounded relaxng include recursion leading to stack overflow

Information published.

CVE-2026-0989
Sin clasificar Microsoft

CVE-2025-71073 Input: lkkbd - disable pending work before freeing device

Information published.

CVE-2025-71073
Sin clasificar Microsoft

CVE-2025-71072 shmem: fix recovery on rename failures

Information published.

CVE-2025-71072
Sin clasificar Microsoft

CVE-2025-68201 drm/amdgpu: remove two invalid BUG_ON()s

Information published.

CVE-2025-68201
Sin clasificar Microsoft

CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough

Information published.

CVE-2025-68230
Sin clasificar Microsoft

CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition

Information published.

CVE-2025-68174
Sin clasificar Microsoft

CVE-2025-40355 sysfs: check visibility before changing group attribute ownership

Information published.

CVE-2025-40355
Sin clasificar Microsoft

CVE-2025-68209 mlx5: Fix default values in create CQ

Information published.

CVE-2025-68209
Sin clasificar Microsoft

CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side

Information published.

CVE-2025-68304
Sin clasificar Microsoft

CVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irq

Information published.

CVE-2025-68338
Sin clasificar Microsoft

CVE-2025-68745 scsi: qla2xxx: Clear cmds after chip reset

Information published.

CVE-2025-68745
Sin clasificar Microsoft

CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509

Information published.

CVE-2025-61727
Sin clasificar Microsoft

CVE-2025-40289 drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM

Information published.

CVE-2025-40289
Sin clasificar Microsoft

CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved

Information published.

CVE-2025-40339
Sin clasificar Microsoft

CVE-2025-68190 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()

Information published.

CVE-2025-68190
Sin clasificar Microsoft

CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()

Information published.

CVE-2025-68188
Baja Microsoft

CVE-2025-68378 bpf: Fix stackmap overflow check in __bpf_get_stackid()

Information published.

CVE-2025-68378
Sin clasificar Microsoft

CVE-2025-68374 md: fix rcu protection in md_wakeup_thread

Information published.

CVE-2025-68374
Sin clasificar Microsoft

CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes

Information published.

CVE-2025-38041
Sin clasificar Microsoft

CVE-2025-38029 kasan: avoid sleepable page allocation from atomic context

Information published.

CVE-2025-38029
Sin clasificar Microsoft

CVE-2025-38064 virtio: break and reset virtio devices on device_shutdown()

Information published.

CVE-2025-38064
Sin clasificar Microsoft

CVE-2023-52485 drm/amd/display: Wake DMCUB before sending a command

Information published.

CVE-2023-52485
Sin clasificar Microsoft

CVE-2024-25740 A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.

Information published.

CVE-2024-25740
Media Microsoft

CVE-2024-24864 Race condition vulnerability in Linux kernel media/dvb-core in dvbdmx_write()

Information published.

CVE-2024-24864
Baja Microsoft

CVE-2024-1151 Kernel: stack overflow problem in open vswitch kernel module leading to dos

Information published.

CVE-2024-1151
Sin clasificar Microsoft

CVE-2024-53201 drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe

Information published.

CVE-2024-53201
Sin clasificar Microsoft

CVE-2024-53114 x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client

Information published.

CVE-2024-53114
Sin clasificar Microsoft

CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO

Information published.

CVE-2024-53219
Sin clasificar Microsoft

CVE-2024-56712 udmabuf: fix memory leak on last export_udmabuf() error path

Information published.

CVE-2024-56712
Sin clasificar Microsoft

CVE-2024-56591 Bluetooth: hci_conn: Use disable_delayed_work_sync

Information published.

CVE-2024-56591
Sin clasificar Microsoft

CVE-2024-53133 drm/amd/display: Handle dml allocation failure to avoid crash

Information published.

CVE-2024-53133
Baja Microsoft

CVE-2024-53187 io_uring: check for overflows in io_pin_pages

Information published.

CVE-2024-53187
Sin clasificar Microsoft

CVE-2024-56544 udmabuf: change folios array from kmalloc to kvmalloc

Information published.

CVE-2024-56544
Sin clasificar Microsoft

CVE-2024-56702 bpf: Mark raw_tp arguments with PTR_MAYBE_NULL

Information published.

CVE-2024-56702
Sin clasificar Microsoft

CVE-2024-56742 vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages()

Information published.

CVE-2024-56742
Sin clasificar Microsoft

CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string

Information published.

CVE-2025-38660
Sin clasificar Microsoft

CVE-2025-38636 rv: Use strings in da monitors tracepoints

Information published.

CVE-2025-38636
Sin clasificar Microsoft

CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields

Information published.

CVE-2025-38591
Sin clasificar Microsoft

CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()

Information published.

CVE-2025-38656
Media Microsoft

CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()

Information published.

CVE-2025-38585
Sin clasificar Microsoft

CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences

Information published.

CVE-2025-58160
Sin clasificar Microsoft

CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta

Information published.

CVE-2024-47702
Baja Microsoft

CVE-2024-49888 bpf: Fix a sdiv overflow issue

Information published.

CVE-2024-49888
Sin clasificar Microsoft

CVE-2024-47662 drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection

Information published.

CVE-2024-47662
Baja Microsoft

CVE-2024-49940 l2tp: prevent possible tunnel refcount underflow

Information published.

CVE-2024-49940
Sin clasificar Microsoft

CVE-2024-49932 btrfs: don't readahead the relocation inode on RST

Information published.

CVE-2024-49932
Sin clasificar Microsoft

CVE-2024-49893 drm/amd/display: Check stream_status before it is used

Information published.

CVE-2024-49893
Sin clasificar Microsoft

CVE-2024-49885 mm, slub: avoid zeroing kmalloc redzone

Information published.

CVE-2024-49885
Sin clasificar Microsoft

CVE-2024-49972 drm/amd/display: Deallocate DML memory if allocation fails

Information published.

CVE-2024-49972
Sin clasificar Microsoft

CVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structure

Information published.

CVE-2024-49945
Sin clasificar Microsoft

CVE-2024-49920 drm/amd/display: Check null pointers before multiple uses

Information published.

CVE-2024-49920
Baja Microsoft

CVE-2024-47661 drm/amd/display: Avoid overflow from uint32_t to uint8_t

Information published.

CVE-2024-47661
Sin clasificar Microsoft

CVE-2024-49904 drm/amdgpu: add list empty check to avoid null pointer issue

Information published.

CVE-2024-49904
Sin clasificar Microsoft

CVE-2024-50028 thermal: core: Reference count the zone in thermal_zone_get_by_id()

Information published.

CVE-2024-50028
Sin clasificar Microsoft

CVE-2024-49908 drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (v2)

Information published.

CVE-2024-49908
Sin clasificar Microsoft

CVE-2024-49918 drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer

Information published.

CVE-2024-49918
Sin clasificar Microsoft

CVE-2024-49990 drm/xe/hdcp: Check GSC structure validity

Information published.

CVE-2024-49990
Sin clasificar Microsoft

CVE-2024-49922 drm/amd/display: Check null pointers before using them

Information published.

CVE-2024-49922
Sin clasificar Microsoft

CVE-2024-46870 drm/amd/display: Disable DMCUB timeout for DCN35

Information published.

CVE-2024-46870
Sin clasificar Microsoft

CVE-2024-49971 drm/amd/display: Increase array size of dummy_boolean

Information published.

CVE-2024-49971
Sin clasificar Microsoft

CVE-2024-49921 drm/amd/display: Check null pointers before used

Information published.

CVE-2024-49921
Sin clasificar Microsoft

CVE-2024-47703 bpf, lsm: Add check for BPF LSM return value

Information published.

CVE-2024-47703
Sin clasificar Microsoft

CVE-2024-49910 drm/amd/display: Add NULL check for function pointer in dcn401_set_output_transfer_func

Information published.

CVE-2024-49910
Sin clasificar Microsoft

CVE-2024-49916 drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn401_init_hw

Information published.

CVE-2024-49916
Sin clasificar Microsoft

CVE-2024-49970 drm/amd/display: Implement bounds check for stream encoder creation in DCN401

Information published.

CVE-2024-49970
Sin clasificar Microsoft

CVE-2024-50004 drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35

Information published.

CVE-2024-50004
Sin clasificar Microsoft

CVE-2024-38608 net/mlx5e: Fix netif state handling

Information published.

CVE-2024-38608
Sin clasificar Microsoft

CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port

Information published.

CVE-2024-38595
Sin clasificar Microsoft

CVE-2024-46834 ethtool: fail closed if we can't get max channel used in indirection tables

Information published.

CVE-2024-46834
Sin clasificar Microsoft

CVE-2024-44951 serial: sc16is7xx: fix TX fifo corruption

Information published.

CVE-2024-44951
Sin clasificar Microsoft

CVE-2024-46730 drm/amd/display: Ensure array index tg_inst won't be -1

Information published.

CVE-2024-46730
Sin clasificar Microsoft

CVE-2024-46727 drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update

Information published.

CVE-2024-46727
Sin clasificar Microsoft

CVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.

Information published.

CVE-2024-46754
Sin clasificar Microsoft

CVE-2024-46681 pktgen: use cpus_read_lock() in pg_net_init()

Information published.

CVE-2024-46681
Sin clasificar Microsoft

CVE-2024-46701 libfs: fix infinite directory reads for offset dir

Information published.

CVE-2024-46701
Sin clasificar Microsoft

CVE-2024-46775 drm/amd/display: Validate function returns

Information published.

CVE-2024-46775
Crítica Microsoft

CVE-2024-44956 drm/xe/preempt_fence: enlarge the fence critical section

Information published.

CVE-2024-44956
Sin clasificar Microsoft

CVE-2024-46698 video/aperture: optionally match the device in sysfb_disable()

Information published.

CVE-2024-46698
Sin clasificar Microsoft

CVE-2024-46705 drm/xe: reset mmio mappings with devm

Information published.

CVE-2024-46705
Sin clasificar Microsoft

CVE-2024-46778 drm/amd/display: Check UnboundedRequestEnabled's value

Information published.

CVE-2024-46778
Sin clasificar Microsoft

CVE-2024-46808 drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range

Information published.

CVE-2024-46808
Sin clasificar Microsoft

CVE-2024-46842 scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info

Information published.

CVE-2024-46842
Baja Microsoft

CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.

Information published.

CVE-2022-4543
Sin clasificar Microsoft

CVE-2025-39932 smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work)

Information published.

CVE-2025-39932
Sin clasificar Microsoft

CVE-2025-40064 smc: Fix use-after-free in __pnet_find_base_ndev().

Information published.

CVE-2025-40064
Sin clasificar Microsoft

CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509

Information published.

CVE-2025-58188
Sin clasificar Microsoft

CVE-2025-39927 ceph: fix race condition validating r_parent before applying state

Information published.

CVE-2025-39927
Sin clasificar Microsoft

CVE-2025-39901 i40e: remove read access to debugfs files

Information published.

CVE-2025-39901
Sin clasificar Microsoft

CVE-2025-39905 net: phylink: add lock for serializing concurrent pl->phydev writes with resolver

Information published.

CVE-2025-39905
Baja Microsoft

CVE-2025-39940 dm-stripe: fix a possible integer overflow

Information published.

CVE-2025-39940
Sin clasificar Microsoft

CVE-2025-39990 bpf: Check the helper function is valid in get_helper_proto

Information published.

CVE-2025-39990
Sin clasificar Microsoft

CVE-2025-40003 net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work

Information published.

CVE-2025-40003
Sin clasificar Microsoft

CVE-2025-40074 ipv4: start using dst_dev_rcu()

Information published.

CVE-2025-40074
Sin clasificar Microsoft

CVE-2025-40065 RISC-V: KVM: Write hgatp register with valid mode bits

Information published.

CVE-2025-40065
Sin clasificar Microsoft

CVE-2025-40075 tcp_metrics: use dst_dev_net_rcu()

Information published.

CVE-2025-40075
Sin clasificar Microsoft

CVE-2025-40057 ptp: Add a upper bound on max_vclocks

Information published.

CVE-2025-40057
Sin clasificar Microsoft

CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar

Information published.

CVE-2025-58183
Sin clasificar Microsoft

CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail

Information published.

CVE-2025-61725
Sin clasificar Microsoft

CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http

Information published.

CVE-2025-58186
Sin clasificar Microsoft

CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto

Information published.

CVE-2025-61724
Sin clasificar Microsoft

CVE-2025-40102 KVM: arm64: Prevent access to vCPU events before init

Information published.

CVE-2025-40102
Baja Microsoft

CVE-2025-21976 fbdev: hyperv_fb: Allow graceful removal of framebuffer

Information published.

CVE-2025-21976
Sin clasificar Microsoft

CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying

Information published.

CVE-2025-22113
Sin clasificar Microsoft

CVE-2025-22108 bnxt_en: Mask the bd_cnt field in the TX BD properly

Information published.

CVE-2025-22108
Sin clasificar Microsoft

CVE-2025-22070 fs/9p: fix NULL pointer dereference on mkdir

Information published.

CVE-2025-22070
Sin clasificar Microsoft

CVE-2025-21961 eth: bnxt: fix truesize for mb-xdp-pass case

Information published.

CVE-2025-21961
Sin clasificar Microsoft

CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses

Information published.

CVE-2025-21985
Sin clasificar Microsoft

CVE-2025-22115 btrfs: fix block group refcount race in btrfs_create_pending_block_groups()

Information published.

CVE-2025-22115
Sin clasificar Microsoft

CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()

Information published.

CVE-2025-21927
Sin clasificar Microsoft

CVE-2025-21949 LoongArch: Set hugetlb mmap base address aligned with pmd size

Information published.

CVE-2025-21949
Sin clasificar Microsoft

CVE-2025-23131 dlm: prevent NPD when writing a positive value to event_done

Information published.

CVE-2025-23131
Sin clasificar Microsoft

CVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folio

Information published.

CVE-2025-21907
Sin clasificar Microsoft

CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb

Information published.

CVE-2025-22124
Sin clasificar Microsoft

CVE-2025-23135 RISC-V: KVM: Teardown riscv specific bits after kvm_exit

Information published.

CVE-2025-23135
Sin clasificar Microsoft

CVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration file

Information published.

CVE-2025-46327
Sin clasificar Microsoft

CVE-2025-22109 ax25: Remove broken autobind

Information published.

CVE-2025-22109
Sin clasificar Microsoft

CVE-2025-4035 Libsoup: cookie domain validation bypass via uppercase characters in libsoup

Information published.

CVE-2025-4035
Sin clasificar Microsoft

CVE-2025-40325 md/raid10: wait barrier before returning discard request with REQ_NOWAIT

Information published.

CVE-2025-40325
Sin clasificar Microsoft

CVE-2025-37860 sfc: fix NULL dereferences in ef100_process_design_param()

Information published.

CVE-2025-37860
Sin clasificar Microsoft

CVE-2024-43901 drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401

Information published.

CVE-2024-43901
Sin clasificar Microsoft

CVE-2024-43872 RDMA/hns: Fix soft lockup under heavy CEQE load

Information published.

CVE-2024-43872
Sin clasificar Microsoft

CVE-2024-43819 kvm: s390: Reject memory region operations for ucontrol VMs

Information published.

CVE-2024-43819
Sin clasificar Microsoft

CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed

Information published.

CVE-2024-42317
Sin clasificar Microsoft

CVE-2024-43886 drm/amd/display: Add null check in resource_log_pipe_topology_update

Information published.

CVE-2024-43886
Sin clasificar Microsoft

CVE-2024-43824 PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()

Information published.

CVE-2024-43824
Baja Microsoft

CVE-2013-1633 easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.

Information published.

CVE-2013-1633
Sin clasificar Microsoft

CVE-2025-38333 f2fs: fix to bail out in get_new_segment()

Information published.

CVE-2025-38333
Sin clasificar Microsoft

CVE-2025-38359 s390/mm: Fix in_atomic() handling in do_secure_storage_access()

Information published.

CVE-2025-38359
Sin clasificar Microsoft

CVE-2025-38264 nvme-tcp: sanitize request list handling

Information published.

CVE-2025-38264
Sin clasificar Microsoft

CVE-2025-38303 Bluetooth: eir: Fix possible crashes on eir_create_adv_data

Information published.

CVE-2025-38303
Sin clasificar Microsoft

CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping

Information published.

CVE-2025-38279
Sin clasificar Microsoft

CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit()

Information published.

CVE-2025-38269
Sin clasificar Microsoft

CVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW error

Information published.

CVE-2025-38096
Sin clasificar Microsoft

CVE-2025-38272 net: dsa: b53: do not enable EEE on bcm63xx

Information published.

CVE-2025-38272
Baja Microsoft

CVE-2024-58266 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.

Information published.

CVE-2024-58266
Sin clasificar Microsoft

CVE-2025-38311 iavf: get rid of the crit lock

Information published.

CVE-2025-38311
Sin clasificar Microsoft

CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs

Information published.

CVE-2025-38140
Sin clasificar Microsoft

CVE-2024-42107 ice: Don't process extts if PTP is disabled

Information published.

CVE-2024-42107
Sin clasificar Microsoft

CVE-2024-42064 drm/amd/display: Skip pipe if the pipe idx not set properly

Information published.

CVE-2024-42064
Sin clasificar Microsoft

CVE-2024-42065 drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init

Information published.

CVE-2024-42065
Baja Microsoft

CVE-2024-42066 drm/xe: Fix potential integer overflow in page size calculation

Information published.

CVE-2024-42066
Sin clasificar Microsoft

CVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_free

Information published.

CVE-2024-41045
Sin clasificar Microsoft

CVE-2024-42151 bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable

Information published.

CVE-2024-42151
Sin clasificar Microsoft

CVE-2024-41008 drm/amdgpu: change vm->task_info handling

Information published.

CVE-2024-41008
Sin clasificar Microsoft

CVE-2024-41082 nvme-fabrics: use reserved tag for reg read/write command

Information published.

CVE-2024-41082
Sin clasificar Microsoft

CVE-2024-42134 virtio-pci: Check if is_avq is NULL

Information published.

CVE-2024-42134
Sin clasificar Microsoft

CVE-2024-40999 net: ena: Add validation for completion descriptors consistency

Information published.

CVE-2024-40999
Sin clasificar Microsoft

CVE-2024-42118 drm/amd/display: Do not return negative stream id for array

Information published.

CVE-2024-42118
Sin clasificar Microsoft

CVE-2024-39478 crypto: starfive - Do not free stack buffer

Information published.

CVE-2024-39478
Sin clasificar Microsoft

CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly

Information published.

CVE-2024-41067
Sin clasificar Microsoft

CVE-2024-41023 sched/deadline: Fix task_struct reference leak

Information published.

CVE-2024-41023
Sin clasificar Microsoft

CVE-2024-42123 drm/amdgpu: fix double free err_addr pointer warnings

Information published.

CVE-2024-42123
Sin clasificar Microsoft

CVE-2024-42155 s390/pkey: Wipe copies of protected- and secure-keys

Information published.

CVE-2024-42155
Sin clasificar Microsoft

CVE-2024-42227 drm/amd/display: Fix overlapping copy within dml_core_mode_programming

Information published.

CVE-2024-42227
Sin clasificar Microsoft

CVE-2024-42081 drm/xe/xe_devcoredump: Check NULL before assignments

Information published.

CVE-2024-42081
Sin clasificar Microsoft

CVE-2024-41085 cxl/mem: Fix no cxl_nvd during pmem region auto-assembling

Information published.

CVE-2024-41085
Sin clasificar Microsoft

CVE-2024-42139 ice: Fix improper extts handling

Information published.

CVE-2024-42139
Sin clasificar Microsoft

CVE-2024-42158 s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings

Information published.

CVE-2024-42158
Media Microsoft

CVE-2024-23848 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.

Information published.

CVE-2024-23848
Sin clasificar Microsoft

CVE-2025-21696 mm: clear uffd-wp PTE/PMD state on mremap()

Information published.

CVE-2025-21696
Sin clasificar Microsoft

CVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels

Information published.

CVE-2025-21768
Sin clasificar Microsoft

CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash

Information published.

CVE-2024-57974
Sin clasificar Microsoft

CVE-2025-21801 net: ravb: Fix missing rtnl lock in suspend/resume path

Information published.

CVE-2025-21801
Sin clasificar Microsoft

CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed

Information published.

CVE-2024-57976
Sin clasificar Microsoft

CVE-2025-21732 RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error

Information published.

CVE-2025-21732
Sin clasificar Microsoft

CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool

Information published.

CVE-2025-21786
Sin clasificar Microsoft

CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug

Information published.

CVE-2025-21693
Sin clasificar Microsoft

CVE-2024-58006 PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()

Information published.

CVE-2024-58006
Sin clasificar Microsoft

CVE-2025-21723 scsi: mpi3mr: Fix possible crash when setting up bsg fails

Information published.

CVE-2025-21723
Sin clasificar Microsoft

CVE-2025-21714 RDMA/mlx5: Fix implicit ODP use after free

Information published.

CVE-2025-21714
Sin clasificar Microsoft

CVE-2024-58012 ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params

Information published.

CVE-2024-58012
Sin clasificar Microsoft

CVE-2024-53050 drm/i915/hdcp: Add encoder check in hdcp2_get_capability

Information published.

CVE-2024-53050
Sin clasificar Microsoft

CVE-2024-53090 afs: Fix lock recursion

Information published.

CVE-2024-53090
Sin clasificar Microsoft

CVE-2024-53089 LoongArch: KVM: Mark hrtimer to expire in hard interrupt context

Information published.

CVE-2024-53089
Baja Microsoft

CVE-2024-30896 InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API.

Information published.

CVE-2024-30896
Sin clasificar Microsoft

CVE-2024-50177 drm/amd/display: fix a UBSAN warning in DML2.1

Information published.

CVE-2024-50177
Sin clasificar Microsoft

CVE-2024-50225 btrfs: fix error propagation of split bios

Information published.

CVE-2024-50225
Media Microsoft

CVE-2024-53056 drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()

Information published.

CVE-2024-53056
Sin clasificar Microsoft

CVE-2024-50277 dm: fix a crash if blk_alloc_disk fails

Information published.

CVE-2024-50277
Sin clasificar Microsoft

CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()

Information published.

CVE-2024-50217
Sin clasificar Microsoft

CVE-2024-53084 drm/imagination: Break an object reference loop

Information published.

CVE-2024-53084
Sin clasificar Microsoft

CVE-2024-50091 dm vdo: don't refer to dedupe_context after releasing it

Information published.

CVE-2024-50091
Baja Microsoft

CVE-2024-50090 drm/xe/oa: Fix overflow in oa batch buffer

Information published.

CVE-2024-50090
Sin clasificar Microsoft

CVE-2024-50102 x86: fix user address masking non-canonical speculation issue

Information published.

CVE-2024-50102
Sin clasificar Microsoft

CVE-2024-50178 cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request()

Information published.

CVE-2024-50178
Sin clasificar Microsoft

CVE-2024-53051 drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability

Information published.

CVE-2024-53051
Sin clasificar Microsoft

CVE-2024-57872 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()

Information published.

CVE-2024-57872
Sin clasificar Microsoft

CVE-2024-56775 drm/amd/display: Fix handling of plane refcount

Information published.

CVE-2024-56775
Sin clasificar Microsoft

CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap

Information published.

CVE-2024-57875
Sin clasificar Microsoft

CVE-2024-41932 sched: fix warning in sched_setaffinity

Information published.

CVE-2024-41932
Sin clasificar Microsoft

CVE-2024-57804 scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs

Information published.

CVE-2024-57804
Sin clasificar Microsoft

CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up

Information published.

CVE-2024-57898
Sin clasificar Microsoft

CVE-2025-21635 rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy

Information published.

CVE-2025-21635
Sin clasificar Microsoft

CVE-2025-21649 net: hns3: fix kernel crash when 1588 is sent on HIP08 devices

Information published.

CVE-2025-21649
Sin clasificar Microsoft

CVE-2025-21634 cgroup/cpuset: remove kernfs active break

Information published.

CVE-2025-21634
Sin clasificar Microsoft

CVE-2024-57809 PCI: imx6: Fix suspend/resume support on i.MX6QDL

Information published.

CVE-2024-57809
Sin clasificar Microsoft

CVE-2024-56782 ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()

Information published.

CVE-2024-56782
Sin clasificar Microsoft

CVE-2024-47794 bpf: Prevent tailcall infinite loop caused by freplace

Information published.

CVE-2024-47794
Sin clasificar Microsoft

CVE-2024-57857 RDMA/siw: Remove direct link to net_device

Information published.

CVE-2024-57857
Sin clasificar Microsoft

CVE-2025-21672 afs: Fix merge preference rule failure condition

Information published.

CVE-2025-21672
Sin clasificar Microsoft

CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()

Information published.

CVE-2026-31419
Sin clasificar Microsoft

CVE-2026-35387 OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

Information published.

CVE-2026-35387
Sin clasificar Microsoft

CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN

Information published.

CVE-2026-23472
Sin clasificar Microsoft

CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Information published.

CVE-2026-6100
Sin clasificar Microsoft

CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Information published.

CVE-2026-4786 CVE-2026-4519
Sin clasificar Microsoft

CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex

Information published.

CVE-2026-31486
Sin clasificar Microsoft

CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly

Information published.

CVE-2024-35808
Sin clasificar Microsoft

CVE-2024-35931 drm/amdgpu: Skip do PCI error slot reset during RAS recovery

Information published.

CVE-2024-35931
Baja Microsoft

CVE-2024-36024 drm/amd/display: Disable idle reallow as part of command/gpint execution

Information published.

CVE-2024-36024
Sin clasificar Microsoft

CVE-2024-26944 btrfs: zoned: fix use-after-free in do_zone_finish()

Information published.

CVE-2024-26944
Sin clasificar Microsoft

CVE-2024-27010 net/sched: Fix mirred deadlock on device recursion

Information published.

CVE-2024-27010
Sin clasificar Microsoft

CVE-2024-35794 dm-raid: really frozen sync_thread during suspend

Information published.

CVE-2024-35794
Sin clasificar Microsoft

CVE-2024-26962 dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape

Information published.

CVE-2024-26962
Sin clasificar Microsoft

CVE-2024-27079 iommu/vt-d: Fix NULL domain on device release

Information published.

CVE-2024-27079
Sin clasificar Microsoft

CVE-2019-11254 Kubernetes API Server denial of service vulnerability from malicious YAML payloads

Information published.

CVE-2019-11254
Sin clasificar Microsoft

CVE-2023-1386 Qemu: 9pfs: suid/sgid bits not dropped on file write

Information published.

CVE-2023-1386
Sin clasificar Microsoft

CVE-2026-2297 SourcelessFileLoader does not use io.open_code()

Information published.

CVE-2026-2297
Baja Microsoft

CVE-2026-4224 Stack overflow parsing XML with deeply nested DTD content models

Information published.

CVE-2026-4224
Sin clasificar Microsoft

CVE-2026-3644 Incomplete control character validation in http.cookies

Information published.

CVE-2026-3644
Sin clasificar Microsoft

CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements

Information published.

CVE-2026-23278
Sin clasificar Microsoft

CVE-2026-23276 net: add xmit recursion limit to tunnel xmit functions

Information published.

CVE-2026-23276
Sin clasificar Microsoft

CVE-2026-3634 Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header

Information published.

CVE-2026-3634
Sin clasificar Microsoft

CVE-2026-3632 Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames

Information published.

CVE-2026-3632
Sin clasificar Microsoft

CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz

Information published.

CVE-2026-23377
Sin clasificar Microsoft

CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing

Information published.

CVE-2026-23383
Sin clasificar Microsoft

CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting

Information published.

CVE-2026-23371
Sin clasificar Microsoft

CVE-2026-5119 Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment

Information published.

CVE-2026-5119
Sin clasificar Microsoft

CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()

Information published.

CVE-2026-23240
Sin clasificar Microsoft

CVE-2026-23247 tcp: secure_seq: add back ports to TS offset

Information published.

CVE-2026-23247
Sin clasificar Microsoft

CVE-2026-3633 Libsoup: libsoup: header and http request injection via crlf injection

Information published.

CVE-2026-3633
Sin clasificar Microsoft

CVE-2026-3099 Libsoup: libsoup: authentication bypass via digest authentication replay attack

Information published.

CVE-2026-3099
Sin clasificar Microsoft

CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

Information published.

CVE-2025-13462
Sin clasificar Microsoft

CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry

Information published.

CVE-2026-23361
Sin clasificar Microsoft

CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()

Information published.

CVE-2026-23346
Baja Microsoft

CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE

Information published.

CVE-2025-49010
Sin clasificar Microsoft

CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers

Information published.

CVE-2025-66038
Sin clasificar Microsoft

CVE-2025-37907 accel/ivpu: Fix locking order in ivpu_job_submit

Information published.

CVE-2025-37907
Sin clasificar Microsoft

CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio

Information published.

CVE-2025-37834
Sin clasificar Microsoft

CVE-2025-37870 drm/amd/display: prevent hang on link training fail

Information published.

CVE-2025-37870
Sin clasificar Microsoft

CVE-2025-37877 iommu: Clear iommu-dma ops on cleanup

Information published.

CVE-2025-37877
Sin clasificar Microsoft

CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()

Information published.

CVE-2025-37826
Sin clasificar Microsoft

CVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()

Information published.

CVE-2025-37745
Sin clasificar Microsoft

CVE-2025-37856 btrfs: harden block_group::bg_list against list_del() races

Information published.

CVE-2025-37856
Sin clasificar Microsoft

CVE-2025-37882 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling

Information published.

CVE-2025-37882
Sin clasificar Microsoft

CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

Information published.

CVE-2025-37861
Sin clasificar Microsoft

CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap

Information published.

CVE-2025-37807
Sin clasificar Microsoft

CVE-2025-37747 perf: Fix hang while freeing sigtrap event

Information published.

CVE-2025-37747
Sin clasificar Microsoft

CVE-2025-37750 smb: client: fix UAF in decryption with multichannel

Information published.

CVE-2025-37750
Sin clasificar Microsoft

CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq

Information published.

CVE-2023-52586
Sin clasificar Microsoft

CVE-2023-52624 drm/amd/display: Wake DMCUB before executing GPINT commands

Information published.

CVE-2023-52624
Sin clasificar Microsoft

CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'

Information published.

CVE-2024-26672
Sin clasificar Microsoft

CVE-2024-26757 md: Don't ignore read-only array in md_check_recovery()

Information published.

CVE-2024-26757
Sin clasificar Microsoft

CVE-2024-26758 md: Don't ignore suspended array in md_check_recovery()

Information published.

CVE-2024-26758
Sin clasificar Microsoft

CVE-2024-26756 md: Don't register sync_thread for reshape directly

Information published.

CVE-2024-26756
Sin clasificar Microsoft

CVE-2024-26914 drm/amd/display: fix incorrect mpc_combine array size

Information published.

CVE-2024-26914
Sin clasificar Microsoft

CVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi module

Information published.

CVE-2024-24856
Sin clasificar Microsoft

CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html

Information published.

CVE-2026-27136
Sin clasificar Microsoft

CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-46598
Baja Microsoft

CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums

Information published.

CVE-2026-9150
Baja Microsoft

CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

Information published.

CVE-2026-9149
Sin clasificar Microsoft

CVE-2026-45877 HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients

Information published.

CVE-2026-45877
Sin clasificar Microsoft

CVE-2026-45917 ipvs: do not keep dest_dst if dev is going down

Information published.

CVE-2026-45917
Sin clasificar Microsoft

CVE-2026-46059 KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN

Information published.

CVE-2026-46059
Sin clasificar Microsoft

CVE-2026-45901 netfilter: nf_tables: revert commit_mutex usage in reset path

Information published.

CVE-2026-45901
Sin clasificar Microsoft

CVE-2026-45894 iommu/vt-d: Clear Present bit before tearing down PASID entry

Information published.

CVE-2026-45894
Sin clasificar Microsoft

CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks

Information published.

CVE-2026-46054
Sin clasificar Microsoft

CVE-2026-45944 iommu/vt-d: Clear Present bit before tearing down context entry

Information published.

CVE-2026-45944
Sin clasificar Microsoft

CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given

Information published.

CVE-2026-45932
Sin clasificar Microsoft

CVE-2026-45961 gfs2: fix memory leaks in gfs2_fill_super error path

Information published.

CVE-2026-45961
Sin clasificar Microsoft

CVE-2026-45940 net: stmmac: fix oops when split header is enabled

Information published.

CVE-2026-45940
Sin clasificar Microsoft

CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory

Information published.

CVE-2026-45893
Sin clasificar Microsoft

CVE-2026-45943 erofs: fix inline data read failure for ztailpacking pclusters

Information published.

CVE-2026-45943
Sin clasificar Microsoft

CVE-2026-46017 mm: fix deferred split queue races during migration

Information published.

CVE-2026-46017
Sin clasificar Microsoft

CVE-2026-45897 netfilter: nft_counter: serialize reset with spinlock

Information published.

CVE-2026-45897
Sin clasificar Microsoft

CVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directories

Information published.

CVE-2026-45571
Sin clasificar Microsoft

CVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation

Information published.

CVE-2026-45859
Sin clasificar Microsoft

CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT

Information published.

CVE-2026-46032
Sin clasificar Microsoft

CVE-2026-46014 KVM: SVM: Add missing save/restore handling of LBR MSRs

Information published.

CVE-2026-46014
Sin clasificar Microsoft

CVE-2026-45861 gfs2: Fix slab-use-after-free in qd_put

Information published.

CVE-2026-45861
Sin clasificar Microsoft

CVE-2026-45963 ASoC: nau8821: Cancel delayed work on component remove

Information published.

CVE-2026-45963
Sin clasificar Microsoft

CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2

Information published.

CVE-2026-42250
Sin clasificar Microsoft

CVE-2026-46158 mptcp: pm: ADD_ADDR rtx: always decrease sk refcount

Information published.

CVE-2026-46158
Sin clasificar Microsoft

CVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if last

Information published.

CVE-2026-46170
Sin clasificar Microsoft

CVE-2026-46175 f2fs: fix fsck inconsistency caused by FGGC of node block

Information published.

CVE-2026-46175
Sin clasificar Microsoft

CVE-2026-46153 8021q: delete cleared egress QoS mappings

Information published.

CVE-2026-46153
Sin clasificar Microsoft

CVE-2026-46241 spi: mpc52xx: fix use-after-free on registration failure

Information published.

CVE-2026-46241
Sin clasificar Microsoft

CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()

Information published.

CVE-2026-46147
Sin clasificar Microsoft

CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown

Information published.

CVE-2026-46135
Sin clasificar Microsoft

CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()

Information published.

CVE-2026-46181
Sin clasificar Microsoft

CVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAF

Information published.

CVE-2026-46242
Sin clasificar Microsoft

CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error

Information published.

CVE-2026-6324
Sin clasificar Microsoft

CVE-2026-43059 Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers

Information published.

CVE-2026-43059
Sin clasificar Microsoft

CVE-2026-45973 RDMA/mlx5: Fix UMR hang in LAG error state unload

Information published.

CVE-2026-45973
Sin clasificar Microsoft

CVE-2026-46071 KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12

Information published.

CVE-2026-46071
Sin clasificar Microsoft

CVE-2026-46066 ceph: fix num_ops off-by-one when crypto allocation fails

Information published.

CVE-2026-46066
Sin clasificar Microsoft

CVE-2026-45855 ata: libata-scsi: avoid Non-NCQ command starvation

Information published.

CVE-2026-45855
Sin clasificar Microsoft

CVE-2026-45570 go-git: Improper single-quote escaping in go-git SSH transport

Information published.

CVE-2026-45570
Sin clasificar Microsoft

CVE-2026-45949 hwrng: core - use RCU and work_struct to fix race condition

Information published.

CVE-2026-45949
Sin clasificar Microsoft

CVE-2026-46044 ipmi:ssif: Clean up kthread on errors

Information published.

CVE-2026-46044
Sin clasificar Microsoft

CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation

Information published.

CVE-2026-45934
Sin clasificar Microsoft

CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop

Information published.

CVE-2026-46090
Sin clasificar Microsoft

CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1

Information published.

CVE-2026-46076
Sin clasificar Microsoft

CVE-2026-46200 spi: mpc52xx: fix controller deregistration

Information published.

CVE-2026-46200
Sin clasificar Microsoft

CVE-2026-46171 riscv: kvm: fix vector context allocation leak

Information published.

CVE-2026-46171
Sin clasificar Microsoft

CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3)

Information published.

CVE-2026-46130
Baja Microsoft

CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI

Information published.

CVE-2026-44839
Sin clasificar Microsoft

CVE-2026-46140 Bluetooth: btmtk: validate WMT event SKB length before struct access

Information published.

CVE-2026-46140
Sin clasificar Microsoft

CVE-2025-39779 btrfs: subpage: keep TOWRITE tag until folio is cleaned

Information published.

CVE-2025-39779
Sin clasificar Microsoft

CVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migration

Information published.

CVE-2025-39754
Sin clasificar Microsoft

CVE-2025-39762 drm/amd/display: add null check

Information published.

CVE-2025-39762
Sin clasificar Microsoft

CVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliable

Information published.

CVE-2025-39746
Sin clasificar Microsoft

CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup

Information published.

CVE-2025-39747
Sin clasificar Microsoft

CVE-2025-39789 crypto: x86/aegis - Add missing error checks

Information published.

CVE-2025-39789
Sin clasificar Microsoft

CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer

Information published.

CVE-2025-39833
Sin clasificar Microsoft

CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects

Information published.

CVE-2025-39850
Sin clasificar Microsoft

CVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog

Information published.

CVE-2025-39859
Sin clasificar Microsoft

CVE-2025-38705 drm/amd/pm: fix null pointer access

Information published.

CVE-2025-38705
Sin clasificar Microsoft

CVE-2025-38722 habanalabs: fix UAF in export_dmabuf()

Information published.

CVE-2025-38722
Sin clasificar Microsoft

CVE-2025-38717 net: kcm: Fix race condition in kcm_unattach()

Information published.

CVE-2025-38717
Sin clasificar Microsoft

CVE-2025-39705 drm/amd/display: fix a Null pointer dereference vulnerability

Information published.

CVE-2025-39705
Sin clasificar Microsoft

CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal

Information published.

CVE-2025-39677
Sin clasificar Microsoft

CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities

Information published.

CVE-2025-39707
Sin clasificar Microsoft

CVE-2025-9901 Libsoup: improper handling of http vary header in libsoup caching

Information published.

CVE-2025-9901
Sin clasificar Microsoft

CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown

Information published.

CVE-2025-39810
Sin clasificar Microsoft

CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object

Information published.

CVE-2025-39851
Sin clasificar Microsoft

CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart

Information published.

CVE-2025-39862
Sin clasificar Microsoft

CVE-2024-58241 Bluetooth: hci_core: Disable works on hci_unregister_dev

Information published.

CVE-2024-58241
Sin clasificar Microsoft

CVE-2026-46245 drm/amd/display: Fix dc_link NULL handling in HPD init

Information published.

CVE-2026-46245
Sin clasificar Microsoft

CVE-2026-46252 regulator: core: fix locking in regulator_resolve_supply() error path

Information published.

CVE-2026-46252
Sin clasificar Microsoft

CVE-2026-46244 netfilter: nft_inner: Fix IPv6 inner_thoff desync

Information published.

CVE-2026-46244
Sin clasificar Microsoft

CVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime

Information published.

CVE-2026-42504
Sin clasificar Microsoft

CVE-2026-46275 Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths

Information published.

CVE-2026-46275
Sin clasificar Microsoft

CVE-2026-46282 iio: frequency: admv1013: fix NULL pointer dereference on str

Information published.

CVE-2026-46282
Baja Microsoft

CVE-2026-46302 selinux: allow multiple opens of /sys/fs/selinux/policy

Information published.

CVE-2026-46302
Sin clasificar Microsoft

CVE-2026-46314 drm/v3d: Reject empty multisync extension to prevent infinite loop

Information published.

CVE-2026-46314
Sin clasificar Microsoft

CVE-2025-71315 drm/vkms: Convert to DRM's vblank timer

Information published.

CVE-2025-71315
Sin clasificar Microsoft

CVE-2026-46323 net: gro: don't merge zcopy skbs

Information published.

CVE-2026-46323
Sin clasificar Microsoft

CVE-2026-46324 netfilter: nf_tables: use list_del_rcu for netlink hooks

Information published.

CVE-2026-46324
Baja Microsoft

CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling

Information published.

CVE-2026-48914
Baja Microsoft

CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow

Information published.

CVE-2026-9669
Sin clasificar Microsoft

CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2

Information published.

CVE-2026-43966
Sin clasificar Microsoft

CVE-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

Information published.

CVE-2026-12003
Sin clasificar Microsoft

CVE-2026-52953 iommu/vt-d: Fix oops due to out of scope access

Information published.

CVE-2026-52953
Baja Microsoft

CVE-2026-56405 libexpat before 2.8.2 has an integer overflow in getAttributeId.

Information published.

CVE-2026-56405
Sin clasificar Microsoft

CVE-2026-53005 af_unix: Drop all SCM attributes for SOCKMAP.

Information published.

CVE-2026-53005
Sin clasificar Microsoft

CVE-2026-53239 xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx()

Information published.

CVE-2026-53239
Sin clasificar Microsoft

CVE-2026-52912 netfilter: nf_queue: hold bridge skb->dev while queued

Information published.

CVE-2026-52912
Sin clasificar Microsoft

CVE-2026-55653 Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service

Information published.

CVE-2026-55653
Baja Microsoft

CVE-2026-56406 libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

Information published.

CVE-2026-56406
Sin clasificar Microsoft

CVE-2026-53213 drm/vc4: fix krealloc() memory leak

Information published.

CVE-2026-53213
Sin clasificar Microsoft

CVE-2026-52931 batman-adv: tp_meter: avoid use of uninit sender vars

Information published.

CVE-2026-52931
Sin clasificar Microsoft

CVE-2026-55655 Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions

Information published.

CVE-2026-55655
Sin clasificar Microsoft

CVE-2026-53147 thunderbolt: Validate XDomain request packet size before type cast

Information published.

CVE-2026-53147
Sin clasificar Microsoft

CVE-2026-9675 undici WebSocket client vulnerable to denial of service via cumulative fragment bypass

Information published.

CVE-2026-9675
Sin clasificar Microsoft

CVE-2026-53159 misc: fastrpc: fix DMA address corruption due to find_vma misuse

Information published.

CVE-2026-53159
Sin clasificar Microsoft

CVE-2026-56131 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).

Information published.

CVE-2026-56131 CVE-2026-50219
Sin clasificar Microsoft

CVE-2026-53274 net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS

Information published.

CVE-2026-53274
Sin clasificar Microsoft

CVE-2026-52915 netfilter: ip6t_hbh: reject oversized option lists

Information published.

CVE-2026-52915
Sin clasificar Microsoft

CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Information published.

CVE-2026-9697
Sin clasificar Microsoft

CVE-2026-53230 net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list

Information published.

CVE-2026-53230
Sin clasificar Microsoft

CVE-2026-52956 libceph: Fix potential out-of-bounds access in __ceph_x_decrypt()

Information published.

CVE-2026-52956
Baja Microsoft

CVE-2026-53194 USB: serial: kl5kusb105: fix bulk-out buffer overflow

Information published.

CVE-2026-53194
Sin clasificar Microsoft

CVE-2026-53115 bus: fsl-mc: use generic driver_override infrastructure

Information published.

CVE-2026-53115
Sin clasificar Microsoft

CVE-2026-53161 misc: fastrpc: fix use-after-free of fastrpc_user in workqueue context

Information published.

CVE-2026-53161
Sin clasificar Microsoft

CVE-2026-53163 locking/rtmutex: Skip remove_waiter() when waiter is not enqueued

Information published.

CVE-2026-53163
Sin clasificar Microsoft

CVE-2026-53254 Bluetooth: RFCOMM: validate skb length in MCC handlers

Information published.

CVE-2026-53254
Baja Microsoft

CVE-2026-52916 batman-adv: frag: disallow unicast fragment in fragment

Information published.

CVE-2026-52916
Sin clasificar Microsoft

CVE-2026-53017 f2fs: fix data loss caused by incorrect use of nat_entry flag

Information published.

CVE-2026-53017
Sin clasificar Microsoft

CVE-2026-53089 bpf: Fix use-after-free in offloaded map/prog info fill

Information published.

CVE-2026-53089
Sin clasificar Microsoft

CVE-2026-53158 misc: fastrpc: Fix NULL pointer dereference in rpmsg callback

Information published.

CVE-2026-53158
Sin clasificar Microsoft

CVE-2026-53120 PCI: use generic driver_override infrastructure

Information published.

CVE-2026-53120
Sin clasificar Microsoft

CVE-2026-53151 rxrpc: Fix the ACK parser to extract the SACK table for parsing

Information published.

CVE-2026-53151
Sin clasificar Microsoft

CVE-2026-52934 batman-adv: tvlv: reject oversized TVLV packets

Information published.

CVE-2026-52934
Sin clasificar Microsoft

CVE-2026-53267 netfilter: nft_ct: bail out on template ct in get eval

Information published.

CVE-2026-53267
Sin clasificar Microsoft

CVE-2026-53249 ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options

Information published.

CVE-2026-53249
Sin clasificar Microsoft

CVE-2026-52943 net: skbuff: fix missing zerocopy reference in pskb_carve helpers

Information published.

CVE-2026-52943
Sin clasificar Microsoft

CVE-2026-53139 drm/v3d: Skip CSD when it has zeroed workgroups

Information published.

CVE-2026-53139
Sin clasificar Microsoft

CVE-2026-52942 netfilter: nf_log: validate MAC header was set before dumping it

Information published.

CVE-2026-52942
Sin clasificar Microsoft

CVE-2026-52957 libceph: Fix potential null-ptr-deref in decode_choose_args()

Information published.

CVE-2026-52957
Sin clasificar Microsoft

CVE-2026-53131 netfilter: require Ethernet MAC header before using eth_hdr()

Information published.

CVE-2026-53131
Sin clasificar Microsoft

CVE-2026-53177 bnxt_en: Fix NULL pointer dereference

Information published.

CVE-2026-53177
Sin clasificar Microsoft

CVE-2026-53198 ksmbd: fix use-after-free of a deferred file_lock on double SMB2_CANCEL

Information published.

CVE-2026-53198
Sin clasificar Microsoft

CVE-2026-53214 ipv6: Fix a potential NPD in cleanup_prefix_route()

Information published.

CVE-2026-53214
Sin clasificar Microsoft

CVE-2026-53218 netfilter: nft_exthdr: fix register tracking for F_PRESENT flag

Information published.

CVE-2026-53218
Sin clasificar Microsoft

CVE-2026-53097 wifi: mt76: mt7996: fix use-after-free bugs in mt7996_mac_dump_work()

Information published.

CVE-2026-53097
Sin clasificar Microsoft

CVE-2026-53107 wifi: libertas: don't kill URBs in interrupt context

Information published.

CVE-2026-53107
Sin clasificar Microsoft

CVE-2026-53166 futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock

Information published.

CVE-2026-53166
Sin clasificar Microsoft

CVE-2026-53220 netfilter: revalidate bridge ports

Information published.

CVE-2026-53220
Sin clasificar Microsoft

CVE-2026-53179 staging: rtl8723bs: fix buffer over-read in rtw_update_protection

Information published.

CVE-2026-53179
Sin clasificar Microsoft

CVE-2026-53228 ipv6: sit: reload inner IPv6 header after GSO offloads

Information published.

CVE-2026-53228
Sin clasificar Microsoft

CVE-2026-53132 vsock/virtio: fix potential unbounded skb queue

Information published.

CVE-2026-53132
Sin clasificar Microsoft

CVE-2026-52961 ceph: fix BUG_ON in __ceph_build_xattrs_blob() due to stale blob size

Information published.

CVE-2026-52961
Sin clasificar Microsoft

CVE-2026-53208 Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig

Information published.

CVE-2026-53208
Sin clasificar Microsoft

CVE-2026-53010 ksmbd: fix use-after-free in smb2_open during durable reconnect

Information published.

CVE-2026-53010
Sin clasificar Microsoft

CVE-2026-52937 tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDR

Information published.

CVE-2026-52937
Sin clasificar Microsoft

CVE-2026-53109 powerpc/pgtable-frag: Fix bad page state in pte_frag_destroy

Information published.

CVE-2026-53109
Baja Microsoft

CVE-2026-53106 bpf: Do not allow deleting local storage in NMI

Information published.

CVE-2026-53106
Sin clasificar Microsoft

CVE-2026-53217 net: mvpp2: sync RX data at the hardware packet offset

Information published.

CVE-2026-53217
Sin clasificar Microsoft

CVE-2026-53186 RDMA/srp: bound SRP_RSP sense copy by the received length

Information published.

CVE-2026-53186
Sin clasificar Microsoft

CVE-2026-53268 netfilter: conntrack_irc: fix possible out-of-bounds read

Information published.

CVE-2026-53268
Sin clasificar Microsoft

CVE-2026-53053 iommu/amd: Fix clone_alias() to use the original device's devid

Information published.

CVE-2026-53053
Sin clasificar Microsoft

CVE-2026-52926 batman-adv: clear current gateway during teardown

Information published.

CVE-2026-52926
Sin clasificar Microsoft

CVE-2026-52927 netfilter: ebtables: fix OOB read in compat_mtw_from_user

Information published.

CVE-2026-52927
Sin clasificar Microsoft

CVE-2026-53219 netfilter: x_tables: avoid leaking percpu counter pointers

Information published.

CVE-2026-53219
Sin clasificar Microsoft

CVE-2026-53157 net: phonet: free phonet_device after RCU grace period

Information published.

CVE-2026-53157
Sin clasificar Microsoft

CVE-2026-53102 wifi: mt76: Fix memory leak after mt76_connac_mcu_alloc_sta_req()

Information published.

CVE-2026-53102
Sin clasificar Microsoft

CVE-2026-53247 net: ethernet: mtk_eth_soc: Fix use-after-free in metadata dst teardown

Information published.

CVE-2026-53247
Sin clasificar Microsoft

CVE-2026-57452 Vim: Out-of-bounds Read with libsodium-encrypted Files

Information published.

CVE-2026-57452
Sin clasificar Microsoft

CVE-2026-55895 Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename

Information published.

CVE-2026-55895
Sin clasificar Microsoft

CVE-2026-53221 ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()

Information published.

CVE-2026-53221
Sin clasificar Microsoft

CVE-2026-55693 Vim: Out-of-bounds Write in Spell File Word Count

Information published.

CVE-2026-55693
Sin clasificar Microsoft

CVE-2026-53253 Bluetooth: bnep: reject short frames before parsing

Information published.

CVE-2026-53253
Baja Microsoft

CVE-2026-53196 USB: serial: io_ti: fix heap overflow in get_manuf_info()

Information published.

CVE-2026-53196
Sin clasificar Microsoft

CVE-2026-57455 Vim: Stack out-of-bounds write in `spell_soundfold_sofo()` via an over-length `soundfold()` argument

Information published.

CVE-2026-57455
Sin clasificar Microsoft

CVE-2026-53025 greybus: raw: fix use-after-free on cdev close

Information published.

CVE-2026-53025
Sin clasificar Microsoft

CVE-2026-57456 Vim: Arbitrary Code Execution via Python Omni-Completion Docstrings

Information published.

CVE-2026-57456
Sin clasificar Microsoft

CVE-2026-57453 Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction

Information published.

CVE-2026-57453
Sin clasificar Microsoft

CVE-2026-53215 net: mvpp2: refill RX buffers before XDP or skb use

Information published.

CVE-2026-53215
Sin clasificar Microsoft

CVE-2026-55892 Vim: Out-of-bounds Write in Spell File Prefix Dump

Information published.

CVE-2026-55892
Sin clasificar Microsoft

CVE-2026-53154 mm/hugetlb: restore reservation on error in hugetlb folio copy paths

Information published.

CVE-2026-53154
Sin clasificar Microsoft

CVE-2026-52941 net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint

Information published.

CVE-2026-52941
Baja Microsoft

CVE-2026-53263 6lowpan: fix off-by-one in multicast context address compression

Information published.

CVE-2026-53263
Sin clasificar Microsoft

CVE-2026-52947 net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove

Information published.

CVE-2026-52947
Sin clasificar Microsoft

CVE-2026-52991 sched/psi: fix race between file release and pressure write

Information published.

CVE-2026-52991
Sin clasificar Microsoft

CVE-2026-52988 netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase

Information published.

CVE-2026-52988
Sin clasificar Microsoft

CVE-2026-57454 Vim: Out-of-bounds Read with Text Properties

Information published.

CVE-2026-57454
Sin clasificar Microsoft

CVE-2026-46243 smb: client: reject userspace cifs.spnego descriptions

Information published.

CVE-2026-46243
Sin clasificar Microsoft

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

Information published.

CVE-2026-8643
Baja Microsoft

CVE-2026-46254 AppArmor: Allow apparmor to handle unaligned dfa tables

Information published.

CVE-2026-46254
Sin clasificar Microsoft

CVE-2025-71313 PCI: endpoint: Add missing NULL check for alloc_workqueue()

Information published.

CVE-2025-71313
Sin clasificar Microsoft

CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto

Information published.

CVE-2026-42507
Baja Microsoft

CVE-2026-10275 OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow

Information published.

CVE-2026-10275
Sin clasificar Microsoft

CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509

Information published.

CVE-2026-27145
Sin clasificar Microsoft

CVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()

Information published.

CVE-2026-3276
Baja Microsoft

CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

Information published.

CVE-2026-7774
Sin clasificar Microsoft

CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service

Information published.

CVE-2026-49762
Sin clasificar Microsoft

CVE-2026-46325 RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE

Information published.

CVE-2026-46325
Sin clasificar Microsoft

CVE-2026-46330 Revert "net/smc: Introduce TCP ULP support"

Information published.

CVE-2026-46330
Sin clasificar Microsoft

CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption

Information published.

CVE-2026-46331
Baja Microsoft

CVE-2026-43973 gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion

Information published.

CVE-2026-43973
Baja Microsoft

CVE-2026-52948 i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl

Information published.

CVE-2026-52948
Sin clasificar Microsoft

CVE-2026-53136 drm/amd/display: Clamp VBIOS HDMI retimer register count to array size

Information published.

CVE-2026-53136
Sin clasificar Microsoft

CVE-2026-53227 net: openvswitch: fix possible kfree_skb of ERR_PTR

Information published.

CVE-2026-53227
Baja Microsoft

CVE-2026-56407 libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.

Information published.

CVE-2026-56407
Baja Microsoft

CVE-2026-56404 libexpat before 2.8.2 has an integer overflow in addBinding.

Information published.

CVE-2026-56404
Sin clasificar Microsoft

CVE-2026-53207 mm/memory-failure: fix hugetlb_lock AA deadlock in get_huge_page_for_hwpoison

Information published.

CVE-2026-53207
Sin clasificar Microsoft

CVE-2026-52913 batman-adv: v: stop OGMv2 on disabled interface

Information published.

CVE-2026-52913
Sin clasificar Microsoft

CVE-2026-53027 fs/ntfs3: fix missing run load for vcn0 in attr_data_get_block_locked()

Information published.

CVE-2026-53027
Baja Microsoft

CVE-2026-56403 libexpat before 2.8.2 has an integer overflow in storeAtts.

Information published.

CVE-2026-56403
Sin clasificar Microsoft

CVE-2026-53238 netlabel: validate unlabeled address and mask attribute lengths

Information published.

CVE-2026-53238
Sin clasificar Microsoft

CVE-2026-52921 netfilter: ipset: stop hash:* range iteration at end

Information published.

CVE-2026-52921
Sin clasificar Microsoft

CVE-2026-53024 greybus: raw: fix use-after-free if write is called after disconnect

Information published.

CVE-2026-53024
Sin clasificar Microsoft

CVE-2026-53270 ipvs: clear the svc scheduler ptr early on edit

Information published.

CVE-2026-53270
Sin clasificar Microsoft

CVE-2026-11525 undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching

Information published.

CVE-2026-11525
Baja Microsoft

CVE-2026-56132 In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

Information published.

CVE-2026-56132
Sin clasificar Microsoft

CVE-2026-53129 fs/mbcache: cancel shrink work before destroying the cache

Information published.

CVE-2026-53129
Sin clasificar Microsoft

CVE-2026-48142 NGINX ngx_http_charset_module vulnerability

Information published.

CVE-2026-48142
Sin clasificar Microsoft

CVE-2026-53242 ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams

Information published.

CVE-2026-53242
Sin clasificar Microsoft

CVE-2026-53236 tcp: restrict SO_ATTACH_FILTER to priv users

Information published.

CVE-2026-53236
Sin clasificar Microsoft

CVE-2026-53118 vdpa: use generic driver_override infrastructure

Information published.

CVE-2026-53118
Sin clasificar Microsoft

CVE-2026-56412 libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.

Information published.

CVE-2026-56412 CVE-2026-50219
Sin clasificar Microsoft

CVE-2026-53266 netfilter: bridge: make ebt_snat ARP rewrite writable

Information published.

CVE-2026-53266
Sin clasificar Microsoft

CVE-2026-53138 drm/amd/display: Bound VBIOS record-chain walk loops

Information published.

CVE-2026-53138
Sin clasificar Microsoft

CVE-2026-53146 thunderbolt: Limit XDomain response copy to actual frame size

Information published.

CVE-2026-53146
Sin clasificar Microsoft

CVE-2026-53264 net/sched: act_api: use RCU with deferred freeing for action lifecycle

Information published.

CVE-2026-53264
Baja Microsoft

CVE-2026-3195 Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730)

Information published.

CVE-2026-3195 CVE-2024-7730
Baja Microsoft

CVE-2026-3196 Qemu-kvm: virtio-snd: integer overflow leading to unbounded memory allocation

Information published.

CVE-2026-3196
Sin clasificar Microsoft

CVE-2026-53182 wifi: nl80211: reject oversized EMA RNR lists

Information published.

CVE-2026-53182
Sin clasificar Microsoft

CVE-2026-11972 tarfile opened in streaming mode mishandles EOF

Information published.

CVE-2026-11972
Sin clasificar Microsoft

CVE-2026-52924 sctp: purge outqueue on stale COOKIE-ECHO handling

Information published.

CVE-2026-52924
Sin clasificar Microsoft

CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method

Information published.

CVE-2026-0864
Sin clasificar Microsoft

CVE-2026-55199 libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler

Information published.

CVE-2026-55199
Sin clasificar Microsoft

CVE-2026-55200 libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c

Information published.

CVE-2026-55200
Sin clasificar Microsoft

CVE-2026-53246 sctp: validate cached peer INIT chunk length in COOKIE_ECHO processing

Information published.

CVE-2026-53246
Sin clasificar Microsoft

CVE-2026-53150 thunderbolt: Reject zero-length property entries in validator

Information published.

CVE-2026-53150
Sin clasificar Microsoft

CVE-2026-53149 thunderbolt: Bound root directory content to block size

Information published.

CVE-2026-53149
Sin clasificar Microsoft

CVE-2026-53181 vsock/vmci: fix sk_ack_backlog leak on failed handshake

Information published.

CVE-2026-53181
Sin clasificar Microsoft

CVE-2026-53018 f2fs: avoid reading already updated pages during GC

Information published.

CVE-2026-53018
Sin clasificar Microsoft

CVE-2025-15661 libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c

Information published.

CVE-2025-15661
Sin clasificar Microsoft

CVE-2026-53184 udp: clear skb->dev before running a sockmap verdict

Information published.

CVE-2026-53184
Sin clasificar Microsoft

CVE-2026-52923 ipc: limit next_id allocation to the valid ID range

Information published.

CVE-2026-52923
Sin clasificar Microsoft

CVE-2026-53178 staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction

Information published.

CVE-2026-53178
Baja Microsoft

CVE-2026-53143 drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11

Information published.

CVE-2026-53143
Sin clasificar Microsoft

CVE-2026-53209 Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend

Information published.

CVE-2026-53209
Sin clasificar Microsoft

CVE-2026-53275 ipv6: mcast: Fix use-after-free when processing MLD queries

Information published.

CVE-2026-53275
Sin clasificar Microsoft

CVE-2026-53192 ALSA: timer: Fix UAF at snd_timer_user_params()

Information published.

CVE-2026-53192
Sin clasificar Microsoft

CVE-2026-52960 ceph: put folios not suitable for writeback

Information published.

CVE-2026-52960
Sin clasificar Microsoft

CVE-2026-53133 RDMA/umem: Fix truncation for block sizes >= 4G

Information published.

CVE-2026-53133
Baja Microsoft

CVE-2026-52919 batman-adv: fix tp_meter counter underflow during shutdown

Information published.

CVE-2026-52919
Sin clasificar Microsoft

CVE-2026-53078 bpf: Fix same-register dst/src OOB read and pointer leak in sock_ops

Information published.

CVE-2026-53078
Sin clasificar Microsoft

CVE-2026-53009 ice: fix double-free of tx_buf skb

Information published.

CVE-2026-53009
Sin clasificar Microsoft

CVE-2026-52946 fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling

Information published.

CVE-2026-52946
Sin clasificar Microsoft

CVE-2026-53255 Bluetooth: MGMT: validate advertising TLV before type checks

Information published.

CVE-2026-53255
Sin clasificar Microsoft

CVE-2026-53113 wifi: ath11k: fix memory leaks in beacon template setup

Information published.

CVE-2026-53113
Sin clasificar Microsoft

CVE-2026-53015 erofs: unify lcn as u64 for 32-bit platforms

Information published.

CVE-2026-53015
Sin clasificar Microsoft

CVE-2026-53265 dm cache policy smq: check allocation under invalidate lock

Information published.

CVE-2026-53265
Sin clasificar Microsoft

CVE-2026-52922 batman-adv: dat: handle forward allocation error

Information published.

CVE-2026-52922
Sin clasificar Microsoft

CVE-2026-53237 gpio: mvebu: fix NULL pointer dereference in suspend/resume

Information published.

CVE-2026-53237
Sin clasificar Microsoft

CVE-2026-52954 libceph: handle rbtree insertion error in decode_choose_args()

Information published.

CVE-2026-52954
Sin clasificar Microsoft

CVE-2026-53148 thunderbolt: Clamp XDomain response data copy to allocation size

Information published.

CVE-2026-53148
Sin clasificar Microsoft

CVE-2026-53000 netfilter: nat: use kfree_rcu to release ops

Information published.

CVE-2026-53000
Sin clasificar Microsoft

CVE-2026-53225 sctp: fix uninit-value in __sctp_rcv_asconf_lookup()

Information published.

CVE-2026-53225
Sin clasificar Microsoft

CVE-2026-53262 l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl()

Information published.

CVE-2026-53262
Sin clasificar Microsoft

CVE-2026-53245 net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr

Information published.

CVE-2026-53245
Sin clasificar Microsoft

CVE-2026-53199 hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf

Information published.

CVE-2026-53199
Sin clasificar Microsoft

CVE-2026-53258 wifi: fix leak if split 6 GHz scanning fails

Information published.

CVE-2026-53258
Sin clasificar Microsoft

CVE-2026-53160 misc: fastrpc: fix use-after-free race in fastrpc_map_create

Information published.

CVE-2026-53160
Baja Microsoft

CVE-2026-53183 mptcp: allow subflow rcv wnd to shrink

Information published.

CVE-2026-53183
Sin clasificar Microsoft

CVE-2026-53226 gpio: rockchip: fix generic IRQ chip leak on remove

Information published.

CVE-2026-53226
Sin clasificar Microsoft

CVE-2026-52930 ipc/shm: serialize orphan cleanup with shm_nattch updates

Information published.

CVE-2026-52930
Sin clasificar Microsoft

CVE-2026-53135 drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs

Information published.

CVE-2026-53135
Sin clasificar Microsoft

CVE-2026-53080 net/sched: cls_fw: fix NULL dereference of "old" filters before change()

Information published.

CVE-2026-53080
Sin clasificar Microsoft

CVE-2026-53108 powerpc/64s: Fix unmap race with PMD migration entries

Information published.

CVE-2026-53108
Sin clasificar Microsoft

CVE-2026-53091 net: pull headers in qdisc_pkt_len_segs_init()

Information published.

CVE-2026-53091
Sin clasificar Microsoft

CVE-2026-53232 net: phy: clean the sfp upstream if phy probing fails

Information published.

CVE-2026-53232
Sin clasificar Microsoft

CVE-2026-52962 ceph: fix a buffer leak in __ceph_setxattr()

Information published.

CVE-2026-52962
Sin clasificar Microsoft

CVE-2026-53176 IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN

Information published.

CVE-2026-53176
Sin clasificar Microsoft

CVE-2026-53070 sctp: disable BH before calling udp_tunnel_xmit_skb()

Information published.

CVE-2026-53070
Sin clasificar Microsoft

CVE-2026-53156 nvmem: core: fix use-after-free bugs in error paths

Information published.

CVE-2026-53156
Sin clasificar Microsoft

CVE-2026-57451 Vim: Out-of-bounds Read in Text Property Count

Information published.

CVE-2026-57451
Sin clasificar Microsoft

CVE-2026-53252 Bluetooth: fix memory leak in error path of hci_alloc_dev()

Information published.

CVE-2026-53252
Sin clasificar Microsoft

CVE-2026-53320 nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()

Information published.

CVE-2026-53320
Sin clasificar Microsoft

CVE-2026-53296 mailbox: mailbox-test: free channels on probe error

Information published.

CVE-2026-53296
Sin clasificar Microsoft

CVE-2026-53292 net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind

Information published.

CVE-2026-53292
Sin clasificar Microsoft

CVE-2026-53284 btrfs: only release the dirty pages io tree after successful writes

Information published.

CVE-2026-53284
Sin clasificar Microsoft

CVE-2026-53309 ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison

Information published.

CVE-2026-53309
Sin clasificar Microsoft

CVE-2026-53304 scsi: sg: Resolve soft lockup issue when opening /dev/sgX

Information published.

CVE-2026-53304
Sin clasificar Microsoft

CVE-2026-53313 drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths

Information published.

CVE-2026-53313
Sin clasificar Microsoft

CVE-2026-53306 tty: hvc_iucv: fix off-by-one in number of supported devices

Information published.

CVE-2026-53306
Sin clasificar Microsoft

CVE-2026-53291 ALSA: hda/conexant: Fix missing error check for jack detection

Information published.

CVE-2026-53291
Sin clasificar Microsoft

CVE-2026-53297 net: mana: Guard mana_remove against double invocation

Information published.

CVE-2026-53297
Sin clasificar Microsoft

CVE-2026-53293 drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG

Information published.

CVE-2026-53293
Sin clasificar Microsoft

CVE-2026-53294 mailbox: mailbox-test: don't free the reused channel

Information published.

CVE-2026-53294
Sin clasificar Microsoft

CVE-2026-53289 ice: fix NULL pointer dereference in ice_reset_all_vfs()

Information published.

CVE-2026-53289
Sin clasificar Microsoft

CVE-2026-53287 audit: fix incorrect inheritable capability in CAPSET records

Information published.

CVE-2026-53287
Sin clasificar Microsoft

CVE-2026-53303 f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()

Information published.

CVE-2026-53303
Baja Microsoft

CVE-2026-53314 padata: Put CPU offline callback in ONLINE section to allow failure

Information published.

CVE-2026-53314
Sin clasificar Microsoft

CVE-2026-44889 WebOb: Location header normalization during redirect leads to open redirect

Information published.

CVE-2026-44889
Sin clasificar Microsoft

CVE-2026-53295 mailbox: add sanity check for channel array

Information published.

CVE-2026-53295
Sin clasificar Microsoft

CVE-2026-53279 drm/gma500/oaktrail_lvds: fix hang on init failure

Information published.

CVE-2026-53279
Media Microsoft

CVE-2026-53655 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

Information published.

CVE-2026-53655
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13027 Use after free in FileSystem

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13027
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13026 Use after free in Digital Credentials

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13026
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13025 Insufficient validation of untrusted input in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13025
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13024 Insufficient validation of untrusted input in Navigation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13024
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13023 Uninitialized Use in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13023
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13022 Inappropriate implementation in Autofill

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13022
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13021 Inappropriate implementation in DeviceBoundSessionCredentials

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13021
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13036 Use after free in Blink

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13036
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13035 Use after free in Bluetooth

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13035
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13034 Inappropriate implementation in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13034
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13033 Out of bounds read in Blink>InterestGroups

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13033
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13031 Use after free in Blink

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13031
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13029 Use after free in Web Authentication

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13029
Sin clasificar Microsoft Edge

Chromium: CVE-2026-13038 Use after free in Autofill

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-13038
Sin clasificar Microsoft

CVE-2025-68736 landlock: Fix handling of disconnected directories

Information published.

CVE-2025-68736
Sin clasificar Microsoft

CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup

Information published.

CVE-2025-68296
Sin clasificar Microsoft

CVE-2026-45930 net: mctp: ensure our nlmsg responses are initialised

Information published.

CVE-2026-45930
Sin clasificar Microsoft

CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks

Information published.

CVE-2026-45850
Sin clasificar Microsoft

CVE-2026-46321 tun: free page on short-frame rejection in tun_xdp_one()

Information published.

CVE-2026-46321
Sin clasificar Microsoft

CVE-2026-46320 tap: free page on error paths in tap_get_user_xdp()

Information published.

CVE-2026-46320
Sin clasificar Microsoft

CVE-2026-46322 tun: free page on build_skb failure in tun_xdp_one()

Information published.

CVE-2026-46322
Sin clasificar Microsoft

CVE-2026-4367 Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing

Information published.

CVE-2026-4367
Sin clasificar Windows

CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-41086
Sin clasificar Microsoft

CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-45637
Sin clasificar Microsoft

CVE-2026-46140 Bluetooth: btmtk: validate WMT event SKB length before struct access

Information published.

CVE-2026-46140
Sin clasificar Microsoft

CVE-2026-11816 Path Traversal in keras-team/keras

Information published.

CVE-2026-11816
Sin clasificar Microsoft

CVE-2026-4367 Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing

Information published.

CVE-2026-4367
Sin clasificar Microsoft

CVE-2026-46285 mtd: docg3: fix use-after-free in docg3_release()

Information published.

CVE-2026-46285
Sin clasificar Windows

CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-42915
Sin clasificar Exchange Server

CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability

Acknowledgement added. This is an informational change only.

CVE-2026-45504
Sin clasificar Microsoft

CVE-2026-33840 Win32k Elevation of Privilege Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-33840
Sin clasificar Microsoft

CVE-2025-5791 Users: `root` appended to group listings

Information published.

CVE-2025-5791
Sin clasificar Microsoft

CVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on drop

Information published.

CVE-2025-4574
Sin clasificar Microsoft

CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path

Information published.

CVE-2026-45445
Sin clasificar Microsoft

CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

Information published.

CVE-2026-34183
Baja Microsoft

CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion

Information published.

CVE-2026-7383
Sin clasificar Microsoft

CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

Information published.

CVE-2026-42768
Sin clasificar Microsoft

CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption

Information published.

CVE-2026-9076
Sin clasificar Microsoft

CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

Information published.

CVE-2026-45446
Sin clasificar Microsoft

CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption

Information published.

CVE-2026-42766
Sin clasificar Microsoft

CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption

Information published.

CVE-2026-42767
Sin clasificar Microsoft

CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing

Information published.

CVE-2026-34180
Sin clasificar Microsoft

CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response

Information published.

CVE-2026-44967
Sin clasificar Microsoft

CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption

Information published.

CVE-2026-46331
Sin clasificar Microsoft Office

CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-45469
Sin clasificar Microsoft Office

CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-45475
Sin clasificar Microsoft Office

CVE-2026-45472 Microsoft Office Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...

CVE-2026-45472
Sin clasificar Microsoft Office

CVE-2026-45471 Microsoft Word Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-45471
Sin clasificar Microsoft Office

CVE-2026-45474 Microsoft Office Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...

CVE-2026-45474
Sin clasificar Microsoft Office

CVE-2026-45486 Microsoft Word Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-45486
Sin clasificar Microsoft Office

CVE-2026-45485 Microsoft Office Information Disclosure Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-45485
Sin clasificar Microsoft Office

CVE-2026-44817 Microsoft Excel Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-44817
Sin clasificar Microsoft Office

CVE-2026-44818 Microsoft Excel Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-44818
Sin clasificar Microsoft Office

CVE-2026-44819 Microsoft Office Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-44819
Sin clasificar Microsoft Office

CVE-2026-44820 Microsoft Excel Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-44820
Sin clasificar Microsoft Office

CVE-2026-44821 Microsoft Office Information Disclosure Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-44821
Sin clasificar Microsoft Office

CVE-2026-44823 Microsoft Excel Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-44823
Sin clasificar Microsoft Office

CVE-2026-44824 Microsoft Office Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-44824
Sin clasificar Microsoft Office

CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-45456
Sin clasificar Microsoft Office

CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-45458
Sin clasificar Microsoft Office

CVE-2026-45460 Microsoft Office Information Disclosure Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...

CVE-2026-45460
Sin clasificar Microsoft Office

CVE-2026-45461 Microsoft Office Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...

CVE-2026-45461
Sin clasificar Microsoft Office

CVE-2026-45466 Microsoft Word Information Disclosure Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-45466
Sin clasificar Microsoft Office

CVE-2026-45643 Microsoft Word Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-45643
Sin clasificar Microsoft Office

CVE-2026-45645 Microsoft Office Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-45645
Sin clasificar Microsoft Office

CVE-2026-45649 Office for Android Spoofing Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their ...

CVE-2026-45649
Sin clasificar Microsoft Office

CVE-2026-44822 Microsoft Excel Information Disclosure Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-44822
Sin clasificar Microsoft Office

CVE-2026-45455 Microsoft Excel Information Disclosure Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-45455
Sin clasificar Microsoft Office

CVE-2026-45457 Microsoft Word Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-45457
Sin clasificar Microsoft Office

CVE-2026-45459 Microsoft Excel Security Feature Bypass Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...

CVE-2026-45459
Sin clasificar Microsoft Office

CVE-2026-45463 Microsoft Office Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...

CVE-2026-45463
Sin clasificar Microsoft

Chromium: CVE-2026-12439 Use after free in Digital Credentials

Corrected CVE title. This is an informational change only.

CVE-2026-12439
Sin clasificar Microsoft

Chromium: CVE-2026-12440 Use after free in DigitalCredentials

Corrected CVE title. This is an informational change only.

CVE-2026-12440
Sin clasificar Microsoft

Chromium: CVE-2026-12445 Use after free in Extensions

Corrected CVE title. This is an informational change only.

CVE-2026-12445
Sin clasificar Microsoft

Chromium: CVE-2026-12446 Insufficient data validation in Passwords

Corrected CVE title. This is an informational change only.

CVE-2026-12446
Sin clasificar Microsoft

Chromium: CVE-2026-12451 Use after free in DigitalCredentials

Corrected CVE title. This is an informational change only.

CVE-2026-12451
Sin clasificar Microsoft

Chromium: CVE-2026-12441 Use after free in File Input

Corrected CVE title. This is an informational change only.

CVE-2026-12441
Baja Microsoft

Chromium: CVE-2026-12447 Heap buffer overflow in WebRTC

Corrected CVE title. This is an informational change only.

CVE-2026-12447
Sin clasificar Microsoft

Chromium: CVE-2026-12443 Use after free in Web Authentication

Corrected CVE title. This is an informational change only.

CVE-2026-12443
Sin clasificar Microsoft

Chromium: CVE-2026-12452 Use after free in Downloads

Corrected CVE title. This is an informational change only.

CVE-2026-12452
Sin clasificar Microsoft

Chromium: CVE-2026-12453 Insufficient validation of untrusted input in Input

Corrected CVE title. This is an informational change only.

CVE-2026-12453
Sin clasificar Microsoft

Chromium: CVE-2026-12455 Use after free in Tab Strip

Corrected CVE title. This is an informational change only.

CVE-2026-12455
Sin clasificar Microsoft

Chromium: CVE-2026-12456 Insufficient validation of untrusted input in Extensions

Corrected CVE title. This is an informational change only.

CVE-2026-12456
Sin clasificar Microsoft

Chromium: CVE-2026-12458 Incorrect security UI in Passwords

Corrected CVE title. This is an informational change only.

CVE-2026-12458
Sin clasificar Microsoft

Chromium: CVE-2026-12457 Insufficient data validation in Extensions

Corrected CVE title. This is an informational change only.

CVE-2026-12457
Sin clasificar Microsoft

Chromium: CVE-2026-12459 Inappropriate implementation in Serial

Corrected CVE title. This is an informational change only.

CVE-2026-12459
Sin clasificar Microsoft

Chromium: CVE-2026-12460 Insufficient policy enforcement in File System Access

Corrected CVE title. This is an informational change only.

CVE-2026-12460
Media Microsoft

Chromium: CVE-2026-12462 Use after free in Media

Corrected CVE title. This is an informational change only.

CVE-2026-12462
Sin clasificar Microsoft

Chromium: CVE-2026-12464 Use after free in Browser

Corrected CVE title. This is an informational change only.

CVE-2026-12464
Sin clasificar Microsoft

Chromium: CVE-2026-12463 Inappropriate implementation in Views

Corrected CVE title. This is an informational change only.

CVE-2026-12463
Sin clasificar Microsoft

Chromium: CVE-2026-12465 Insufficient validation of untrusted input in Metrics

Corrected CVE title. This is an informational change only.

CVE-2026-12465
Sin clasificar Microsoft

Chromium: CVE-2026-12454 Race in Safe Browsing

Corrected CVE title. This is an informational change only.

CVE-2026-12454
Sin clasificar Microsoft

Chromium: CVE-2026-12467 Use after free in Extensions

Corrected CVE title. This is an informational change only.

CVE-2026-12467
Sin clasificar Microsoft

Chromium: CVE-2026-12468 Inappropriate implementation in Updater

Corrected CVE title. This is an informational change only.

CVE-2026-12468
Sin clasificar Microsoft

Chromium: CVE-2026-12449 Use after free in Chromoting

Corrected CVE title. This is an informational change only.

CVE-2026-12449
Sin clasificar Microsoft

Chromium: CVE-2026-12444 Out of bounds read in Chromoting

Corrected CVE title. This is an informational change only.

CVE-2026-12444
Sin clasificar Microsoft

Chromium: CVE-2026-12437 Use after free in WebShare

Corrected CVE title. This is an informational change only.

CVE-2026-12437
Sin clasificar Microsoft

Chromium: CVE-2026-12461 Out of bounds read in WebRTC

Corrected CVE title. This is an informational change only.

CVE-2026-12461
Baja Microsoft

Chromium: CVE-2026-12466 Heap buffer overflow in WebRTC

Corrected CVE title. This is an informational change only.

CVE-2026-12466
Sin clasificar Windows

CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-42903
Sin clasificar Microsoft Office

CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their ...

CVE-2026-44803
Sin clasificar Microsoft Office

CVE-2026-44812 Windows Graphics Component Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their ...

CVE-2026-44812
Sin clasificar Microsoft Edge

CVE-2026-12439 Use after free in Digital Credentials

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12439
Sin clasificar Microsoft Edge

CVE-2026-12440 Use after free in DigitalCredentials

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12440
Sin clasificar Microsoft Edge

CVE-2026-12445 Use after free in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12445
Sin clasificar Microsoft Edge

CVE-2026-12446 Insufficient data validation in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12446
Sin clasificar Microsoft Edge

CVE-2026-12451 Use after free in DigitalCredentials

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12451
Sin clasificar Microsoft Edge

CVE-2026-12441 Use after free in File Input

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12441
Baja Microsoft Edge

CVE-2026-12447 Heap buffer overflow in WebRTC

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12447
Sin clasificar Microsoft Edge

CVE-2026-12443 Use after free in Web Authentication

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12443
Sin clasificar Microsoft Edge

CVE-2026-12452 Use after free in Downloads

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12452
Sin clasificar Microsoft Edge

CVE-2026-12453 Insufficient validation of untrusted input in Input

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12453
Sin clasificar Microsoft Edge

CVE-2026-12455 Use after free in Tab Strip

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12455
Sin clasificar Microsoft Edge

CVE-2026-12456 Insufficient validation of untrusted input in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12456
Sin clasificar Microsoft Edge

CVE-2026-12458 Incorrect security UI in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12458
Sin clasificar Microsoft Edge

CVE-2026-12457 Insufficient data validation in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12457
Sin clasificar Microsoft Edge

CVE-2026-12459 Inappropriate implementation in Serial

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12459
Sin clasificar Microsoft Edge

CVE-2026-12460 Insufficient policy enforcement in File System Access

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12460
Media Microsoft Edge

CVE-2026-12462 Use after free in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12462
Sin clasificar Microsoft Edge

CVE-2026-12464 Use after free in Browser

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12464
Sin clasificar Microsoft Edge

CVE-2026-12463 Inappropriate implementation in Views

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12463
Sin clasificar Microsoft Edge

CVE-2026-12465 Insufficient validation of untrusted input in Metrics

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12465
Sin clasificar Microsoft Edge

CVE-2026-12454 Race in Safe Browsing

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12454
Sin clasificar Microsoft Edge

CVE-2026-12467 Use after free in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12467
Sin clasificar Microsoft Edge

CVE-2026-12468 Inappropriate implementation in Updater

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12468
Sin clasificar Microsoft Edge

CVE-2026-12449 Use after free in Chromoting

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12449
Sin clasificar Microsoft Edge

CVE-2026-12444 Out of bounds read in Chromoting

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12444
Sin clasificar Microsoft Edge

CVE-2026-12437 Use after free in WebShare

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12437
Sin clasificar Microsoft Edge

CVE-2026-12461 Out of bounds read in WebRTC

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12461
Baja Microsoft Edge

CVE-2026-12466 Heap buffer overflow in WebRTC

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-12466
Sin clasificar Windows

CVE-2026-24289 Windows Kernel Elevation of Privilege Vulnerability

Acknowledgement added. This is an informational change only.

CVE-2026-24289
Sin clasificar Microsoft

CVE-2026-32177 .NET Elevation of Privilege Vulnerability

Removed incorrectly added rows from the Security Updates table. This is an informational change only.

CVE-2026-32177
Sin clasificar Visual Studio

CVE-2025-6965 Integer Truncation on SQLite

Added Visual Studio software to the Security Updates table. Customers that are running supported version of Visual Studio are encouraged to update to the indicated version to be protected from this vulnerability.

CVE-2025-6965
Baja Microsoft

CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds

Information published.

CVE-2026-8376
Baja Microsoft

CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling

Information published.

CVE-2026-48914
Sin clasificar Microsoft

CVE-2026-42014 Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin

Information published.

CVE-2026-42014
Sin clasificar Microsoft

CVE-2026-53689

Information published.

CVE-2026-53689
Sin clasificar Microsoft

CVE-2026-12087 Socket versions before 2.041 for Perl have an out-of-bounds heap read

Information published.

CVE-2026-12087
Baja Microsoft

CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow

Information published.

CVE-2026-9669
Sin clasificar Microsoft

CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2

Information published.

CVE-2026-43966
Baja Microsoft

CVE-2026-10275 OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow

Information published.

CVE-2026-10275
Sin clasificar Microsoft

CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response

Information published.

CVE-2026-44967
Baja Microsoft

CVE-2026-47633 Microsoft Cost Management Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network.

CVE-2026-47633
Baja Microsoft Edge

CVE-2026-32208 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network.

CVE-2026-32208
Baja Azure

CVE-2026-32174 Azure Bot Service Elevation of Privilege Vulnerability

Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network.

CVE-2026-32174
Baja Azure

CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability

Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-45480
Baja Microsoft

CVE-2026-42895 Microsoft Copilot Tampering Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.

CVE-2026-42895
Crítica Microsoft

CVE-2026-54130 M365 Copilot Information Disclosure Vulnerability

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-54130
Baja Dynamics

CVE-2026-47647 Dynamics 365 Elevation of Privilege Vulnerability

Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.

CVE-2026-47647
Baja Azure

CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability

Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.

CVE-2026-48584
Baja Microsoft

CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

CVE-2026-48582
Baja Microsoft 365

CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability

Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-47645
Baja Dynamics

CVE-2026-47646 Dynamics 365 Customer Voice Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-47646
Sin clasificar Microsoft

CVE-2025-71073 Input: lkkbd - disable pending work before freeing device

Information published.

CVE-2025-71073
Sin clasificar Microsoft

CVE-2025-71072 shmem: fix recovery on rename failures

Information published.

CVE-2025-71072
Sin clasificar Microsoft

CVE-2026-28387 Potential Use-after-free in DANE Client Code

Information published.

CVE-2026-28387
Sin clasificar Microsoft

CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()

Information published.

CVE-2026-43308
Sin clasificar Microsoft

CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

Information published.

CVE-2026-25681
Sin clasificar Microsoft

CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Information published.

CVE-2026-25680
Sin clasificar Microsoft

CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path

Information published.

CVE-2026-45445
Sin clasificar Microsoft

CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function

Information published.

CVE-2026-45447
Sin clasificar Microsoft

CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc

Information published.

CVE-2026-48854
Sin clasificar Microsoft

CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd

Information published.

CVE-2026-46292
Sin clasificar Microsoft

CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()

Information published.

CVE-2026-46274
Sin clasificar Microsoft

CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key

Information published.

CVE-2026-46291
Sin clasificar Microsoft

CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration

Information published.

CVE-2026-46293
Sin clasificar Microsoft

CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages

Information published.

CVE-2026-34182
Baja Microsoft

CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion

Information published.

CVE-2026-7383
Sin clasificar Microsoft

CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption

Information published.

CVE-2026-9076
Sin clasificar Microsoft

CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption

Information published.

CVE-2026-42766
Sin clasificar Microsoft

CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption

Information published.

CVE-2026-42767
Sin clasificar Microsoft

CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing

Information published.

CVE-2026-34180
Sin clasificar Windows

CVE-2026-35433 .NET Elevation of Privilege Vulnerability

This CVE was updated to remove Windows 11 (21H1 and 22H2) as impacted

CVE-2026-35433
Sin clasificar SharePoint

CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability

Acknowledgement added. This is an informational change only.

CVE-2026-47636
Sin clasificar Microsoft Office

CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability

Acknowledgement added. This is an informational change only.

CVE-2026-45475
Sin clasificar Windows

CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability

Acknowledgement added. This is an informational change only.

CVE-2026-42828
Sin clasificar Dynamics

CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability

Updated the fixed version information and download link. The fix was previously believed to be included in Dynamics 365 Server (on-premises) version 6.2; however, it has been confirmed that the fix is included in Dyna...

CVE-2026-40371
Sin clasificar Windows

CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability

Updated CWE value. This is an informational change only.

CVE-2026-45602
Sin clasificar Defender

CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that ad...

CVE-2026-50656
Sin clasificar Windows

CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability

Corrected the CVE description and title. This is an informational change only.

CVE-2026-42915
Sin clasificar Microsoft

CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages

Information published.

CVE-2026-34182
Baja Microsoft

CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.

Information published.

CVE-2026-54411
Sin clasificar Microsoft Edge

Chromium: CVE-2026-12012 Use after free  Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...

CVE-2026-12012
Sin clasificar Microsoft Edge

Chromium: CVE-2026-12008 Use after free  DigitalCredentials

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...

CVE-2026-12008
Sin clasificar Microsoft Edge

Chromium: CVE-2026-12019 Out of bounds write  Codecs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...

CVE-2026-12019
Sin clasificar Microsoft Edge

Chromium: CVE-2026-12016 Insufficient validation of untrusted input  DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...

CVE-2026-12016
Sin clasificar Microsoft Edge

Chromium: CVE-2026-12015 Use after free  Autofill

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...

CVE-2026-12015
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11628 Use after free in Ozone

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11628
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11629 Use after free in Ozone

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11629
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11631 Use after free in Aura

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11631
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11630 Use after free in File Input

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11630
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11632 Use after free in TabStrip

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11632
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11633 Use after free in Bluetooth

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11633
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11634 Use after free in Gamepad

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11634
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11635 Use after free in Bluetooth

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11635
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11639 Use after free in Compositing

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11639
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11637 Use after free in Views

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11637
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11636 Use after free in Autofill

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11636
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11638 Use after free in Printing

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11638
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11641 Use after free in Bluetooth

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11641
Baja Microsoft Edge

Chromium: CVE-2026-11640 Integer overflow in libyuv

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11640
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11642 Use after free in Web Apps

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11642
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11645 Out of bounds memory access in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11645
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11643 Use after free in Proxy

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11643
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11644 Use after free in Views

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11644
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11646 Use after free in ViewTransitions

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11646
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11657 Use after free in Payments

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11657
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11658 Insufficient validation of untrusted input in Extensions

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11658
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11660 Insufficient validation of untrusted input in New Tab Page

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11660
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11661 Use after free in Views

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11661
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11659 Insufficient validation of untrusted input in UI

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11659
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11663 Use after free in Skia

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11663
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11662 Type Confusion in Bindings

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11662
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11664 Use after free in Payments

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11664
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11665 Out of bounds read in Dawn

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11665
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11666 Insufficient validation of untrusted input in Input

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11666
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11668 Uninitialized Use in Codecs

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11668
Media Microsoft Edge

Chromium: CVE-2026-11669 Integer overflow in Media

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11669
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11667 Out of bounds read in WebRTC

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11667
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11670 Use after free in PDF

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11670
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11671 Use after free in Navigation

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11671
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11672 Out of bounds write in GPU

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11672
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11673 Use after free in InterestGroups

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11673
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11675 Insufficient validation of untrusted input in Skia

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11675
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11674 Use after free in Guest View

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11674
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11676 Insufficient validation of untrusted input in Dawn

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11676
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11677 Race in Network

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11677
Baja Microsoft Edge

Chromium: CVE-2026-11678 Integer overflow in libyuv

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11678
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11679 Use after free in Codecs

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11679
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11681 Use after free in Ozone

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11681
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11682 Insufficient validation of untrusted input in Views

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11682
Media Microsoft Edge

Chromium: CVE-2026-11680 Use after free in Media

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11680
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11683 Use after free in WebCodecs

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11683
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11684 Insufficient policy enforcement in Network

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11684
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11687 Use after free in Dawn

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11687
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11686 Insufficient validation of untrusted input in Dawn

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11686
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11688 Object lifecycle issue in SVG

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11688
Media Microsoft Edge

Chromium: CVE-2026-11685 Insufficient data validation in MediaCapture

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11685
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11689 Insufficient validation of untrusted input in Passwords

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11689
Media Microsoft Edge

Chromium: CVE-2026-11690 Out of bounds read and write in Media

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11690
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11691 Insufficient validation of untrusted input in New Tab Page

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11691
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11692 Use after free in Read Anything

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11692
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11693 Inappropriate implementation in Plugins

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11693
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11694 Use after free in ServiceWorker

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11694
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11695 Inappropriate implementation in Passwords

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11695
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11696 Uninitialized Use in Video

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11696
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11697 Insufficient validation of untrusted input in UI

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11697
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11698 Use after free in Bluetooth

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11698
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11699 Use after free in Bluetooth

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11699
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11700 Use after free in Tracing

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11700
Sin clasificar Microsoft Edge

Chromium: CVE-2026-12018 Inappropriate implementation  Mojo

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...

CVE-2026-12018
Sin clasificar Microsoft Edge

Chromium: CVE-2026-12007 Use after free  Core

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...

CVE-2026-12007
Sin clasificar Microsoft Edge

Chromium: CVE-2026-12017 Insufficient validation of untrusted input  Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...

CVE-2026-12017
Sin clasificar Microsoft Edge

Chromium: CVE-2026-12014 Use after free  Cast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...

CVE-2026-12014
Media Microsoft Edge

Chromium: CVE-2026-12013 Use after free  Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...

CVE-2026-12013
Baja Microsoft Edge

Chromium: CVE-2026-12010 Heap buffer overflow  GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...

CVE-2026-12010
Sin clasificar Microsoft Edge

Chromium: CVE-2026-12009 Insufficient validation of untrusted input  Accessibility

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...

CVE-2026-12009
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11647 Use after free in Printing

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11647
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11648 Use after free in FullScreen

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11648
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11651 Use after free in Network

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11651
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11649 Use after free in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11649
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11652 Use after free in Extensions

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11652
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11650 Use after free in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11650
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11653 Insufficient validation of untrusted input in Extensions

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11653
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11654 Use after free in CameraCapture

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11654
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11656 Use after free in ServiceWorker

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11656
Media Microsoft Edge

Chromium: CVE-2026-11655 Integer overflow in Media

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-11655
Sin clasificar Microsoft Edge

Chromium: CVE-2026-12011 Use after free  WebMIDI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...

CVE-2026-12011
Sin clasificar Microsoft Edge

CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-33118
Sin clasificar Microsoft

CVE-2026-6429 netrc credential leak with reused proxy connection

Information published.

CVE-2026-6429
Sin clasificar Microsoft

CVE-2026-5545 wrong reuse of HTTP Negotiate connection

Information published.

CVE-2026-5545
Sin clasificar Microsoft

CVE-2026-6253 proxy credentials leak over redirect-to proxy

Information published.

CVE-2026-6253
Sin clasificar Microsoft

CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path

Information published.

CVE-2026-45445
Baja Microsoft

CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

Information published.

CVE-2026-7774
Sin clasificar Microsoft

CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service

Information published.

CVE-2026-49762
Sin clasificar Microsoft

CVE-2026-46433 lldpd: Heap OOB Read in VLAN Decapsulation memmove

Information published.

CVE-2026-46433
Sin clasificar Microsoft

CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

Information published.

CVE-2026-42768
Baja Microsoft

CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle

Information published.

CVE-2026-11526
Sin clasificar Microsoft

CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value

Information published.

CVE-2023-5678
Sin clasificar Microsoft

CVE-2026-4873 connection reuse ignores TLS requirement

Information published.

CVE-2026-4873
Sin clasificar Microsoft

CVE-2026-6429 netrc credential leak with reused proxy connection

Information published.

CVE-2026-6429
Sin clasificar Microsoft

CVE-2026-5545 wrong reuse of HTTP Negotiate connection

Information published.

CVE-2026-5545
Sin clasificar Microsoft

CVE-2026-6253 proxy credentials leak over redirect-to proxy

Information published.

CVE-2026-6253
Sin clasificar Microsoft

CVE-2026-5222 Cargo can be coerced to share credentials between registries

Information published.

CVE-2026-5222
Sin clasificar Microsoft

CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule

Information published.

CVE-2026-40034
Sin clasificar Microsoft

CVE-2026-6276 stale custom cookie host causes cookie leak

Information published.

CVE-2026-6276
Sin clasificar Microsoft

CVE-2026-5223 Crates in third party registries can override the cached source of other crates

Information published.

CVE-2026-5223
Sin clasificar Microsoft

CVE-2026-11822 SQLite before 3.53.2 Memory Corruption in FTS5 Extension

Information published.

CVE-2026-11822
Sin clasificar Microsoft

CVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

Information published.

CVE-2026-47162
Sin clasificar Microsoft

CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path

Information published.

CVE-2026-45445
Sin clasificar Microsoft

CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function

Information published.

CVE-2026-45447
Sin clasificar Microsoft

CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling

Information published.

CVE-2026-42764
Sin clasificar Microsoft

CVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

Information published.

CVE-2026-34181
Baja Microsoft

CVE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate

Information published.

CVE-2026-11824
Sin clasificar Microsoft

CVE-2026-10846 Insufficient verification that responses belong to a query

Information published.

CVE-2026-10846
Sin clasificar Microsoft

CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion

Information published.

CVE-2026-52860
Sin clasificar Microsoft

CVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen Snapshot

Information published.

CVE-2026-52859
Sin clasificar Microsoft

CVE-2026-47167 Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex

Information published.

CVE-2026-47167
Sin clasificar Microsoft

CVE-2026-52858 Vim: Arbitrary Code Execution via Python Omni-Completion

Information published.

CVE-2026-52858
Sin clasificar Microsoft

CVE-2026-44705 tmp: Path Traversal via unsanitized prefix/postfix enables directory escape

Information published.

CVE-2026-44705
Sin clasificar Microsoft

CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

Information published.

CVE-2026-34183
Sin clasificar Microsoft

CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages

Information published.

CVE-2026-34182
Baja Microsoft

CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion

Information published.

CVE-2026-7383
Sin clasificar Microsoft

CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

Information published.

CVE-2026-42768
Sin clasificar Microsoft

CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption

Information published.

CVE-2026-9076
Sin clasificar Microsoft

CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

Information published.

CVE-2026-45446
Sin clasificar Microsoft

CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption

Information published.

CVE-2026-42766
Sin clasificar Microsoft

CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption

Information published.

CVE-2026-42767
Sin clasificar Microsoft

CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

Information published.

CVE-2026-42769
Sin clasificar Microsoft

CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing

Information published.

CVE-2026-34180
Sin clasificar Microsoft

CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service

Information published.

CVE-2026-49975
Sin clasificar Microsoft

CVE-2026-46643 Snappy: Binary path is never shell-escaped due to an inverted is_executable check

Information published.

CVE-2026-46643
Sin clasificar Microsoft

CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option

Information published.

CVE-2026-46683
Sin clasificar Microsoft

CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-39833
Sin clasificar Microsoft

CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans

Information published.

CVE-2026-42012
Sin clasificar Microsoft

CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name

Information published.

CVE-2026-42013
Sin clasificar Microsoft

CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling

Information published.

CVE-2026-42015
Sin clasificar Microsoft

CVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchange

Information published.

CVE-2026-5260
Baja Microsoft

CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

Information published.

CVE-2026-43958
Baja Microsoft

CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders

Information published.

CVE-2026-10879
Baja Microsoft

CVE-2026-50256 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch

Information published.

CVE-2026-50256
Sin clasificar Microsoft

CVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes

Information published.

CVE-2026-50262
Sin clasificar Microsoft

CVE-2026-50260 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()

Information published.

CVE-2026-50260
Sin clasificar Microsoft

CVE-2026-50257 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()

Information published.

CVE-2026-50257
Baja Microsoft

CVE-2026-50258 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels

Information published.

CVE-2026-50258
Sin clasificar Microsoft

CVE-2026-50263 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()

Information published.

CVE-2026-50263
Sin clasificar Microsoft

CVE-2026-11822 SQLite before 3.53.2 Memory Corruption in FTS5 Extension

Information published.

CVE-2026-11822
Baja Microsoft

CVE-2026-42536 Apache HTTP Server: mod_xml2enc heap overflow

Information published.

CVE-2026-42536
Sin clasificar Microsoft

CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

Information published.

CVE-2026-11332
Sin clasificar Microsoft

CVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal

Information published.

CVE-2026-5419
Sin clasificar Microsoft

CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities

Information published.

CVE-2026-8829
Sin clasificar Microsoft

CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()

Information published.

CVE-2026-50261
Baja Microsoft

CVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing

Information published.

CVE-2026-50259
Sin clasificar Microsoft

CVE-2026-46433 lldpd: Heap OOB Read in VLAN Decapsulation memmove

Information published.

CVE-2026-46433
Baja Microsoft

CVE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate

Information published.

CVE-2026-11824
Sin clasificar Microsoft

CVE-2026-10846 Insufficient verification that responses belong to a query

Information published.

CVE-2026-10846
Sin clasificar Microsoft

CVE-2026-48913 Apache HTTP Server: mod_http2 memory corruption when file handles exhausted

Information published.

CVE-2026-48913
Sin clasificar Microsoft

CVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules

Information published.

CVE-2026-44119
Sin clasificar Microsoft

CVE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS

Information published.

CVE-2026-29170
Sin clasificar Microsoft

CVE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash

Information published.

CVE-2026-43951
Sin clasificar Microsoft

CVE-2026-29167 Apache HTTP Server: mod_ldap per-dir use-after-free

Information published.

CVE-2026-29167
Sin clasificar Microsoft

CVE-2026-42535 Apache HTTP Server: mod_dav_fs protected directory access

Information published.

CVE-2026-42535
Baja Microsoft

CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow

Information published.

CVE-2026-44631
Sin clasificar Microsoft

CVE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp

Information published.

CVE-2026-44186
Baja Microsoft

CVE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow

Information published.

CVE-2026-34356
Sin clasificar Microsoft

CVE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`

Information published.

CVE-2026-44185
Baja Microsoft

CVE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow

Information published.

CVE-2026-34355
Sin clasificar SharePoint

CVE-2026-47294 Microsoft SharePoint Server Remote Code Execution Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-47294
Sin clasificar Windows

CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-42903
Sin clasificar Visual Studio

CVE-2026-48569 Visual Studio Code Security Feature Bypass Vulnerability

Updated the Security Updates Build Number

CVE-2026-48569
Sin clasificar Visual Studio

CVE-2026-40376 Visual Studio Code Elevation of Privilege Vulnerability

Updated the Security Updates Build Number

CVE-2026-40376
Sin clasificar Visual Studio

CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

Updated the Security Updates Build Number and Title as the Chat extention is now merged into Visual Studio Code

CVE-2026-45482
Sin clasificar Dynamics

CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability

The release notes link has been updated to point to the latest available version. Informational change only.

CVE-2026-40371
Sin clasificar SharePoint

CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-47298
Sin clasificar Microsoft

CVE-2026-20846 GDI+ Denial of Service Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-20846
Sin clasificar Microsoft

CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Information published.

CVE-2026-42502
Sin clasificar Microsoft

CVE-2026-43059 Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers

Information published.

CVE-2026-43059
Sin clasificar Microsoft

CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service

Information published.

CVE-2026-49975
Sin clasificar Microsoft

CVE-2026-46275 Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths

Information published.

CVE-2026-46275
Sin clasificar Microsoft

CVE-2026-46285 mtd: docg3: fix use-after-free in docg3_release()

Information published.

CVE-2026-46285
Sin clasificar Microsoft

CVE-2026-46280 lib: test_hmm: evict device pages on file close to avoid use-after-free

Information published.

CVE-2026-46280
Sin clasificar Microsoft

CVE-2026-46282 iio: frequency: admv1013: fix NULL pointer dereference on str

Information published.

CVE-2026-46282
Media Microsoft

CVE-2026-46312 media: videobuf2: Set vma_flags in vb2_dma_sg_mmap

Information published.

CVE-2026-46312
Sin clasificar Microsoft

CVE-2026-46301 spi: topcliff-pch: fix use-after-free on unbind

Information published.

CVE-2026-46301
Baja Microsoft

CVE-2026-46302 selinux: allow multiple opens of /sys/fs/selinux/policy

Information published.

CVE-2026-46302
Sin clasificar Microsoft

CVE-2026-46314 drm/v3d: Reject empty multisync extension to prevent infinite loop

Information published.

CVE-2026-46314
Sin clasificar Microsoft

CVE-2025-71315 drm/vkms: Convert to DRM's vblank timer

Information published.

CVE-2025-71315
Sin clasificar Microsoft

CVE-2026-46296 spi: s3c64xx: fix NULL-deref on driver unbind

Information published.

CVE-2026-46296
Sin clasificar Microsoft

CVE-2026-46287 net: txgbe: fix RTNL assertion warning when remove module

Information published.

CVE-2026-46287
Sin clasificar Microsoft

CVE-2026-46299 hfsplus: fix held lock freed on hfsplus_fill_super()

Information published.

CVE-2026-46299
Sin clasificar Microsoft

CVE-2026-46321 tun: free page on short-frame rejection in tun_xdp_one()

Information published.

CVE-2026-46321
Sin clasificar Microsoft

CVE-2026-46319 net/sched: act_ct: Only release RCU read lock after ct_ft

Information published.

CVE-2026-46319
Sin clasificar Microsoft

CVE-2026-46323 net: gro: don't merge zcopy skbs

Information published.

CVE-2026-46323
Sin clasificar Microsoft

CVE-2026-46324 netfilter: nf_tables: use list_del_rcu for netlink hooks

Information published.

CVE-2026-46324
Sin clasificar Microsoft

CVE-2026-46320 tap: free page on error paths in tap_get_user_xdp()

Information published.

CVE-2026-46320
Sin clasificar Microsoft

CVE-2026-46289 lib/scatterlist: fix length calculations in extract_kvec_to_sg

Information published.

CVE-2026-46289
Sin clasificar Microsoft

CVE-2026-46307 wifi: ath5k: do not access array OOB

Information published.

CVE-2026-46307
Sin clasificar Microsoft

CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd

Information published.

CVE-2026-46292
Sin clasificar Microsoft

CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()

Information published.

CVE-2026-46274
Sin clasificar Microsoft

CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key

Information published.

CVE-2026-46291
Sin clasificar Microsoft

CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration

Information published.

CVE-2026-46293
Baja Microsoft

CVE-2026-46306 flow_dissector: do not dissect PPPoE PFC frames

Information published.

CVE-2026-46306
Sin clasificar Microsoft

CVE-2026-46304 nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free

Information published.

CVE-2026-46304
Sin clasificar Microsoft

CVE-2026-46303 isofs: validate Rock Ridge CE continuation extent against volume size

Information published.

CVE-2026-46303
Sin clasificar Microsoft

CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service

Information published.

CVE-2026-49762
Sin clasificar Microsoft

CVE-2026-46322 tun: free page on build_skb failure in tun_xdp_one()

Information published.

CVE-2026-46322
Sin clasificar Microsoft

CVE-2026-46325 RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE

Information published.

CVE-2026-46325
Sin clasificar Microsoft

CVE-2026-46330 Revert "net/smc: Introduce TCP ULP support"

Information published.

CVE-2026-46330
Baja Windows

CVE-2026-41108 Windows DNS Client Elevation of Privilege Vulnerability

Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.

CVE-2026-41108
Baja Microsoft Office

CVE-2026-45467 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-45467
Baja Microsoft Office

CVE-2026-45468 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-45468
Baja Microsoft Office

CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-45469
Baja Microsoft Office

CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45475
Baja Microsoft Office

CVE-2026-45472 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45472
Baja Microsoft Office

CVE-2026-45471 Microsoft Word Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-45471
Baja Microsoft Office

CVE-2026-45474 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45474
Baja Microsoft Office

CVE-2026-45479 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-45479
Baja Microsoft Office

CVE-2026-45486 Microsoft Word Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-45486
Baja Microsoft Office

CVE-2026-45485 Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-45485
Baja Microsoft Office

CVE-2026-45483 Microsoft Office Project Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.

CVE-2026-45483
Sin clasificar Microsoft Edge

Chromium: CVE-2026-10984 Inappropriate implementation in Accessibility

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-10984
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11291 Policy bypass in Android Autofill

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11291
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11178 Policy bypass in WebView

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11178
Baja Windows

CVE-2025-10263 ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel]

No cwe for this issue in Windows Kernel allows an unauthorized attacker to elevate privileges locally.

CVE-2025-10263
Sin clasificar Windows

CVE-2026-40409 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Information published.

CVE-2026-40409
Sin clasificar Windows

CVE-2026-40404 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Information published.

CVE-2026-40404
Baja Windows

CVE-2026-33828 Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.

CVE-2026-33828
Baja Windows

CVE-2026-34335 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-34335
Baja Microsoft

CVE-2026-42902 Microsoft PowerToys Elevation of Privilege Vulnerability

Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.

CVE-2026-42902
Baja Microsoft Office

CVE-2026-44817 Microsoft Excel Remote Code Execution Vulnerability

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-44817
Baja Microsoft Office

CVE-2026-44818 Microsoft Excel Remote Code Execution Vulnerability

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-44818
Baja Microsoft Office

CVE-2026-44819 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-44819
Baja Microsoft Office

CVE-2026-44820 Microsoft Excel Remote Code Execution Vulnerability

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-44820
Baja Microsoft Office

CVE-2026-44821 Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-44821
Baja Microsoft Office

CVE-2026-44823 Microsoft Excel Remote Code Execution Vulnerability

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-44823
Baja Microsoft Office

CVE-2026-44824 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-44824
Baja Microsoft Office

CVE-2026-45453 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-45453
Baja Microsoft Office

CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45456
Baja Microsoft Office

CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45458
Baja Microsoft Office

CVE-2026-45460 Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-45460
Baja Microsoft Office

CVE-2026-45461 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45461
Baja Microsoft Office

CVE-2026-45466 Microsoft Word Information Disclosure Vulnerability

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

CVE-2026-45466
Baja Windows

CVE-2026-45487 Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability

Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.

CVE-2026-45487
Baja Microsoft

CVE-2026-45490 .NET SDK Elevation of Privilege Vulnerability

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

CVE-2026-45490
Baja Microsoft

CVE-2026-45491 .NET Tampering Vulnerability

Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.

CVE-2026-45491
Baja Exchange Server

CVE-2026-45500 Microsoft Exchange Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-45500
Baja Exchange Server

CVE-2026-45501 Microsoft Exchange Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-45501
Baja Exchange Server

CVE-2026-45502 Microsoft Exchange Server Information Disclosure Vulnerability

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

CVE-2026-45502
Baja Exchange Server

CVE-2026-45503 Microsoft Exchange Server Information Disclosure Vulnerability

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

CVE-2026-45503
Baja Exchange Server

CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-45504
Baja Exchange Server

CVE-2026-45583 Microsoft Exchange Server Remote Code Execution Vulnerability

Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.

CVE-2026-45583
Baja Windows

CVE-2026-45605 Windows Bluetooth Service Elevation of Privilege Vulnerability

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

CVE-2026-45605
Baja Windows

CVE-2026-45639 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

CVE-2026-45639
Baja Windows

CVE-2026-45640 Windows Bluetooth Port Driver Elevation of Privilege Vulnerability

Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-45640
Baja Microsoft

CVE-2026-45606 Microsoft UxTheme Library (uxtheme.dll) Denial of Service Vulnerability

Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.

CVE-2026-45606
Baja Windows

CVE-2026-45607 Windows Hyper-V Remote Code Execution Vulnerability

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

CVE-2026-45607
Baja Windows

CVE-2026-45641 Windows Hyper-V Remote Code Execution Vulnerability

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

CVE-2026-45641
Baja Windows

CVE-2026-45634 Windows DHCP Client Information Disclosure Vulnerability

Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

CVE-2026-45634
Baja Azure

CVE-2026-45642 Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability

Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.

CVE-2026-45642
Baja Microsoft Office

CVE-2026-45643 Microsoft Word Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-45643
Baja Microsoft Office

CVE-2026-45645 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45645
Baja Windows

CVE-2026-45648 Windows Active Directory Domain Services Remote Code Execution Vulnerability

Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.

CVE-2026-45648
Baja Microsoft

CVE-2026-45649 Office for Android Spoofing Vulnerability

Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.

CVE-2026-45649
Crítica Microsoft

CVE-2026-45650 Microsoft Bing Search Spoofing Vulnerability

User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-45650
Baja Windows

CVE-2026-45655 Windows BitLocker Security Feature Bypass Vulnerability

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2026-45655
Baja Windows

CVE-2026-45656 UEFI Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.

CVE-2026-45656
Baja Windows

CVE-2026-45657 Windows Kernel Remote Code Execution Vulnerability

Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.

CVE-2026-45657
Baja Visual Studio

CVE-2026-47287 Visual Studio Code Tampering Vulnerability

Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.

CVE-2026-47287
Baja Windows

CVE-2026-47288 Windows Kerberos Key Distribution Center (KDC) Remote Code Execution

Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.

CVE-2026-47288
Baja Microsoft

CVE-2026-47289 Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-47289
Baja Windows

CVE-2026-47291 HTTP.sys Remote Code Execution Vulnerability

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

CVE-2026-47291
Baja Visual Studio

CVE-2026-47292 Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

CVE-2026-47292
Baja Microsoft

CVE-2026-41092 Microsoft Kinect Elevation of Privilege Vulnerability

Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.

CVE-2026-41092
Baja Azure

CVE-2026-32193 Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.

CVE-2026-32193
Baja Microsoft Office

CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-47298
Baja Exchange Server

CVE-2026-47631 Microsoft Exchange Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-47631
Baja Azure

CVE-2026-41098 Azure Stack Edge Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.

CVE-2026-41098
Baja Microsoft Office

CVE-2026-47635 Microsoft Outlook and Word Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-47635
Baja Microsoft Office

CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-47636
Baja Microsoft Office

CVE-2026-47637 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-47637
Baja Microsoft Office

CVE-2026-47638 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-47638
Baja Microsoft Office

CVE-2026-47639 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-47639
Baja Microsoft Office

CVE-2026-47641 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-47641
Baja Windows

CVE-2026-45588 Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-45588
Baja Windows

CVE-2026-47648 Windows Storage Elevation of Privilege Vulnerability

Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.

CVE-2026-47648
Baja Windows

CVE-2026-8863 UEFI Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.

CVE-2026-8863
Baja Microsoft

CVE-2026-47653 Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-47653
Baja Windows

CVE-2026-47652 Windows Hyper-V Remote Code Execution Vulnerability

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

CVE-2026-47652
Baja Microsoft

CVE-2026-47654 Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-47654
Baja Microsoft

CVE-2026-48563 Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-48563
Sin clasificar Windows

CVE-2026-48566 Windows DWM Core Library Information Disclosure Vulnerability

Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who ha...

CVE-2026-48566
Baja Windows

CVE-2026-48568 Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-48568
Baja Windows

CVE-2026-48570 Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-48570
Baja Windows

CVE-2026-48573 Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-48573
Baja Windows

CVE-2026-48575 Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-48575
Baja Windows

CVE-2026-48576 Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-48576
Baja Windows

CVE-2026-48578 Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-48578
Baja Windows

CVE-2026-48583 Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-48583
Sin clasificar Microsoft

ADV990001 Latest Servicing Stack Updates

Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.

Baja Microsoft

CVE-2026-49161 Microsoft PC Manager Security Feature Bypass Vulnerability

Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.

CVE-2026-49161
Baja Windows

CVE-2026-50508 Windows NTLM Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-50508
Baja Microsoft

CVE-2026-26142 Nuance PowerScribe Remote Code Execution Vulnerability

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

CVE-2026-26142
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11012 Use after free in Serial

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11012
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11029 Insufficient validation of untrusted input in Drag and Drop

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11029
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11045 Insufficient validation of untrusted input in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11045
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11065 Use after free in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11065
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11072 Use after free in WebView

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11072
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11080 Use after free in WebView

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11080
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11082 Use after free in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11082
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11108 Inappropriate implementation in NFC

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11108
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11119 Insufficient validation of untrusted input in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11119
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11131 Use after free in Autofill

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11131
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11145 Race in Geolocation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11145
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11148 Inappropriate implementation in Payments

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11148
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11175 Incorrect security UI in Messages

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11175
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11188 Use after free in USB

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11188
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11226 Insufficient policy enforcement in PreviewTab

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11226
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11263 Insufficient policy enforcement in WebAuthentication

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11263
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11287 Insufficient validation of untrusted input in Navigation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11287
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11295 Inappropriate implementation in WebView

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11295
Baja Microsoft Office

CVE-2026-33113 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-33113
Baja Dynamics

CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability

Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.

CVE-2026-40371
Baja Windows

CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-42828
Baja Windows

CVE-2026-42829 Windows Administrator Protection Secure Feature Bypass Vulnerability

Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.

CVE-2026-42829
Baja Microsoft

CVE-2026-42835 Microsoft Teams for Android Information Disclosure Vulnerability

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.

CVE-2026-42835
Baja Visual Studio

CVE-2026-40376 Visual Studio Code Elevation of Privilege Vulnerability

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-40376
Baja Microsoft Office

CVE-2026-44822 Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

CVE-2026-44822
Baja Microsoft Office

CVE-2026-45454 Microsoft SharePoint Remote Code Execution Vulnerability

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-45454
Baja Microsoft Office

CVE-2026-45455 Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

CVE-2026-45455
Baja Microsoft Office

CVE-2026-45457 Microsoft Word Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-45457
Baja Microsoft Office

CVE-2026-45459 Microsoft Excel Security Feature Bypass Vulnerability

Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-45459
Baja Microsoft Office

CVE-2026-45462 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-45462
Baja Microsoft Office

CVE-2026-45463 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45463
Baja Microsoft Office

CVE-2026-45464 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-45464
Baja Microsoft Office

CVE-2026-45465 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-45465
Baja Azure

CVE-2026-45476 Microsoft Azure Network Adapter Elevation of Privilege Vulnerability

Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-45476
Baja Visual Studio

CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability

Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-45482
Baja Windows

CVE-2026-45586 Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.

CVE-2026-45586
Baja Microsoft

CVE-2026-45591 ASP.NET Core Denial of Service Vulnerability

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.

CVE-2026-45591
Baja Windows

CVE-2026-45592 Windows Internet (wininet.dll) Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.

CVE-2026-45592
Sin clasificar Windows

CVE-2026-45593 Windows SDK Elevation of Privilege Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-45593
Baja Windows

CVE-2026-45594 Windows Application Identity (AppID) Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

CVE-2026-45594
Baja Windows

CVE-2026-45604 Windows Managed Installer Information Disclosure Vulnerability

Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

CVE-2026-45604
Baja Windows

CVE-2026-45595 Windows Mark of the Web Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-45595
Sin clasificar Windows

CVE-2026-45597 Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-45597
Baja Windows

CVE-2026-45599 Windows UPnP Device Host Remote Code Execution Vulnerability

Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

CVE-2026-45599
Baja Windows

CVE-2026-45601 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-45601
Baja Windows

CVE-2026-45598 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-45598
Baja Windows

CVE-2026-45636 Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

CVE-2026-45636
Baja Windows

CVE-2026-45596 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-45596
Baja Windows

CVE-2026-45600 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

CVE-2026-45600
Baja Windows

CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability

No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.

CVE-2026-45602
Baja Windows

CVE-2026-45635 Windows UPnP Device Host Remote Code Execution Vulnerability

Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.

CVE-2026-45635
Baja Windows

CVE-2026-45638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-45638
Baja Windows

CVE-2026-45603 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-45603
Baja Windows

CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-45637
Baja Windows

CVE-2026-45608 Windows DHCP Client Information Disclosure Vulnerability

Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

CVE-2026-45608
Baja Microsoft

CVE-2026-45644 Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.

CVE-2026-45644
Baja Windows

CVE-2026-45653 Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-45653
Baja Windows

CVE-2026-45654 Secure Boot Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-45654
Baja Defender

CVE-2026-45647 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

CVE-2026-45647
Baja Windows

CVE-2026-45658 Windows BitLocker Security Feature Bypass Vulnerability

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2026-45658
Baja Visual Studio

CVE-2026-47281 Visual Studio Code Elevation of Privilege Vulnerability

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-47281
Baja Visual Studio

CVE-2026-47284 Visual Studio Code Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.

CVE-2026-47284
Baja Microsoft Office

CVE-2026-47293 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

CVE-2026-47293
Baja Windows

CVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability

Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.

CVE-2026-42910
Baja Microsoft Office

CVE-2026-47634 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-47634
Baja Microsoft Office

CVE-2026-47640 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-47640
Baja Azure

CVE-2026-47643 Azure Stack Edge Remote Code Execution Vulnerability

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.

CVE-2026-47643
Baja Microsoft Office

CVE-2026-45481 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-45481
Baja Microsoft Office

CVE-2026-45484 Microsoft SharePoint Elevation of Privilege Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

CVE-2026-45484
Baja Windows

CVE-2026-47656 Windows Boot Manager Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.

CVE-2026-47656
Baja Microsoft Office

CVE-2026-48560 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-48560
Baja Microsoft Office

CVE-2026-48562 Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2026-48562
Baja Windows

CVE-2026-48565 Windows Narrator Braille Elevation of Privilege Vulnerability

Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.

CVE-2026-48565
Baja Visual Studio

CVE-2026-48569 Visual Studio Code Security Feature Bypass Vulnerability

Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-48569
Media Windows

CVE-2026-48574 Windows Media Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

CVE-2026-48574
Baja Microsoft

CVE-2026-49160 HTTP.sys Denial of Service Vulnerability

Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.

CVE-2026-49160
Baja Windows

CVE-2026-50507 Windows BitLocker Security Feature Bypass Vulnerability

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2026-50507
Baja Microsoft

CVE-2026-50511 Microsoft PC Manager Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

CVE-2026-50511
Baja Microsoft

CVE-2026-50512 Microsoft PC Manager Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

CVE-2026-50512
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11297 Insufficient validation of untrusted input in Reader Mode

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11297
Sin clasificar Microsoft Edge

Chromium: CVE-2026-10883 Out of bounds write in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-10883
Sin clasificar Microsoft Edge

Chromium: CVE-2026-10892 Out of bounds write in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-10892
Sin clasificar Microsoft Edge

Chromium: CVE-2026-10923 Use after free in WebAppInstalls

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-10923
Baja Microsoft Edge

Chromium: CVE-2026-10929 Heap buffer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-10929
Sin clasificar Microsoft Edge

Chromium: CVE-2026-10934 Use after free in Autofill

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-10934
Sin clasificar Microsoft Edge

Chromium: CVE-2026-10953 Use after free in Core

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-10953
Sin clasificar Microsoft Edge

Chromium: CVE-2026-10959 Use after free in Input

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-10959
Sin clasificar Microsoft Edge

Chromium: CVE-2026-10967 Use after free in SurfaceCapture

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-10967
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11007 Insufficient validation of untrusted input in WebView

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11007
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11010 Use after free in WebShare

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11010
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11019 Inappropriate implementation in Payments

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11019
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11034 Insufficient validation of untrusted input in Tab Group Sync

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11034
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11064 Uninitialized Use in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11064
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11077 Out of bounds read in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11077
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11127 Inappropriate implementation in WebAPKs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11127
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11163 Use after free in Messages

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11163
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11167 Inappropriate implementation in WebView

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11167
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11172 Incorrect security UI in Contact Picker

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11172
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11215 Inappropriate implementation in Cronet

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11215
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11247 Insufficient policy enforcement in CustomTabs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11247
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11270 Inappropriate implementation in UI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11270
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11278 Inappropriate implementation in CustomTabs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11278
Baja Microsoft Edge

Chromium: CVE-2026-11290 Integer overflow in WebView

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11290
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11035 Insufficient validation of untrusted input in Custom Tabs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11035
Sin clasificar Microsoft Edge

Chromium: CVE-2026-11097 Inappropriate implementation in WebView

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

CVE-2026-11097
Baja Windows

CVE-2026-42836 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

CVE-2026-42836
Baja Windows

CVE-2026-42837 Windows Projected File System Elevation of Privilege Vulnerability

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-42837
Sin clasificar Windows

CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability

Information published.

CVE-2026-42903
Baja Windows

CVE-2026-42904 Windows TCP/IP Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

CVE-2026-42904
Sin clasificar Windows

CVE-2026-42905 Windows DWM Core Library Elevation of Privilege Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-42905
Baja Windows

CVE-2026-42906 Windows Shell Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

CVE-2026-42906
Baja Windows

CVE-2026-42907 Windows Shell Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

CVE-2026-42907
Baja Windows

CVE-2026-42908 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

CVE-2026-42908
Baja Windows

CVE-2026-42980 NT OS Kernel Elevation of Privilege Vulnerability

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-42980
Baja Microsoft

CVE-2026-42909 Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-42909
Baja Windows

CVE-2026-42916 NT OS Kernel Elevation of Privilege Vulnerability

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-42916
Baja Windows

CVE-2026-42911 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-42911
Baja Microsoft

CVE-2026-42913 Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-42913
Baja Windows

CVE-2026-42912 Windows Telephony Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

CVE-2026-42912
Sin clasificar Windows

CVE-2026-42914 Windows Kerberos Denial of Service Vulnerability

Information published.

CVE-2026-42914
Baja Windows

CVE-2026-42915 Windows TCP/IP Denial of Service Vulnerability

Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.

CVE-2026-42915
Baja Windows

CVE-2026-42968 Windows Telephony Server Information Disclosure Vulnerability

Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.

CVE-2026-42968
Baja Windows

CVE-2026-42972 Windows Hyper-V Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.

CVE-2026-42972
Baja Windows

CVE-2026-42969 Windows Push Notification Information Disclosure Vulnerability

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-42969
Baja Windows

CVE-2026-42971 Windows Push Notification Information Disclosure Vulnerability

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-42971
Baja Windows

CVE-2026-42970 Windows Push Notification Information Disclosure Vulnerability

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-42970
Baja Windows

CVE-2026-42973 Windows Push Notification Information Disclosure Vulnerability

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-42973
Baja Windows

CVE-2026-42984 Windows Kernel Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-42984
Baja Windows

CVE-2026-42981 Windows Performance Monitor Remote Code Execution Vulnerability

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

CVE-2026-42981
Baja Windows

CVE-2026-42974 Windows Performance Monitor Remote Code Execution Vulnerability

Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.

CVE-2026-42974
Baja Microsoft

CVE-2026-42986 Microsoft Graphics Component Elevation of Privilege Vulnerability

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

CVE-2026-42986
Baja Windows

CVE-2026-42978 Windows Push Notifications Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

CVE-2026-42978
Baja Windows

CVE-2026-42977 Windows Push Notifications Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

CVE-2026-42977
Baja Windows

CVE-2026-42979 Windows Push Notifications Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

CVE-2026-42979
Baja Windows

CVE-2026-42991 Windows Push Notifications Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

CVE-2026-42991
Baja Microsoft

CVE-2026-42989 Winlogon Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.

CVE-2026-42989
Baja Windows

CVE-2026-44809 Windows Common Log File System Driver Elevation of Privilege Vulnerability

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-44809
Baja Windows

CVE-2026-44810 Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.

CVE-2026-44810
Baja Microsoft

CVE-2026-42992 Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-42992
Baja Windows

CVE-2026-44805 Windows Network Controller (NC) Host Agent Denial of Service Vulnerability

Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.

CVE-2026-44805
Baja Windows

CVE-2026-44811 Windows DWM Core Library Elevation of Privilege Vulnerability

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-44811
Baja Windows

CVE-2026-44808 Windows DWM Core Library Elevation of Privilege Vulnerability

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-44808
Baja Windows

CVE-2026-44807 Windows DWM Core Library Elevation of Privilege Vulnerability

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-44807
Baja Microsoft

CVE-2026-44799 Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-44799
Baja Windows

CVE-2026-44815 DHCP Client Service Remote Code Execution Vulnerability

Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

CVE-2026-44815
Baja Windows

CVE-2026-42983 Windows DWM Core Library Elevation of Privilege Vulnerability

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-42983
Baja Windows

CVE-2026-44802 Windows DWM Core Library Elevation of Privilege Vulnerability

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-44802
Baja Windows

CVE-2026-44814 Windows DWM Core Library Information Disclosure Vulnerability

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

CVE-2026-44814
Baja Microsoft

CVE-2026-44801 Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-44801
Baja Microsoft

CVE-2026-42985 Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-42985
Baja Windows

CVE-2026-42987 Windows Deployment Services (WDS) Remote Code Execution

Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.

CVE-2026-42987
Baja Windows

CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

CVE-2026-44803
Baja Windows

CVE-2026-44812 Windows Graphics Component Remote Code Execution Vulnerability

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

CVE-2026-44812
Baja Microsoft

CVE-2026-42993 Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-42993
Baja Windows

CVE-2026-44813 Windows DWM Core Library Elevation of Privilege Vulnerability

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-44813
Baja Windows

CVE-2026-44804 Windows DWM Core Library Elevation of Privilege Vulnerability

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-44804
Sin clasificar Exchange Server

CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability

Added links to June 2026 Exchange Server security updates. Microsoft recommends installing this updates as soon as possible.

CVE-2026-42897
Sin clasificar Microsoft 365

CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability

Added Microsoft Excel for Android, Microsoft Word for Android, Microsoft Loop for Android, Microsoft PowerPoint for Android and Microsoft OneNote for Android softwares to the Security Updates table. Customers that ar...

CVE-2026-41100
Sin clasificar Windows

CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability

Added Office softwares to the Security Updates table. Customers that are running supported versions of Office are encouraged to update to the indicated versions to be protected from this vulnerability.

CVE-2026-21530
Sin clasificar Windows

CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability

Updated product information in the Software Update table. This is an informational change only.

CVE-2026-45585
Sin clasificar Windows

CVE-2024-49075 Windows Remote Desktop Services Denial of Service Vulnerability

To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...

CVE-2024-49075
Sin clasificar Windows

CVE-2024-49123 Windows Remote Desktop Services Remote Code Execution Vulnerability

To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...

CVE-2024-49123
Sin clasificar Windows

CVE-2024-49132 Windows Remote Desktop Services Remote Code Execution Vulnerability

To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...

CVE-2024-49132
Sin clasificar Windows

CVE-2025-21330 Windows Remote Desktop Services Denial of Service Vulnerability

To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...

CVE-2025-21330
Sin clasificar Windows

CVE-2024-43582 Remote Desktop Protocol Server Remote Code Execution Vulnerability

To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...

CVE-2024-43582
Sin clasificar Windows

CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability

Added links to June 2026 Windows security updates. Microsoft recommends installing this updates as soon as possible.

CVE-2026-45585
Sin clasificar Windows

CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

To comprehensively address the vulnerability identified by CVE-2020-17103, Microsoft recommends installing the June 2026 updates for your Windows operating systems.

CVE-2020-17103
Baja Microsoft

CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile

Information published.

CVE-2026-27144
Sin clasificar Microsoft

CVE-2026-32280 Unexpected work during chain building in crypto/x509

Information published.

CVE-2026-32280
Sin clasificar Microsoft

CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile

Information published.

CVE-2026-27143
Sin clasificar Microsoft

CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go

Information published.

CVE-2026-27140
Sin clasificar Microsoft

CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template

Information published.

CVE-2026-27142
Sin clasificar Microsoft

CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Information published.

CVE-2026-42502
Sin clasificar Microsoft

CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

Information published.

CVE-2026-25681
Sin clasificar Microsoft

CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

Information published.

CVE-2026-39827
Sin clasificar Microsoft

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

Information published.

CVE-2026-39835
Sin clasificar Microsoft

CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-46598
Sin clasificar Microsoft

CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-39833
Sin clasificar Microsoft

CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2

Information published.

CVE-2026-42250
Sin clasificar Microsoft

CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory

Information published.

CVE-2026-42496
Sin clasificar Microsoft

CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification

Information published.

CVE-2026-42790
Sin clasificar Microsoft

CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob

Information published.

CVE-2026-48962
Baja Microsoft

CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution

Information published.

CVE-2026-25243
Baja Microsoft

CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution

Information published.

CVE-2026-23631
Baja Microsoft

CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution

Information published.

CVE-2026-23479
Sin clasificar Microsoft

CVE-2026-33811 Crash when handling long CNAME response in net

Information published.

CVE-2026-33811
Sin clasificar Microsoft

CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail

Information published.

CVE-2026-39820
Sin clasificar Windows

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

Information published.

CVE-2026-39836
Sin clasificar Microsoft

CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail

Information published.

CVE-2026-42499
Sin clasificar Microsoft

CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go

Information published.

CVE-2026-42501
Sin clasificar Microsoft

CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c

Information published.

CVE-2026-40528
Baja Microsoft

CVE-2026-40510 OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c

Information published.

CVE-2026-40510
Media Microsoft

CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation

Information published.

CVE-2026-42789
Sin clasificar Microsoft

CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date

Information published.

CVE-2025-15649
Baja Microsoft

CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward

Information published.

CVE-2026-48959
Sin clasificar Microsoft

CVE-2026-46250 MIPS: Work around LLVM bug when gp is used as global register variable

Information published.

CVE-2026-46250
Sin clasificar Microsoft

CVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime

Information published.

CVE-2026-42504
Sin clasificar Microsoft

CVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,

Information published.

CVE-2026-50219
Baja Microsoft

CVE-2026-10722 cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow

Information published.

CVE-2026-10722
Baja Microsoft

CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

Information published.

CVE-2026-43958
Sin clasificar Microsoft

CVE-2026-11463 USCiLab Cereal Shared Pointer type confusion

Information published.

CVE-2026-11463
Sin clasificar Microsoft

CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service

Information published.

CVE-2026-49975
Sin clasificar Microsoft

CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body

Information published.

CVE-2026-40930
Baja Microsoft

CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders

Information published.

CVE-2026-10879
Baja Microsoft

CVE-2026-50256 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch

Information published.

CVE-2026-50256
Sin clasificar Microsoft

CVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes

Information published.

CVE-2026-50262
Sin clasificar Microsoft

CVE-2026-50260 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()

Information published.

CVE-2026-50260
Sin clasificar Microsoft

CVE-2026-50257 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()

Information published.

CVE-2026-50257
Baja Microsoft

CVE-2026-50258 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels

Information published.

CVE-2026-50258
Sin clasificar Microsoft

CVE-2026-50263 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()

Information published.

CVE-2026-50263
Sin clasificar Microsoft

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

Information published.

CVE-2026-8643
Baja Microsoft

CVE-2026-50031 ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Two subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" were found to have exploitable buffer overflows on response messages.

Information published.

CVE-2026-50031
Sin clasificar Microsoft

CVE-2026-46272 coresight: tmc-etr: Fix race condition between sysfs and perf mode

Information published.

CVE-2026-46272
Sin clasificar Microsoft

CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto

Information published.

CVE-2026-42507
Sin clasificar Microsoft

CVE-2026-50292 In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution

Information published.

CVE-2026-50292
Sin clasificar Microsoft

CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509

Information published.

CVE-2026-27145
Baja Microsoft

CVE-2026-37460 Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

Information published.

CVE-2026-37460
Baja Microsoft

CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

Information published.

CVE-2026-7774
Sin clasificar Microsoft

CVE-2026-50265 Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292

Information published.

CVE-2026-50265 CVE-2026-50292
Sin clasificar Microsoft

CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()

Information published.

CVE-2026-50261
Baja Microsoft

CVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing

Information published.

CVE-2026-50259
Sin clasificar Microsoft Edge

CVE-2026-35429 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-35429
Sin clasificar Microsoft Edge

CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-33118
Sin clasificar Microsoft

CVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime

Information published.

CVE-2026-42504
Sin clasificar Microsoft

CVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,

Information published.

CVE-2026-50219
Baja Microsoft

CVE-2026-10722 cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow

Information published.

CVE-2026-10722
Baja Microsoft

CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

Information published.

CVE-2026-43958
Sin clasificar Microsoft

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

Information published.

CVE-2026-8643
Sin clasificar Microsoft

CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto

Information published.

CVE-2026-42507
Sin clasificar Microsoft

CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509

Information published.

CVE-2026-27145
Sin clasificar Microsoft

CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

Information published.

CVE-2026-11332
Baja Microsoft

CVE-2026-37460 Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

Information published.

CVE-2026-37460
Sin clasificar Microsoft

CVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal

Information published.

CVE-2026-5419
Sin clasificar Microsoft

CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities

Information published.

CVE-2026-8829
Sin clasificar Microsoft

CVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()

Information published.

CVE-2026-3276
Baja Microsoft

CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory

Information published.

CVE-2026-7774
Sin clasificar Windows

CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-33841
Sin clasificar Windows

CVE-2026-32177 .NET Elevation of Privilege Vulnerability

This CVE was updated to fix the download link for .NET Framework 3.8 & 4.81 for Windows 2025

CVE-2026-32177
Sin clasificar Windows

CVE-2026-35433 .NET Elevation of Privilege Vulnerability

This CVE was updated to fix the download link for .NET Framework 3.8 & 4.81 for Windows 2025

CVE-2026-35433
Sin clasificar Microsoft

CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Information published.

CVE-2026-42502
Sin clasificar Microsoft

CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

Information published.

CVE-2026-25681
Sin clasificar Microsoft

CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

Information published.

CVE-2026-39827
Sin clasificar Microsoft

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

Information published.

CVE-2026-39835
Sin clasificar Microsoft

CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-46598
Sin clasificar Microsoft

CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Information published.

CVE-2026-25680
Baja Azure

CVE-2026-48567 Azure HorizonDB Elevation of Privilege Vulnerability

Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-48567
Baja Microsoft

CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-42824
Baja Microsoft

CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.

CVE-2026-45497
Baja Microsoft Edge

CVE-2026-47644 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability

Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

CVE-2026-47644
Baja Microsoft

CVE-2026-47655 Microsoft Graph Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network.

CVE-2026-47655
Baja Microsoft

CVE-2026-48579 Microsoft Exchange Online Information Disclosure Vulnerability

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.

CVE-2026-48579
Sin clasificar Microsoft

CVE-2025-1149 GNU Binutils ld xmalloc.c xstrdup memory leak

Information published.

CVE-2025-1149
Sin clasificar Microsoft

CVE-2026-35414 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

Information published.

CVE-2026-35414
Sin clasificar Microsoft

CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4

Information published.

CVE-2026-41140
Sin clasificar Microsoft

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Information published.

CVE-2026-42506
Sin clasificar Microsoft

CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Information published.

CVE-2026-42502
Sin clasificar Microsoft

CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html

Information published.

CVE-2026-27136
Sin clasificar Microsoft

CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

Information published.

CVE-2026-25681
Sin clasificar Microsoft

CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

Information published.

CVE-2026-39827
Sin clasificar Microsoft

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

Information published.

CVE-2026-39835
Sin clasificar Microsoft

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

Information published.

CVE-2026-39828
Sin clasificar Microsoft

CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-46598
Baja Microsoft

CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums

Information published.

CVE-2026-9150
Baja Microsoft

CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

Information published.

CVE-2026-9149
Baja Microsoft

CVE-2026-43964 Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.

Information published.

CVE-2026-43964
Sin clasificar Microsoft

CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Information published.

CVE-2026-25680
Sin clasificar Microsoft

CVE-2024-7598 Network restriction bypass via race condition during namespace termination

Information published.

CVE-2024-7598
Baja Microsoft

CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment

Information published.

CVE-2025-29923
Baja Microsoft

CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve

Information published.

CVE-2026-25541
Baja Microsoft

CVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).

Information published.

CVE-2025-60876
Sin clasificar Microsoft

CVE-2020-8561 Webhook redirect in kube-apiserver

Information published.

CVE-2020-8561
Sin clasificar Microsoft

CVE-2021-25740 Holes in EndpointSlice Validation Enable Host Network Hijack

Information published.

CVE-2021-25740
Sin clasificar Microsoft

CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Information published.

CVE-2025-61729
Sin clasificar Microsoft

CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509

Information published.

CVE-2025-61727
Sin clasificar Microsoft

CVE-2025-5791 Users: `root` appended to group listings

Information published.

CVE-2025-5791
Sin clasificar Microsoft

CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion

Information published.

CVE-2025-9403
Sin clasificar Microsoft

CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences

Information published.

CVE-2025-58160
Sin clasificar Microsoft

CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509

Information published.

CVE-2025-58188
Sin clasificar Microsoft

CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar

Information published.

CVE-2025-58183
Sin clasificar Microsoft

CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail

Information published.

CVE-2025-61725
Sin clasificar Microsoft

CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http

Information published.

CVE-2025-58186
Sin clasificar Microsoft

CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto

Information published.

CVE-2025-61724
Sin clasificar Microsoft

CVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration file

Information published.

CVE-2025-46327
Sin clasificar Microsoft

CVE-2024-58251 In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.

Information published.

CVE-2024-58251
Sin clasificar Microsoft

CVE-2025-46394 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

Information published.

CVE-2025-46394
Sin clasificar Microsoft

CVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leak

Information published.

CVE-2025-3198
Baja Microsoft

CVE-2013-1633 easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.

Information published.

CVE-2013-1633
Baja Microsoft

CVE-2024-58266 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.

Information published.

CVE-2024-58266
Sin clasificar Microsoft

CVE-2023-27043 The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

Information published.

CVE-2023-27043
Baja Microsoft

CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow

Information published.

CVE-2025-1176
Sin clasificar Microsoft

CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption

Information published.

CVE-2025-1178
Sin clasificar Microsoft

CVE-2025-1151 GNU Binutils ld xmemdup.c xmemdup memory leak

Information published.

CVE-2025-1151
Sin clasificar Microsoft

CVE-2025-1150 GNU Binutils ld libbfd.c bfd_malloc memory leak

Information published.

CVE-2025-1150
Sin clasificar Microsoft

CVE-2025-1180 GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption

Information published.

CVE-2025-1180
Sin clasificar Microsoft

CVE-2025-1152 GNU Binutils ld xstrdup.c xstrdup memory leak

Information published.

CVE-2025-1152
Sin clasificar Microsoft

CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

Information published.

CVE-2026-29181
Baja Microsoft

CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile

Information published.

CVE-2026-27144
Sin clasificar Microsoft

CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix

Information published.

CVE-2026-32282
Sin clasificar Microsoft

CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

Information published.

CVE-2026-40226
Baja Microsoft

CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal

Information published.

CVE-2026-5928
Sin clasificar Microsoft

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

Information published.

CVE-2026-6357
Sin clasificar Microsoft

CVE-2026-41607 Apache Thrift: C++ JSON OOB read

Information published.

CVE-2026-41607
Crítica Microsoft

CVE-2026-41526 In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.

Information published.

CVE-2026-41526
Baja Microsoft

CVE-2026-40356 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.

Information published.

CVE-2026-40356
Sin clasificar Windows

CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs

Information published.

CVE-2026-3087
Sin clasificar Microsoft

CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions

Information published.

CVE-2026-6842
Sin clasificar Microsoft

CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies

Information published.

CVE-2026-39882
Sin clasificar Microsoft

CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar

Information published.

CVE-2026-32288
Sin clasificar Microsoft

CVE-2026-32281 Inefficient policy validation in crypto/x509

Information published.

CVE-2026-32281
Sin clasificar Microsoft

CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template

Information published.

CVE-2026-32289
Sin clasificar Microsoft

CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls

Information published.

CVE-2026-32283
Sin clasificar Microsoft

CVE-2026-32280 Unexpected work during chain building in crypto/x509

Information published.

CVE-2026-32280
Sin clasificar Microsoft

CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile

Information published.

CVE-2026-27143
Sin clasificar Microsoft

CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go

Information published.

CVE-2026-27140
Sin clasificar Microsoft

CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

Information published.

CVE-2026-1502
Sin clasificar Microsoft

CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Information published.

CVE-2026-6100
Sin clasificar Microsoft

CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Information published.

CVE-2026-4786 CVE-2026-4519
Baja Microsoft

CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal

Information published.

CVE-2026-5358
Baja Microsoft

CVE-2026-5450 scanf %mc off-by-one heap buffer overflow

Information published.

CVE-2026-5450
Sin clasificar Microsoft

CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives

Information published.

CVE-2026-3219
Sin clasificar Microsoft

CVE-2026-40225 In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

Information published.

CVE-2026-40225
Baja Microsoft

CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path

Information published.

CVE-2026-5435
Sin clasificar Microsoft

CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters

Information published.

CVE-2026-6019
Sin clasificar Microsoft

CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field

Information published.

CVE-2026-6238
Baja Microsoft

CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow

Information published.

CVE-2026-41606
Sin clasificar Microsoft

CVE-2026-40355 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.

Information published.

CVE-2026-40355
Sin clasificar Microsoft

CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file

Information published.

CVE-2026-6845
Sin clasificar Microsoft

CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service

Information published.

CVE-2026-6843
Baja Microsoft

CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response

Information published.

CVE-2026-3832
Sin clasificar Microsoft

CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation

Information published.

CVE-2026-6383
Baja Microsoft

CVE-2024-30896 InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API.

Information published.

CVE-2024-30896
Sin clasificar Microsoft

CVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on drop

Information published.

CVE-2025-4574
Sin clasificar Microsoft

CVE-2019-11254 Kubernetes API Server denial of service vulnerability from malicious YAML payloads

Information published.

CVE-2019-11254
Sin clasificar Microsoft

CVE-2023-1386 Qemu: 9pfs: suid/sgid bits not dropped on file write

Information published.

CVE-2023-1386
Sin clasificar Microsoft

CVE-2026-2297 SourcelessFileLoader does not use io.open_code()

Information published.

CVE-2026-2297
Sin clasificar Microsoft

CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template

Information published.

CVE-2026-27142
Baja Microsoft

CVE-2026-4224 Stack overflow parsing XML with deeply nested DTD content models

Information published.

CVE-2026-4224
Sin clasificar Microsoft

CVE-2026-3644 Incomplete control character validation in http.cookies

Information published.

CVE-2026-3644
Sin clasificar Microsoft

CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization

Information published.

CVE-2026-4948
Baja Microsoft

CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow

Information published.

CVE-2026-3713
Sin clasificar Microsoft

CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

Information published.

CVE-2025-13462
Sin clasificar Microsoft

CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message

Information published.

CVE-2026-0968
Baja Microsoft

CVE-2026-37457 An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.

Information published.

CVE-2026-37457
Sin clasificar Azure

CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API

Information published.

CVE-2026-42151
Baja Microsoft

CVE-2026-33846 Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly

Information published.

CVE-2026-33846
Sin clasificar Microsoft

CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Information published.

CVE-2026-33814
Sin clasificar Microsoft

CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

Information published.

CVE-2026-39823
Sin clasificar Microsoft

CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals

Information published.

CVE-2026-41889
Baja Microsoft

CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro

Information published.

CVE-2026-43894
Baja Microsoft

CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge

Information published.

CVE-2026-43896
Sin clasificar Microsoft

CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

Information published.

CVE-2026-43895
Baja Microsoft

CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains

Information published.

CVE-2026-40612
Sin clasificar Microsoft

CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f

Information published.

CVE-2026-41256
Sin clasificar Microsoft

CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences

Information published.

CVE-2026-8177
Baja Microsoft

CVE-2026-44777 jq: stack overflow in module loading on mutual `include`

Information published.

CVE-2026-44777
Sin clasificar Microsoft

CVE-2026-4873 connection reuse ignores TLS requirement

Information published.

CVE-2026-4873
Sin clasificar Microsoft

CVE-2026-6429 netrc credential leak with reused proxy connection

Information published.

CVE-2026-6429
Sin clasificar Microsoft

CVE-2026-5545 wrong reuse of HTTP Negotiate connection

Information published.

CVE-2026-5545
Sin clasificar Microsoft

CVE-2026-6253 proxy credentials leak over redirect-to proxy

Information published.

CVE-2026-6253
Sin clasificar Microsoft

CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains

Information published.

CVE-2026-42304
Sin clasificar Microsoft

CVE-2026-4893 CVE-2026-4893

Information published.

CVE-2026-4893
Sin clasificar Microsoft

CVE-2026-2291 CVE-2026-2291

Information published.

CVE-2026-2291
Sin clasificar Microsoft

CVE-2026-5172 CVE-2026-5172

Information published.

CVE-2026-5172
Sin clasificar Microsoft

CVE-2026-4890 CVE-2026-4890

Information published.

CVE-2026-4890
Sin clasificar Microsoft

CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command

Information published.

CVE-2026-34956
Sin clasificar Microsoft

CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

Information published.

CVE-2026-7210
Sin clasificar Microsoft

CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Information published.

CVE-2026-43969
Baja Microsoft

CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection

Information published.

CVE-2026-45803
Sin clasificar Microsoft

CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability

Information published.

CVE-2026-42009
Sin clasificar Microsoft

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Information published.

CVE-2026-42506
Sin clasificar Microsoft

CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Information published.

CVE-2026-42502
Sin clasificar Microsoft

CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html

Information published.

CVE-2026-27136
Sin clasificar Microsoft

CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

Information published.

CVE-2026-25681
Sin clasificar Microsoft

CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

Information published.

CVE-2026-39829
Sin clasificar Microsoft

CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

Information published.

CVE-2026-39830
Baja Microsoft

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

Information published.

CVE-2026-46597
Sin clasificar Microsoft

CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

Information published.

CVE-2026-39827
Sin clasificar Microsoft

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

Information published.

CVE-2026-39835
Sin clasificar Microsoft

CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh

Information published.

CVE-2026-39834
Sin clasificar Microsoft

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

Information published.

CVE-2026-39828
Sin clasificar Microsoft

CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-46598
Sin clasificar Microsoft

CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-39833
Sin clasificar Microsoft

CVE-2026-5222 Cargo can be coerced to share credentials between registries

Information published.

CVE-2026-5222
Baja Microsoft

CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution

Information published.

CVE-2026-25243
Baja Microsoft

CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution

Information published.

CVE-2026-23631
Baja Microsoft

CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution

Information published.

CVE-2026-23479
Sin clasificar Microsoft

CVE-2026-33811 Crash when handling long CNAME response in net

Information published.

CVE-2026-33811
Sin clasificar Microsoft

CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go

Information published.

CVE-2026-39817
Baja Microsoft

CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

Information published.

CVE-2026-39819
Sin clasificar Microsoft

CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail

Information published.

CVE-2026-39820
Sin clasificar Microsoft

CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil

Information published.

CVE-2026-39825
Sin clasificar Microsoft

CVE-2026-39826 Escaper bypass leads to XSS in html/template

Information published.

CVE-2026-39826
Sin clasificar Windows

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

Information published.

CVE-2026-39836
Sin clasificar Microsoft

CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail

Information published.

CVE-2026-42499
Sin clasificar Microsoft

CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go

Information published.

CVE-2026-42501
Baja Microsoft

CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)

Information published.

CVE-2026-41257
Sin clasificar Microsoft

CVE-2026-6276 stale custom cookie host causes cookie leak

Information published.

CVE-2026-6276
Sin clasificar Microsoft

CVE-2026-7168 cross-proxy Digest auth state leak

Information published.

CVE-2026-7168
Sin clasificar Microsoft

CVE-2026-4891 CVE-2026-4891

Information published.

CVE-2026-4891
Sin clasificar Microsoft

CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username

Information published.

CVE-2026-42010
Sin clasificar Microsoft

CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

Information published.

CVE-2026-7790
Sin clasificar Microsoft

CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1

Information published.

CVE-2026-43968
Sin clasificar Microsoft

CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

Information published.

CVE-2026-8368
Sin clasificar Microsoft

CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

Information published.

CVE-2026-8328
Sin clasificar Microsoft

CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

Information published.

CVE-2026-39821
Sin clasificar Microsoft

CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Information published.

CVE-2026-25680
Sin clasificar Microsoft

CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy

Information published.

CVE-2026-8466
Sin clasificar Microsoft

CVE-2026-5223 Crates in third party registries can override the cached source of other crates

Information published.

CVE-2026-5223
Sin clasificar Microsoft

CVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directive

Information published.

CVE-2026-44896
Sin clasificar Microsoft

CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability

Information published.

CVE-2026-44899
Baja Microsoft

CVE-2025-55551 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

Information published.

CVE-2025-55551
Baja Microsoft

CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow

Information published.

CVE-2025-11083
Baja Microsoft

CVE-2025-55554 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

Information published.

CVE-2025-55554
Sin clasificar Microsoft

CVE-2026-40361 Microsoft Outlook and Word Remote Code Execution Vulnerability

Updated CVE title. This is an informational change only.

CVE-2026-40361
Sin clasificar Microsoft

CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference

Information published.

CVE-2025-15504
Sin clasificar Microsoft

CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

Information published.

CVE-2017-3736
Baja Microsoft

CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion

Information published.

CVE-2026-31789
Sin clasificar Microsoft

CVE-2026-28387 Potential Use-after-free in DANE Client Code

Information published.

CVE-2026-28387
Sin clasificar Microsoft

CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL

Information published.

CVE-2026-28388
Sin clasificar Microsoft

CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure

Information published.

CVE-2026-34757
Sin clasificar Microsoft

CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

Information published.

CVE-2026-41080
Sin clasificar Microsoft

CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo

Information published.

CVE-2026-28389
Sin clasificar Microsoft

CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo

Information published.

CVE-2026-28390
Baja Microsoft

CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.

Information published.

CVE-2026-34875
Baja Microsoft

CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.

Information published.

CVE-2026-34874
Baja Microsoft

CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.

Information published.

CVE-2026-34876
Sin clasificar Microsoft

CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).

Information published.

CVE-2026-25835
Sin clasificar Microsoft

CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.

Information published.

CVE-2025-66442
Sin clasificar Microsoft

CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.

Information published.

CVE-2026-34873
Sin clasificar Microsoft

CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).

Information published.

CVE-2026-34871
Sin clasificar Microsoft

CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).

Information published.

CVE-2026-34872
Baja Microsoft

CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.

Information published.

CVE-2026-25834
Baja Microsoft

CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function

Information published.

CVE-2026-25833
Baja Microsoft

CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.

Information published.

CVE-2025-23167
Sin clasificar Microsoft

CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process. The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.

Information published.

CVE-2026-21717
Sin clasificar Microsoft

CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group

Information published.

CVE-2026-2673
Sin clasificar Microsoft

CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers

Information published.

CVE-2026-33671
Sin clasificar Microsoft

CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching

Information published.

CVE-2026-33672
Baja Microsoft

CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary. This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.

Information published.

CVE-2026-21711
Sin clasificar Microsoft

CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports

Information published.

CVE-2026-35579
Sin clasificar Microsoft

CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault

Information published.

CVE-2026-7261
Baja Microsoft

CVE-2026-7568 Signed integer overflow in metaphone()

Information published.

CVE-2026-7568
Sin clasificar Microsoft

CVE-2026-3592 Amplification vulnerabilities via self-pointed glue records

Information published.

CVE-2026-3592
Sin clasificar Microsoft

CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability

Information published.

CVE-2026-42009
Sin clasificar Microsoft

CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly

Information published.

CVE-2026-8723
Baja Microsoft

CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading

Information published.

CVE-2025-14575
Sin clasificar Microsoft

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Information published.

CVE-2026-42506
Baja Windows

CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

Information published.

CVE-2026-39824
Sin clasificar Microsoft

CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Information published.

CVE-2026-42502
Sin clasificar Microsoft

CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html

Information published.

CVE-2026-27136
Sin clasificar Microsoft

CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

Information published.

CVE-2026-25681
Sin clasificar Microsoft

CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

Information published.

CVE-2026-39829
Sin clasificar Microsoft

CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

Information published.

CVE-2026-39830
Baja Microsoft

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

Information published.

CVE-2026-46597
Sin clasificar Microsoft

CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh

Information published.

CVE-2026-39831
Sin clasificar Microsoft

CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

Information published.

CVE-2026-39827
Sin clasificar Microsoft

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

Information published.

CVE-2026-39835
Sin clasificar Microsoft

CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh

Information published.

CVE-2026-39834
Sin clasificar Microsoft

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

Information published.

CVE-2026-39828
Sin clasificar Microsoft

CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-46598
Sin clasificar Microsoft

CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Information published.

CVE-2026-46595
Sin clasificar Microsoft

CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-39833
Sin clasificar Microsoft

CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

Information published.

CVE-2026-42508
Sin clasificar Microsoft

CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

Information published.

CVE-2026-6402
Sin clasificar Microsoft

CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments

Information published.

CVE-2026-44844
Sin clasificar Microsoft

CVE-2026-44708 Mistune Math Plugin XSS Escape Bypass

Information published.

CVE-2026-44708
Sin clasificar Microsoft

CVE-2026-44897 Mistune Heading ID Attribute Injection XSS

Information published.

CVE-2026-44897
Sin clasificar Microsoft

CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()

Information published.

CVE-2026-47104
Sin clasificar Microsoft

CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2

Information published.

CVE-2026-42250
Sin clasificar Microsoft

CVE-2026-46232 HID: playstation: Clamp num_touch_reports

Information published.

CVE-2026-46232
Media Microsoft

CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups

Information published.

CVE-2026-46235
Sin clasificar Microsoft

CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger

Information published.

CVE-2026-46157
Baja Microsoft

CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header

Information published.

CVE-2026-9538
Baja Microsoft

CVE-2026-10028 Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain

Information published.

CVE-2026-10028
Sin clasificar Microsoft

CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error

Information published.

CVE-2026-6324
Baja Microsoft

CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow

Information published.

CVE-2026-7598
Sin clasificar Microsoft

CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD

Information published.

CVE-2026-7258
Sin clasificar Microsoft

CVE-2026-6722 Use-After-Free in SOAP using Apache map

Information published.

CVE-2026-6722
Sin clasificar Microsoft

CVE-2026-6735 XSS within PHP-FPM status endpoint

Information published.

CVE-2026-6735
Sin clasificar Microsoft

CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing

Information published.

CVE-2026-7262
Sin clasificar Microsoft

CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings

Information published.

CVE-2025-14179
Sin clasificar Microsoft

CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()

Information published.

CVE-2026-7259
Sin clasificar Microsoft

CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

Information published.

CVE-2026-39821
Sin clasificar Microsoft

CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Information published.

CVE-2026-25680
Sin clasificar Microsoft

CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-39832
Sin clasificar Microsoft

CVE-2026-44898 Mistune TOC Anchor Injection XSS

Information published.

CVE-2026-44898
Sin clasificar Microsoft

CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()

Information published.

CVE-2026-23679
Sin clasificar Microsoft

CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually

Information published.

CVE-2026-46148
Sin clasificar Microsoft

CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback

Information published.

CVE-2026-46194
Baja Microsoft

CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams

Information published.

CVE-2026-46179
Sin clasificar Microsoft

CVE-2026-46143 ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens

Information published.

CVE-2026-46143
Sin clasificar Microsoft

CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size

Information published.

CVE-2026-46169
Sin clasificar Microsoft

CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock

Information published.

CVE-2026-46121
Sin clasificar Microsoft

CVE-2026-46184 sound: ua101: fix division by zero at probe

Information published.

CVE-2026-46184
Sin clasificar Microsoft

CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs

Information published.

CVE-2026-41184
Sin clasificar Microsoft

CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling

Information published.

CVE-2026-42015
Sin clasificar Microsoft

CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date

Information published.

CVE-2025-15649
Baja Microsoft

CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI

Information published.

CVE-2026-44839
Baja Microsoft

CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward

Information published.

CVE-2026-48959
Sin clasificar Microsoft Edge

CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Acknowledgement added. This is an informational change only.

CVE-2026-45495
Sin clasificar Microsoft Edge

CVE-2026-45494 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Acknowledgement added. This is an informational change only.

CVE-2026-45494
Sin clasificar Windows

CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability

Updated Hotpatch links. This is in informational change only.

CVE-2026-42825
Sin clasificar Microsoft

CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption

Updated Hotpatch links. This is in informational change only.

CVE-2025-54518
Sin clasificar Visual Studio

CVE-2025-6965 Integer Truncation on SQLite

Added Visual Studio software to the Security Updates table. Customers that are running supported version of Visual Studio are encouraged to update to the indicated version to be protected from this vulnerability.

CVE-2025-6965
Sin clasificar Microsoft

CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

Information published.

CVE-2026-39829
Sin clasificar Microsoft

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

Information published.

CVE-2026-39835
Sin clasificar Microsoft

CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

Information published.

CVE-2026-39821
Baja Microsoft

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Information published.

Baja Microsoft

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Information published.

Baja Microsoft

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Information published.

Sin clasificar Microsoft

CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference

Information published.

CVE-2025-15504
Baja Microsoft

CVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.

Information published.

CVE-2024-36137
Baja Microsoft

CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Information published.

CVE-2024-22018
Sin clasificar Microsoft

CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

Information published.

CVE-2017-3736
Baja Microsoft

CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion

Information published.

CVE-2026-31789
Sin clasificar Microsoft

CVE-2026-28387 Potential Use-after-free in DANE Client Code

Information published.

CVE-2026-28387
Sin clasificar Microsoft

CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL

Information published.

CVE-2026-28388
Sin clasificar Microsoft

CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo

Information published.

CVE-2026-28389
Sin clasificar Microsoft

CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo

Information published.

CVE-2026-28390
Baja Microsoft

CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.

Information published.

CVE-2026-34875
Baja Microsoft

CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.

Information published.

CVE-2026-34874
Baja Microsoft

CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.

Information published.

CVE-2026-34876
Sin clasificar Microsoft

CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).

Information published.

CVE-2026-25835
Sin clasificar Microsoft

CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.

Information published.

CVE-2025-66442
Sin clasificar Microsoft

CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.

Information published.

CVE-2026-34873
Sin clasificar Microsoft

CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).

Information published.

CVE-2026-34871
Sin clasificar Microsoft

CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).

Information published.

CVE-2026-34872
Baja Microsoft

CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.

Information published.

CVE-2026-25834
Baja Microsoft

CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function

Information published.

CVE-2026-25833
Baja Microsoft

CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.

Information published.

CVE-2025-23167
Sin clasificar Microsoft

CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process. The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.

Information published.

CVE-2026-21717
Sin clasificar Microsoft

CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group

Information published.

CVE-2026-2673
Sin clasificar Microsoft

CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers

Information published.

CVE-2026-33671
Sin clasificar Microsoft

CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching

Information published.

CVE-2026-33672
Baja Microsoft

CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary. This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.

Information published.

CVE-2026-21711
Sin clasificar Microsoft

CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2

Information published.

CVE-2026-42250
Sin clasificar Microsoft

CVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAF

Information published.

CVE-2026-46242
Sin clasificar Microsoft

CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification

Information published.

CVE-2026-42790
Sin clasificar Microsoft

CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans

Information published.

CVE-2026-42012
Sin clasificar Microsoft

CVE-2026-9804 Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read

Information published.

CVE-2026-9804
Baja Microsoft

CVE-2026-48864 Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data

Information published.

CVE-2026-48864
Sin clasificar Microsoft

CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob

Information published.

CVE-2026-48962
Sin clasificar Microsoft

CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule

Information published.

CVE-2026-40034
Sin clasificar Microsoft

CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c

Information published.

CVE-2026-40528
Baja Microsoft

CVE-2026-40510 OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c

Information published.

CVE-2026-40510
Media Microsoft

CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation

Information published.

CVE-2026-42789
Sin clasificar Microsoft

CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name

Information published.

CVE-2026-42013
Sin clasificar Microsoft

CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling

Information published.

CVE-2026-42015
Sin clasificar Microsoft

CVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchange

Information published.

CVE-2026-5260
Baja Microsoft

CVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability

Information published.

CVE-2026-7374
Sin clasificar Microsoft

CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date

Information published.

CVE-2025-15649
Baja Microsoft

CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI

Information published.

CVE-2026-44839
Sin clasificar Microsoft

CVE-2026-46219 spi: mpc52xx: fix use-after-free on unbind

Information published.

CVE-2026-46219
Sin clasificar Microsoft

CVE-2026-46214 vsock/virtio: fix accept queue count leak on transport mismatch

Information published.

CVE-2026-46214
Sin clasificar Microsoft

CVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-race

Information published.

CVE-2026-46137
Sin clasificar Microsoft

CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length

Information published.

CVE-2026-46186
Sin clasificar Microsoft

CVE-2026-46172 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()

Information published.

CVE-2026-46172
Sin clasificar Microsoft

CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt

Information published.

CVE-2026-46168
Sin clasificar Microsoft

CVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX path

Information published.

CVE-2026-46163
Baja Microsoft

CVE-2026-46131 KVM: x86: check for nEPT/nNPT in slow flush hypercalls

Information published.

CVE-2026-46131
Sin clasificar Microsoft

CVE-2026-46128 ipmi: Check event message buffer response for bad data

Information published.

CVE-2026-46128
Sin clasificar Microsoft

CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails

Information published.

CVE-2026-46191
Sin clasificar Microsoft

CVE-2026-46232 HID: playstation: Clamp num_touch_reports

Information published.

CVE-2026-46232
Sin clasificar Microsoft

CVE-2026-46220 drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission

Information published.

CVE-2026-46220
Baja Microsoft

CVE-2026-46107 dm-thin: fix metadata refcount underflow

Information published.

CVE-2026-46107
Sin clasificar Microsoft

CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()

Information published.

CVE-2026-46149
Sin clasificar Microsoft

CVE-2026-46116 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete

Information published.

CVE-2026-46116
Media Microsoft

CVE-2026-46236 media: rc: xbox_remote: heed DMA restrictions

Information published.

CVE-2026-46236
Media Microsoft

CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups

Information published.

CVE-2026-46235
Sin clasificar Microsoft

CVE-2026-46177 ipmi: Add limits to event and receive message requests

Information published.

CVE-2026-46177
Sin clasificar Microsoft

CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger

Information published.

CVE-2026-46157
Sin clasificar Microsoft

CVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if last

Information published.

CVE-2026-46170
Sin clasificar Microsoft

CVE-2026-46230 drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg

Information published.

CVE-2026-46230
Sin clasificar Microsoft

CVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_put

Information published.

CVE-2026-46123
Sin clasificar Microsoft

CVE-2026-46108 ipmi:si: Return state to normal if message allocation fails

Information published.

CVE-2026-46108
Sin clasificar Microsoft

CVE-2026-46152 wifi: mac80211: drop stray 'static' from fast-RX rx_result

Information published.

CVE-2026-46152
Sin clasificar Microsoft

CVE-2026-46112 RDMA/hns: Fix unlocked call to hns_roce_qp_remove()

Information published.

CVE-2026-46112
Sin clasificar Microsoft

CVE-2026-46114 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads

Information published.

CVE-2026-46114
Sin clasificar Microsoft

CVE-2026-46125 wifi: mac80211: remove station if connection prep fails

Information published.

CVE-2026-46125
Sin clasificar Microsoft

CVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

Information published.

CVE-2026-46227
Sin clasificar Microsoft

CVE-2026-46153 8021q: delete cleared egress QoS mappings

Information published.

CVE-2026-46153
Sin clasificar Microsoft

CVE-2026-46150 fanotify: fix false positive on permission events

Information published.

CVE-2026-46150
Sin clasificar Microsoft

CVE-2026-46241 spi: mpc52xx: fix use-after-free on registration failure

Information published.

CVE-2026-46241
Sin clasificar Microsoft

CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()

Information published.

CVE-2026-46147
Sin clasificar Microsoft

CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown

Information published.

CVE-2026-46135
Sin clasificar Microsoft

CVE-2026-46189 RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path

Information published.

CVE-2026-46189
Sin clasificar Microsoft

CVE-2026-46199 drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg

Information published.

CVE-2026-46199
Sin clasificar Microsoft

CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response

Information published.

CVE-2026-46151
Sin clasificar Microsoft

CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget

Information published.

CVE-2026-46124
Sin clasificar Microsoft

CVE-2026-46106 eventfs: Hold eventfs_mutex and SRCU when remount walks events

Information published.

CVE-2026-46106
Sin clasificar Microsoft

CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()

Information published.

CVE-2026-46181
Sin clasificar Microsoft

CVE-2026-46178 RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()

Information published.

CVE-2026-46178
Sin clasificar Microsoft

CVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insert

Information published.

CVE-2026-46231
Sin clasificar Microsoft

CVE-2026-46200 spi: mpc52xx: fix controller deregistration

Information published.

CVE-2026-46200
Sin clasificar Microsoft

CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()

Information published.

CVE-2026-46209
Sin clasificar Microsoft

CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually

Information published.

CVE-2026-46148
Baja Microsoft

CVE-2026-46198 batman-adv: fix integer overflow on buff_pos

Information published.

CVE-2026-46198
Sin clasificar Microsoft

CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync

Information published.

CVE-2026-46111
Sin clasificar Microsoft

CVE-2026-46195 smb: client: validate dacloffset before building DACL pointers

Information published.

CVE-2026-46195
Sin clasificar Microsoft

CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback

Information published.

CVE-2026-46194
Sin clasificar Microsoft

CVE-2026-46109 usb: ulpi: fix memory leak on ulpi_register() error paths

Information published.

CVE-2026-46109
Sin clasificar Microsoft

CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure

Information published.

CVE-2026-46229
Sin clasificar Microsoft

CVE-2026-46173 exit: prevent preemption of oopsing TASK_DEAD task

Information published.

CVE-2026-46173
Sin clasificar Microsoft

CVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directory

Information published.

CVE-2026-46160
Sin clasificar Microsoft

CVE-2026-46180 wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task

Information published.

CVE-2026-46180
Sin clasificar Microsoft

CVE-2026-46185 smb/client: fix out-of-bounds read in symlink_data()

Information published.

CVE-2026-46185
Sin clasificar Microsoft

CVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copies

Information published.

CVE-2026-46161
Sin clasificar Microsoft

CVE-2026-46212 batman-adv: bla: prevent use-after-free when deleting claims

Information published.

CVE-2026-46212
Sin clasificar Microsoft

CVE-2026-46234 vsock: fix buffer size clamping order

Information published.

CVE-2026-46234
Baja Microsoft

CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams

Information published.

CVE-2026-46179
Sin clasificar Microsoft

CVE-2026-46196 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()

Information published.

CVE-2026-46196
Sin clasificar Microsoft

CVE-2026-46133 RDMA/rxe: Reject unknown opcodes before ICRC processing

Information published.

CVE-2026-46133
Sin clasificar Microsoft

CVE-2026-46129 btrfs: fix double free in create_space_info() error path

Information published.

CVE-2026-46129
Sin clasificar Microsoft

CVE-2026-46204 drm/amdgpu/vcn4: Prevent OOB reads when parsing IB

Information published.

CVE-2026-46204
Sin clasificar Microsoft

CVE-2026-46156 LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()

Information published.

CVE-2026-46156
Sin clasificar Microsoft

CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt

Information published.

CVE-2026-46138
Sin clasificar Microsoft

CVE-2026-46187 wifi: rsi: fix kthread lifetime race between self-exit and external-stop

Information published.

CVE-2026-46187
Sin clasificar Microsoft

CVE-2026-46167 usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl

Information published.

CVE-2026-46167
Sin clasificar Microsoft

CVE-2026-46113 KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

Information published.

CVE-2026-46113
Sin clasificar Microsoft

CVE-2026-46206 batman-adv: reject new tp_meter sessions during teardown

Information published.

CVE-2026-46206
Sin clasificar Microsoft

CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3)

Information published.

CVE-2026-46130
Sin clasificar Microsoft

CVE-2026-46119 libceph: Fix slab-out-of-bounds access in auth message processing

Information published.

CVE-2026-46119
Sin clasificar Microsoft

CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size

Information published.

CVE-2026-46169
Sin clasificar Microsoft

CVE-2026-46142 net: libwx: fix VF illegal register access

Information published.

CVE-2026-46142
Sin clasificar Microsoft

CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock

Information published.

CVE-2026-46121
Sin clasificar Microsoft

CVE-2026-46144 RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()

Information published.

CVE-2026-46144
Sin clasificar Microsoft

CVE-2026-46184 sound: ua101: fix division by zero at probe

Information published.

CVE-2026-46184
Sin clasificar Microsoft

CVE-2026-46174 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache

Information published.

CVE-2026-46174
Sin clasificar Microsoft

CVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacks

Information published.

CVE-2026-46193
Sin clasificar Microsoft

CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs

Information published.

CVE-2026-41184
Sin clasificar Windows

CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-26168
Sin clasificar Windows

CVE-2026-24293 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-24293
Sin clasificar Windows

CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-41088
Sin clasificar Dynamics

CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Updated an acknowledgement. This is an informational change only.

CVE-2026-42898
Baja Microsoft

CVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary check

Information published.

CVE-2026-46062
Sin clasificar Microsoft

CVE-2026-45930 net: mctp: ensure our nlmsg responses are initialised

Information published.

CVE-2026-45930
Sin clasificar Microsoft

CVE-2026-46021 thermal: core: Fix thermal zone governor cleanup issues

Information published.

CVE-2026-46021
Sin clasificar Microsoft

CVE-2026-46084 RDMA/mana_ib: Disable RX steering on RSS QP destroy

Information published.

CVE-2026-46084
Sin clasificar Microsoft

CVE-2026-46004 ALSA: caiaq: Handle probe errors properly

Information published.

CVE-2026-46004
Sin clasificar Microsoft

CVE-2026-46080 ocfs2: split transactions in dio completion to avoid credit exhaustion

Information published.

CVE-2026-46080
Sin clasificar Microsoft

CVE-2026-45894 iommu/vt-d: Clear Present bit before tearing down PASID entry

Information published.

CVE-2026-45894
Sin clasificar Microsoft

CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies

Information published.

CVE-2026-45840
Sin clasificar Microsoft

CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks

Information published.

CVE-2026-46054
Sin clasificar Microsoft

CVE-2026-45991 udf: fix partition descriptor append bookkeeping

Information published.

CVE-2026-45991
Sin clasificar Microsoft

CVE-2026-46053 net: rds: fix MR cleanup on copy error

Information published.

CVE-2026-46053
Sin clasificar Microsoft

CVE-2026-45835 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()

Information published.

CVE-2026-45835
Sin clasificar Microsoft

CVE-2026-45834 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()

Information published.

CVE-2026-45834
Sin clasificar Microsoft

CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given

Information published.

CVE-2026-45932
Sin clasificar Microsoft

CVE-2026-45839 bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()

Information published.

CVE-2026-45839
Sin clasificar Microsoft

CVE-2026-45940 net: stmmac: fix oops when split header is enabled

Information published.

CVE-2026-45940
Sin clasificar Microsoft

CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory

Information published.

CVE-2026-45893
Sin clasificar Microsoft

CVE-2026-46017 mm: fix deferred split queue races during migration

Information published.

CVE-2026-46017
Sin clasificar Microsoft

CVE-2026-45986 crypto: ccree - fix a memory leak in cc_mac_digest()

Information published.

CVE-2026-45986
Sin clasificar Microsoft

CVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()

Information published.

CVE-2026-46047
Sin clasificar Microsoft

CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks

Information published.

CVE-2026-45850
Sin clasificar Microsoft

CVE-2026-46052 ceph: only d_add() negative dentries when they are unhashed

Information published.

CVE-2026-46052
Sin clasificar Microsoft

CVE-2026-46009 PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown

Information published.

CVE-2026-46009
Sin clasificar Microsoft

CVE-2026-46043 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv

Information published.

CVE-2026-46043
Sin clasificar Microsoft

CVE-2026-46069 wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()

Information published.

CVE-2026-46069
Sin clasificar Microsoft

CVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation

Information published.

CVE-2026-45859
Sin clasificar Microsoft

CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT

Information published.

CVE-2026-46032
Sin clasificar Microsoft

CVE-2026-46086 net: bridge: use a stable FDB dst snapshot in RCU readers

Information published.

CVE-2026-46086
Sin clasificar Microsoft

CVE-2026-45861 gfs2: Fix slab-use-after-free in qd_put

Information published.

CVE-2026-45861
Sin clasificar Microsoft

CVE-2026-46056 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers

Information published.

CVE-2026-46056
Sin clasificar Microsoft

CVE-2026-45998 rxrpc: Fix potential UAF after skb_unshare() failure

Information published.

CVE-2026-45998
Baja Microsoft

CVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()

Information published.

CVE-2026-46023
Baja Microsoft

CVE-2026-46006 drm/nouveau: fix u32 overflow in pushbuf reloc bounds check

Information published.

CVE-2026-46006
Sin clasificar Microsoft

CVE-2026-46219 spi: mpc52xx: fix use-after-free on unbind

Information published.

CVE-2026-46219
Sin clasificar Microsoft

CVE-2026-46214 vsock/virtio: fix accept queue count leak on transport mismatch

Information published.

CVE-2026-46214
Sin clasificar Microsoft

CVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-race

Information published.

CVE-2026-46137
Sin clasificar Microsoft

CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length

Information published.

CVE-2026-46186
Sin clasificar Microsoft

CVE-2026-46172 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()

Information published.

CVE-2026-46172
Sin clasificar Microsoft

CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt

Information published.

CVE-2026-46168
Sin clasificar Microsoft

CVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX path

Information published.

CVE-2026-46163
Baja Microsoft

CVE-2026-46131 KVM: x86: check for nEPT/nNPT in slow flush hypercalls

Information published.

CVE-2026-46131
Sin clasificar Microsoft

CVE-2026-46110 net: stmmac: Prevent NULL deref when RX memory exhausted

Information published.

CVE-2026-46110
Sin clasificar Microsoft

CVE-2026-46128 ipmi: Check event message buffer response for bad data

Information published.

CVE-2026-46128
Sin clasificar Microsoft

CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2

Information published.

CVE-2026-42250
Sin clasificar Microsoft

CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails

Information published.

CVE-2026-46191
Sin clasificar Microsoft

CVE-2026-46159 btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak

Information published.

CVE-2026-46159
Sin clasificar Microsoft

CVE-2026-46226 spi: fsl: fix controller deregistration

Information published.

CVE-2026-46226
Sin clasificar Microsoft

CVE-2026-46165 openvswitch: vport: fix self-deadlock on release of tunnel ports

Information published.

CVE-2026-46165
Sin clasificar Microsoft

CVE-2026-46158 mptcp: pm: ADD_ADDR rtx: always decrease sk refcount

Information published.

CVE-2026-46158
Sin clasificar Microsoft

CVE-2026-46232 HID: playstation: Clamp num_touch_reports

Information published.

CVE-2026-46232
Sin clasificar Microsoft

CVE-2026-46197 drm/amdkfd: validate SVM ioctl nattr against buffer size

Information published.

CVE-2026-46197
Sin clasificar Microsoft

CVE-2026-46220 drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission

Information published.

CVE-2026-46220
Baja Microsoft

CVE-2026-46107 dm-thin: fix metadata refcount underflow

Information published.

CVE-2026-46107
Sin clasificar Microsoft

CVE-2026-46176 RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()

Information published.

CVE-2026-46176
Sin clasificar Microsoft

CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()

Information published.

CVE-2026-46149
Sin clasificar Microsoft

CVE-2026-46208 batman-adv: stop tp_meter sessions during mesh teardown

Information published.

CVE-2026-46208
Sin clasificar Microsoft

CVE-2026-46116 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete

Information published.

CVE-2026-46116
Sin clasificar Microsoft

CVE-2026-46225 spi: rspi: fix controller deregistration

Information published.

CVE-2026-46225
Media Microsoft

CVE-2026-46236 media: rc: xbox_remote: heed DMA restrictions

Information published.

CVE-2026-46236
Sin clasificar Microsoft

CVE-2026-46164 btrfs: fix double free in create_space_info_sub_group() error path

Information published.

CVE-2026-46164
Media Microsoft

CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups

Information published.

CVE-2026-46235
Sin clasificar Microsoft

CVE-2026-46127 RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()

Information published.

CVE-2026-46127
Sin clasificar Microsoft

CVE-2026-46177 ipmi: Add limits to event and receive message requests

Information published.

CVE-2026-46177
Sin clasificar Microsoft

CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()

Information published.

CVE-2026-46155
Sin clasificar Microsoft

CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger

Information published.

CVE-2026-46157
Baja Microsoft

CVE-2026-46136 wifi: mt76: mt7921: fix a potential clc buffer length underflow

Information published.

CVE-2026-46136
Sin clasificar Microsoft

CVE-2026-46132 net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo

Information published.

CVE-2026-46132
Sin clasificar Microsoft

CVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if last

Information published.

CVE-2026-46170
Sin clasificar Microsoft

CVE-2026-46190 mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()

Information published.

CVE-2026-46190
Sin clasificar Microsoft

CVE-2026-46230 drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg

Information published.

CVE-2026-46230
Sin clasificar Microsoft

CVE-2026-46175 f2fs: fix fsck inconsistency caused by FGGC of node block

Information published.

CVE-2026-46175
Sin clasificar Microsoft

CVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_put

Information published.

CVE-2026-46123
Sin clasificar Microsoft

CVE-2026-46238 batman-adv: stop caching unowned originator pointers in BAT IV

Information published.

CVE-2026-46238
Sin clasificar Microsoft

CVE-2026-46120 ip6_gre: Use cached t->net in ip6erspan_changelink().

Information published.

CVE-2026-46120
Sin clasificar Microsoft

CVE-2026-46108 ipmi:si: Return state to normal if message allocation fails

Information published.

CVE-2026-46108
Sin clasificar Microsoft

CVE-2026-46152 wifi: mac80211: drop stray 'static' from fast-RX rx_result

Information published.

CVE-2026-46152
Sin clasificar Microsoft

CVE-2026-46112 RDMA/hns: Fix unlocked call to hns_roce_qp_remove()

Information published.

CVE-2026-46112
Sin clasificar Microsoft

CVE-2026-46114 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads

Information published.

CVE-2026-46114
Sin clasificar Microsoft

CVE-2026-46122 wifi: b43: enforce bounds check on firmware key index in b43_rx()

Information published.

CVE-2026-46122
Sin clasificar Microsoft

CVE-2026-46146 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()

Information published.

CVE-2026-46146
Sin clasificar Microsoft

CVE-2026-46125 wifi: mac80211: remove station if connection prep fails

Information published.

CVE-2026-46125
Sin clasificar Microsoft

CVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

Information published.

CVE-2026-46227
Sin clasificar Microsoft

CVE-2026-46153 8021q: delete cleared egress QoS mappings

Information published.

CVE-2026-46153
Sin clasificar Microsoft

CVE-2026-46150 fanotify: fix false positive on permission events

Information published.

CVE-2026-46150
Sin clasificar Microsoft

CVE-2026-46241 spi: mpc52xx: fix use-after-free on registration failure

Information published.

CVE-2026-46241
Sin clasificar Microsoft

CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()

Information published.

CVE-2026-46147
Sin clasificar Microsoft

CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown

Information published.

CVE-2026-46135
Sin clasificar Microsoft

CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory

Information published.

CVE-2026-42496
Sin clasificar Microsoft

CVE-2026-46189 RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path

Information published.

CVE-2026-46189
Baja Microsoft

CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header

Information published.

CVE-2026-9538
Sin clasificar Microsoft

CVE-2026-46199 drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg

Information published.

CVE-2026-46199
Sin clasificar Microsoft

CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response

Information published.

CVE-2026-46151
Sin clasificar Microsoft

CVE-2026-42497 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory

Information published.

CVE-2026-42497
Sin clasificar Microsoft

CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget

Information published.

CVE-2026-46124
Sin clasificar Microsoft

CVE-2026-46106 eventfs: Hold eventfs_mutex and SRCU when remount walks events

Information published.

CVE-2026-46106
Sin clasificar Microsoft

CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()

Information published.

CVE-2026-46181
Sin clasificar Microsoft

CVE-2026-46178 RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()

Information published.

CVE-2026-46178
Sin clasificar Microsoft

CVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()

Information published.

CVE-2026-45989
Media Microsoft

CVE-2026-46091 media: rc: igorplugusb: heed coherency rules

Information published.

CVE-2026-46091
Sin clasificar Microsoft

CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()

Information published.

CVE-2026-45846
Sin clasificar Microsoft

CVE-2026-46089 zram: do not forget to endio for partial discard requests

Information published.

CVE-2026-46089
Sin clasificar Microsoft

CVE-2026-46033 crypto: authencesn - reject short ahash digests during instance creation

Information published.

CVE-2026-46033
Sin clasificar Microsoft

CVE-2026-46044 ipmi:ssif: Clean up kthread on errors

Information published.

CVE-2026-46044
Sin clasificar Microsoft

CVE-2026-46072 ntfs3: add buffer boundary checks to run_unpack()

Information published.

CVE-2026-46072
Sin clasificar Microsoft

CVE-2026-46099 net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels

Information published.

CVE-2026-46099
Sin clasificar Microsoft

CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation

Information published.

CVE-2026-45934
Sin clasificar Microsoft

CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop

Information published.

CVE-2026-46090
Sin clasificar Microsoft

CVE-2026-45993 LoongArch: Add spectre boundry for syscall dispatch table

Information published.

CVE-2026-45993
Sin clasificar Microsoft

CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1

Information published.

CVE-2026-46076
Sin clasificar Microsoft

CVE-2026-46094 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access

Information published.

CVE-2026-46094
Sin clasificar Microsoft

CVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insert

Information published.

CVE-2026-46231
Sin clasificar Microsoft

CVE-2026-46200 spi: mpc52xx: fix controller deregistration

Information published.

CVE-2026-46200
Sin clasificar Microsoft

CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()

Information published.

CVE-2026-46209
Sin clasificar Microsoft

CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually

Information published.

CVE-2026-46148
Baja Microsoft

CVE-2026-46198 batman-adv: fix integer overflow on buff_pos

Information published.

CVE-2026-46198
Sin clasificar Microsoft

CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync

Information published.

CVE-2026-46111
Sin clasificar Microsoft

CVE-2026-46195 smb: client: validate dacloffset before building DACL pointers

Information published.

CVE-2026-46195
Sin clasificar Microsoft

CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback

Information published.

CVE-2026-46194
Sin clasificar Microsoft

CVE-2026-46109 usb: ulpi: fix memory leak on ulpi_register() error paths

Information published.

CVE-2026-46109
Sin clasificar Microsoft

CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure

Information published.

CVE-2026-46229
Sin clasificar Microsoft

CVE-2026-46173 exit: prevent preemption of oopsing TASK_DEAD task

Information published.

CVE-2026-46173
Sin clasificar Microsoft

CVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directory

Information published.

CVE-2026-46160
Sin clasificar Microsoft

CVE-2026-46180 wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task

Information published.

CVE-2026-46180
Sin clasificar Microsoft

CVE-2026-46115 block: add pgmap check to biovec_phys_mergeable

Information published.

CVE-2026-46115
Sin clasificar Microsoft

CVE-2026-46185 smb/client: fix out-of-bounds read in symlink_data()

Information published.

CVE-2026-46185
Sin clasificar Microsoft

CVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copies

Information published.

CVE-2026-46161
Sin clasificar Microsoft

CVE-2026-46212 batman-adv: bla: prevent use-after-free when deleting claims

Information published.

CVE-2026-46212
Media Microsoft

CVE-2026-46205 staging: media: atomisp: Disallow all private IOCTLs

Information published.

CVE-2026-46205
Sin clasificar Microsoft

CVE-2026-46234 vsock: fix buffer size clamping order

Information published.

CVE-2026-46234
Sin clasificar Microsoft

CVE-2026-46171 riscv: kvm: fix vector context allocation leak

Information published.

CVE-2026-46171
Baja Microsoft

CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams

Information published.

CVE-2026-46179
Sin clasificar Microsoft

CVE-2026-46196 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()

Information published.

CVE-2026-46196
Sin clasificar Microsoft

CVE-2026-46143 ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens

Information published.

CVE-2026-46143
Sin clasificar Microsoft

CVE-2026-46145 RDMA/mana: Validate rx_hash_key_len

Information published.

CVE-2026-46145
Sin clasificar Microsoft

CVE-2026-46133 RDMA/rxe: Reject unknown opcodes before ICRC processing

Information published.

CVE-2026-46133
Sin clasificar Microsoft

CVE-2026-46129 btrfs: fix double free in create_space_info() error path

Information published.

CVE-2026-46129
Sin clasificar Microsoft

CVE-2026-46218 drm/amdgpu: Add bounds checking to ib_{get,set}_value

Information published.

CVE-2026-46218
Sin clasificar Microsoft

CVE-2026-46204 drm/amdgpu/vcn4: Prevent OOB reads when parsing IB

Information published.

CVE-2026-46204
Sin clasificar Microsoft

CVE-2026-46233 batman-adv: bla: only purge non-released claims

Information published.

CVE-2026-46233
Sin clasificar Microsoft

CVE-2026-46156 LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()

Information published.

CVE-2026-46156
Sin clasificar Microsoft

CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt

Information published.

CVE-2026-46138
Sin clasificar Microsoft

CVE-2026-46187 wifi: rsi: fix kthread lifetime race between self-exit and external-stop

Information published.

CVE-2026-46187
Sin clasificar Microsoft

CVE-2026-46167 usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl

Information published.

CVE-2026-46167
Sin clasificar Microsoft

CVE-2026-46113 KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

Information published.

CVE-2026-46113
Sin clasificar Microsoft

CVE-2026-46206 batman-adv: reject new tp_meter sessions during teardown

Information published.

CVE-2026-46206
Sin clasificar Microsoft

CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3)

Information published.

CVE-2026-46130
Sin clasificar Microsoft

CVE-2026-46119 libceph: Fix slab-out-of-bounds access in auth message processing

Information published.

CVE-2026-46119
Sin clasificar Microsoft

CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size

Information published.

CVE-2026-46169
Sin clasificar Microsoft

CVE-2026-46142 net: libwx: fix VF illegal register access

Information published.

CVE-2026-46142
Sin clasificar Microsoft

CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock

Information published.

CVE-2026-46121
Sin clasificar Microsoft

CVE-2026-46144 RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()

Information published.

CVE-2026-46144
Sin clasificar Microsoft

CVE-2026-46184 sound: ua101: fix division by zero at probe

Information published.

CVE-2026-46184
Sin clasificar Microsoft

CVE-2026-46174 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache

Information published.

CVE-2026-46174
Sin clasificar Microsoft

CVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacks

Information published.

CVE-2026-46193
Sin clasificar Microsoft

CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Information published.

CVE-2026-42502
Sin clasificar Microsoft

CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html

Information published.

CVE-2026-27136
Sin clasificar Microsoft

CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

Information published.

CVE-2026-25681
Baja Microsoft

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

Information published.

CVE-2026-46597
Sin clasificar Microsoft

CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

Information published.

CVE-2026-39827
Sin clasificar Microsoft

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

Information published.

CVE-2026-39835
Sin clasificar Microsoft

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

Information published.

CVE-2026-39828
Sin clasificar Microsoft

CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-46598
Baja Microsoft

CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums

Information published.

CVE-2026-9150
Baja Microsoft

CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

Information published.

CVE-2026-9149
Sin clasificar Microsoft

CVE-2026-5222 Cargo can be coerced to share credentials between registries

Information published.

CVE-2026-5222
Sin clasificar Microsoft

CVE-2026-46050 md/raid10: fix deadlock with check operation and nowait requests

Information published.

CVE-2026-46050
Media Microsoft

CVE-2026-46011 media: mtk-jpeg: fix use-after-free in release path due to uncancelled work

Information published.

CVE-2026-46011
Sin clasificar Microsoft

CVE-2026-45877 HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients

Information published.

CVE-2026-45877
Sin clasificar Microsoft

CVE-2026-45917 ipvs: do not keep dest_dst if dev is going down

Information published.

CVE-2026-45917
Sin clasificar Microsoft

CVE-2026-45841 netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO

Information published.

CVE-2026-45841
Baja Microsoft

CVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary check

Information published.

CVE-2026-46062
Sin clasificar Microsoft

CVE-2026-46005 xfs: fix a resource leak in xfs_alloc_buftarg()

Information published.

CVE-2026-46005
Sin clasificar Microsoft

CVE-2026-45930 net: mctp: ensure our nlmsg responses are initialised

Information published.

CVE-2026-45930
Sin clasificar Microsoft

CVE-2026-46021 thermal: core: Fix thermal zone governor cleanup issues

Information published.

CVE-2026-46021
Sin clasificar Microsoft

CVE-2026-46037 ipv4: icmp: validate reply type before using icmp_pointers

Information published.

CVE-2026-46037
Sin clasificar Microsoft

CVE-2026-46084 RDMA/mana_ib: Disable RX steering on RSS QP destroy

Information published.

CVE-2026-46084
Sin clasificar Microsoft

CVE-2026-46012 rxrpc: Fix memory leaks in rxkad_verify_response()

Information published.

CVE-2026-46012
Sin clasificar Microsoft

CVE-2026-46085 rxrpc: Fix rxkad crypto unalignment handling

Information published.

CVE-2026-46085
Sin clasificar Microsoft

CVE-2026-46059 KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN

Information published.

CVE-2026-46059
Sin clasificar Microsoft

CVE-2026-46004 ALSA: caiaq: Handle probe errors properly

Information published.

CVE-2026-46004
Sin clasificar Microsoft

CVE-2026-45901 netfilter: nf_tables: revert commit_mutex usage in reset path

Information published.

CVE-2026-45901
Sin clasificar Microsoft

CVE-2026-46080 ocfs2: split transactions in dio completion to avoid credit exhaustion

Information published.

CVE-2026-46080
Sin clasificar Microsoft

CVE-2026-45894 iommu/vt-d: Clear Present bit before tearing down PASID entry

Information published.

CVE-2026-45894
Sin clasificar Microsoft

CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies

Information published.

CVE-2026-45840
Sin clasificar Microsoft

CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks

Information published.

CVE-2026-46054
Sin clasificar Microsoft

CVE-2026-45991 udf: fix partition descriptor append bookkeeping

Information published.

CVE-2026-45991
Sin clasificar Microsoft

CVE-2026-46027 net/smc: avoid early lgr access in smc_clc_wait_msg

Information published.

CVE-2026-46027
Sin clasificar Microsoft

CVE-2026-46088 ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()

Information published.

CVE-2026-46088
Sin clasificar Microsoft

CVE-2026-46051 md/raid5: fix soft lockup in retry_aligned_read()

Information published.

CVE-2026-46051
Sin clasificar Microsoft

CVE-2026-46053 net: rds: fix MR cleanup on copy error

Information published.

CVE-2026-46053
Sin clasificar Microsoft

CVE-2026-46018 ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES

Information published.

CVE-2026-46018
Sin clasificar Microsoft

CVE-2026-45835 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()

Information published.

CVE-2026-45835
Sin clasificar Microsoft

CVE-2026-45834 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()

Information published.

CVE-2026-45834
Sin clasificar Microsoft

CVE-2026-45944 iommu/vt-d: Clear Present bit before tearing down context entry

Information published.

CVE-2026-45944
Sin clasificar Microsoft

CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given

Information published.

CVE-2026-45932
Sin clasificar Microsoft

CVE-2026-45836 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()

Information published.

CVE-2026-45836
Sin clasificar Microsoft

CVE-2026-45961 gfs2: fix memory leaks in gfs2_fill_super error path

Information published.

CVE-2026-45961
Sin clasificar Microsoft

CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments

Information published.

CVE-2026-44844
Sin clasificar Microsoft

CVE-2026-45839 bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()

Information published.

CVE-2026-45839
Sin clasificar Microsoft

CVE-2026-45940 net: stmmac: fix oops when split header is enabled

Information published.

CVE-2026-45940
Sin clasificar Microsoft

CVE-2026-44708 Mistune Math Plugin XSS Escape Bypass

Information published.

CVE-2026-44708
Sin clasificar Microsoft

CVE-2026-44897 Mistune Heading ID Attribute Injection XSS

Information published.

CVE-2026-44897
Sin clasificar Microsoft

CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory

Information published.

CVE-2026-45893
Sin clasificar Microsoft

CVE-2026-45943 erofs: fix inline data read failure for ztailpacking pclusters

Information published.

CVE-2026-45943
Sin clasificar Microsoft

CVE-2026-46017 mm: fix deferred split queue races during migration

Information published.

CVE-2026-46017
Sin clasificar Microsoft

CVE-2026-45897 netfilter: nft_counter: serialize reset with spinlock

Information published.

CVE-2026-45897
Sin clasificar Microsoft

CVE-2026-45997 scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails

Information published.

CVE-2026-45997
Sin clasificar Microsoft

CVE-2026-45986 crypto: ccree - fix a memory leak in cc_mac_digest()

Information published.

CVE-2026-45986
Sin clasificar Microsoft

CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()

Information published.

CVE-2026-47104
Sin clasificar Microsoft

CVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()

Information published.

CVE-2026-46047
Sin clasificar Microsoft

CVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directories

Information published.

CVE-2026-45571
Sin clasificar Microsoft

CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks

Information published.

CVE-2026-45850
Sin clasificar Microsoft

CVE-2026-46052 ceph: only d_add() negative dentries when they are unhashed

Information published.

CVE-2026-46052
Sin clasificar Microsoft

CVE-2026-46009 PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown

Information published.

CVE-2026-46009
Sin clasificar Microsoft

CVE-2026-46070 md/raid5: validate payload size before accessing journal metadata

Information published.

CVE-2026-46070
Sin clasificar Microsoft

CVE-2026-46043 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv

Information published.

CVE-2026-46043
Sin clasificar Microsoft

CVE-2026-45994 ibmasm: fix OOB reads in command_file_write due to missing size checks

Information published.

CVE-2026-45994
Sin clasificar Microsoft

CVE-2026-46069 wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()

Information published.

CVE-2026-46069
Sin clasificar Microsoft

CVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation

Information published.

CVE-2026-45859
Sin clasificar Microsoft

CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT

Information published.

CVE-2026-46032
Sin clasificar Microsoft

CVE-2026-46101 netfilter: reject zero shift in nft_bitwise

Information published.

CVE-2026-46101
Sin clasificar Microsoft

CVE-2026-46014 KVM: SVM: Add missing save/restore handling of LBR MSRs

Information published.

CVE-2026-46014
Sin clasificar Microsoft

CVE-2026-45845 net/sched: taprio: fix NULL pointer dereference in class dump

Information published.

CVE-2026-45845
Sin clasificar Microsoft

CVE-2026-46086 net: bridge: use a stable FDB dst snapshot in RCU readers

Information published.

CVE-2026-46086
Sin clasificar Microsoft

CVE-2026-46065 fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info

Information published.

CVE-2026-46065
Sin clasificar Microsoft

CVE-2026-46098 net: caif: clear client service pointer on teardown

Information published.

CVE-2026-46098
Sin clasificar Microsoft

CVE-2026-45861 gfs2: Fix slab-use-after-free in qd_put

Information published.

CVE-2026-45861
Sin clasificar Microsoft

CVE-2026-46077 crypto: atmel-tdes - fix DMA sync direction

Information published.

CVE-2026-46077
Sin clasificar Microsoft

CVE-2026-46063 x86/shstk: Prevent deadlock during shstk sigreturn

Information published.

CVE-2026-46063
Sin clasificar Microsoft

CVE-2026-46056 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers

Information published.

CVE-2026-46056
Sin clasificar Microsoft

CVE-2026-45956 drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()

Information published.

CVE-2026-45956
Sin clasificar Microsoft

CVE-2026-46068 crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx

Information published.

CVE-2026-46068
Sin clasificar Microsoft

CVE-2026-45843 slip: bound decode() reads against the compressed packet length

Information published.

CVE-2026-45843
Sin clasificar Microsoft

CVE-2026-46024 libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()

Information published.

CVE-2026-46024
Sin clasificar Microsoft

CVE-2026-45963 ASoC: nau8821: Cancel delayed work on component remove

Information published.

CVE-2026-45963
Sin clasificar Microsoft

CVE-2026-45998 rxrpc: Fix potential UAF after skb_unshare() failure

Information published.

CVE-2026-45998
Baja Microsoft

CVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()

Information published.

CVE-2026-46023
Sin clasificar Microsoft

CVE-2026-45844 netfilter: arp_tables: fix IEEE1394 ARP payload parsing

Information published.

CVE-2026-45844
Sin clasificar Microsoft

CVE-2026-45892 ext4: drop extent cache after doing PARTIAL_VALID1 zeroout

Information published.

CVE-2026-45892
Sin clasificar Microsoft

CVE-2026-46022 misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()

Information published.

CVE-2026-46022
Sin clasificar Microsoft

CVE-2026-46102 net: strparser: fix skb_head leak in strp_abort_strp()

Information published.

CVE-2026-46102
Sin clasificar Microsoft

CVE-2026-46016 remoteproc: xlnx: Only access buffer information if IPI is buffered

Information published.

CVE-2026-46016
Sin clasificar Microsoft

CVE-2026-46000 rxrpc: Fix conn-level packet handling to unshare RESPONSE packets

Information published.

CVE-2026-46000
Sin clasificar Microsoft

CVE-2025-71305 drm/display/dp_mst: Add protection against 0 vcpi

Information published.

CVE-2025-71305
Baja Microsoft

CVE-2026-46006 drm/nouveau: fix u32 overflow in pushbuf reloc bounds check

Information published.

CVE-2026-46006
Sin clasificar Microsoft

CVE-2026-46003 net: qrtr: ns: Limit the total number of nodes

Information published.

CVE-2026-46003
Sin clasificar Microsoft

CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Information published.

CVE-2026-25680
Sin clasificar Microsoft

CVE-2026-5223 Crates in third party registries can override the cached source of other crates

Information published.

CVE-2026-5223
Sin clasificar Microsoft

CVE-2026-46048 ALSA: caiaq: fix usb_dev refcount leak on probe failure

Information published.

CVE-2026-46048
Sin clasificar Microsoft

CVE-2026-46002 ext2: reject inodes with zero i_nlink and valid mode in ext2_iget()

Information published.

CVE-2026-46002
Sin clasificar Microsoft

CVE-2026-46078 erofs: fix the out-of-bounds nameoff handling for trailing dirents

Information published.

CVE-2026-46078
Sin clasificar Microsoft

CVE-2026-46064 ibmasm: fix heap over-read in ibmasm_send_i2o_message()

Information published.

CVE-2026-46064
Sin clasificar Microsoft

CVE-2026-46075 crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path

Information published.

CVE-2026-46075
Sin clasificar Microsoft

CVE-2026-45973 RDMA/mlx5: Fix UMR hang in LAG error state unload

Information published.

CVE-2026-45973
Sin clasificar Microsoft

CVE-2026-45838 bpf: fix end-of-list detection in cgroup_storage_get_next_key()

Information published.

CVE-2026-45838
Sin clasificar Microsoft

CVE-2026-45899 ext4: drop extent cache when splitting extent fails

Information published.

CVE-2026-45899
Sin clasificar Microsoft

CVE-2026-46071 KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12

Information published.

CVE-2026-46071
Sin clasificar Microsoft

CVE-2026-46049 ALSA: ctxfi: Add fallback to default RSR for S/PDIF

Information published.

CVE-2026-46049
Sin clasificar Microsoft

CVE-2026-46066 ceph: fix num_ops off-by-one when crypto allocation fails

Information published.

CVE-2026-46066
Sin clasificar Microsoft

CVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()

Information published.

CVE-2026-45989
Sin clasificar Microsoft

CVE-2026-45855 ata: libata-scsi: avoid Non-NCQ command starvation

Information published.

CVE-2026-45855
Media Microsoft

CVE-2026-46058 media: amphion: Fix race between m2m job_abort and device_run

Information published.

CVE-2026-46058
Sin clasificar Microsoft

CVE-2026-46031 net: ks8851: Reinstate disabling of BHs around IRQ handler

Information published.

CVE-2026-46031
Sin clasificar Microsoft

CVE-2026-45912 ext4: don't cache extent during splitting extent

Information published.

CVE-2026-45912
Baja Microsoft

CVE-2026-45999 erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()

Information published.

CVE-2026-45999
Sin clasificar Microsoft

CVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directive

Information published.

CVE-2026-44896
Media Microsoft

CVE-2026-46091 media: rc: igorplugusb: heed coherency rules

Information published.

CVE-2026-46091
Sin clasificar Microsoft

CVE-2026-45958 drm/exynos: vidi: fix to avoid directly dereferencing user pointer

Information published.

CVE-2026-45958
Sin clasificar Microsoft

CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()

Information published.

CVE-2026-45846
Sin clasificar Microsoft

CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability

Information published.

CVE-2026-44899
Sin clasificar Microsoft

CVE-2026-44898 Mistune TOC Anchor Injection XSS

Information published.

CVE-2026-44898
Sin clasificar Microsoft

CVE-2026-46089 zram: do not forget to endio for partial discard requests

Information published.

CVE-2026-46089
Sin clasificar Microsoft

CVE-2026-46033 crypto: authencesn - reject short ahash digests during instance creation

Information published.

CVE-2026-46033
Sin clasificar Microsoft

CVE-2026-46046 ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()

Information published.

CVE-2026-46046
Sin clasificar Microsoft

CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()

Information published.

CVE-2026-23679
Sin clasificar Microsoft

CVE-2026-45570 go-git: Improper single-quote escaping in go-git SSH transport

Information published.

CVE-2026-45570
Sin clasificar Microsoft

CVE-2026-46038 net: qrtr: ns: Free the node during ctrl_cmd_bye()

Information published.

CVE-2026-46038
Sin clasificar Microsoft

CVE-2026-46040 inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails

Information published.

CVE-2026-46040
Sin clasificar Microsoft

CVE-2026-45988 rxrpc: Fix re-decryption of RESPONSE packets

Information published.

CVE-2026-45988
Sin clasificar Microsoft

CVE-2026-45996 spi: imx: fix use-after-free on unbind

Information published.

CVE-2026-45996
Sin clasificar Microsoft

CVE-2026-45942 ext4: fix e4b bitmap inconsistency reports

Information published.

CVE-2026-45942
Sin clasificar Microsoft

CVE-2026-46019 crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup

Information published.

CVE-2026-46019
Sin clasificar Microsoft

CVE-2026-46103 can: ucan: fix devres lifetime

Information published.

CVE-2026-46103
Sin clasificar Microsoft

CVE-2026-46092 wifi: rtw88: check for PCI upstream bridge existence

Information published.

CVE-2026-46092
Sin clasificar Microsoft

CVE-2026-45842 slip: reject VJ receive packets on instances with no rstate array

Information published.

CVE-2026-45842
Sin clasificar Microsoft

CVE-2026-45949 hwrng: core - use RCU and work_struct to fix race condition

Information published.

CVE-2026-45949
Sin clasificar Microsoft

CVE-2026-46044 ipmi:ssif: Clean up kthread on errors

Information published.

CVE-2026-46044
Sin clasificar Microsoft

CVE-2026-46072 ntfs3: add buffer boundary checks to run_unpack()

Information published.

CVE-2026-46072
Sin clasificar Microsoft

CVE-2026-46079 rbd: fix null-ptr-deref when device_add_disk() fails

Information published.

CVE-2026-46079
Sin clasificar Microsoft

CVE-2026-46099 net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels

Information published.

CVE-2026-46099
Sin clasificar Microsoft

CVE-2026-46083 spi: fix resource leaks on device setup failure

Information published.

CVE-2026-46083
Sin clasificar Microsoft

CVE-2026-45987 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2

Information published.

CVE-2026-45987
Sin clasificar Microsoft

CVE-2026-46015 tcp: call sk_data_ready() after listener migration

Information published.

CVE-2026-46015
Sin clasificar Microsoft

CVE-2026-45858 ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1

Information published.

CVE-2026-45858
Sin clasificar Microsoft

CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation

Information published.

CVE-2026-45934
Sin clasificar Microsoft

CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop

Information published.

CVE-2026-46090
Sin clasificar Microsoft

CVE-2026-46082 KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0

Information published.

CVE-2026-46082
Sin clasificar Microsoft

CVE-2026-45993 LoongArch: Add spectre boundry for syscall dispatch table

Information published.

CVE-2026-45993
Sin clasificar Microsoft

CVE-2026-46026 net: qrtr: ns: Limit the maximum number of lookups

Information published.

CVE-2026-46026
Sin clasificar Microsoft

CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1

Information published.

CVE-2026-46076
Sin clasificar Microsoft

CVE-2026-46094 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access

Information published.

CVE-2026-46094
Sin clasificar Microsoft

CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

Information published.

CVE-2026-40226
Sin clasificar Microsoft

CVE-2026-40225 In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

Information published.

CVE-2026-40225
Sin clasificar Microsoft

CVE-2026-4893 CVE-2026-4893

Information published.

CVE-2026-4893
Sin clasificar Microsoft

CVE-2026-2291 CVE-2026-2291

Information published.

CVE-2026-2291
Sin clasificar Microsoft

CVE-2026-5172 CVE-2026-5172

Information published.

CVE-2026-5172
Sin clasificar Microsoft

CVE-2026-4890 CVE-2026-4890

Information published.

CVE-2026-4890
Sin clasificar Microsoft

CVE-2026-43503 net: skbuff: propagate shared-frag marker through frag-transfer helpers

Information published.

CVE-2026-43503
Sin clasificar Microsoft

CVE-2026-46300 net: skbuff: preserve shared-frag marker during coalescing

Information published.

CVE-2026-46300
Sin clasificar Microsoft

CVE-2026-41401 libyang - Heap Use-After-Free Write in XML Metadata Parsing

Information published.

CVE-2026-41401
Sin clasificar Microsoft

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Information published.

CVE-2026-42506
Baja Windows

CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

Information published.

CVE-2026-39824
Sin clasificar Microsoft

CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Information published.

CVE-2026-42502
Sin clasificar Microsoft

CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html

Information published.

CVE-2026-27136
Sin clasificar Microsoft

CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

Information published.

CVE-2026-25681
Sin clasificar Microsoft

CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

Information published.

CVE-2026-39829
Sin clasificar Microsoft

CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

Information published.

CVE-2026-39830
Baja Microsoft

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

Information published.

CVE-2026-46597
Sin clasificar Microsoft

CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh

Information published.

CVE-2026-39831
Sin clasificar Microsoft

CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

Information published.

CVE-2026-39827
Sin clasificar Microsoft

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

Information published.

CVE-2026-39835
Sin clasificar Microsoft

CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh

Information published.

CVE-2026-39834
Sin clasificar Microsoft

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

Information published.

CVE-2026-39828
Sin clasificar Microsoft

CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-46598
Sin clasificar Microsoft

CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Information published.

CVE-2026-46595
Sin clasificar Microsoft

CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-39833
Sin clasificar Microsoft

CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

Information published.

CVE-2026-42508
Baja Microsoft

CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums

Information published.

CVE-2026-9150
Baja Microsoft

CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

Information published.

CVE-2026-9149
Sin clasificar Microsoft

CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability

Information published.

CVE-2026-9256
Sin clasificar Microsoft

CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

Information published.

CVE-2026-6402
Sin clasificar Microsoft

CVE-2026-5222 Cargo can be coerced to share credentials between registries

Information published.

CVE-2026-5222
Sin clasificar Microsoft

CVE-2026-4891 CVE-2026-4891

Information published.

CVE-2026-4891
Sin clasificar Microsoft

CVE-2026-8711 NGINX JavaScript vulnerability

Information published.

CVE-2026-8711
Baja Microsoft

CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds

Information published.

CVE-2026-8376
Sin clasificar Microsoft

CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

Information published.

CVE-2026-39821
Sin clasificar Microsoft

CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Information published.

CVE-2026-25680
Sin clasificar Microsoft

CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

Information published.

CVE-2026-39832
Sin clasificar Microsoft

CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy

Information published.

CVE-2026-8466
Sin clasificar Microsoft

CVE-2026-5223 Crates in third party registries can override the cached source of other crates

Information published.

CVE-2026-5223
Sin clasificar Microsoft Edge

CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CWE added. Informational change only.

CVE-2026-45495
Sin clasificar Defender

CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability

CWE added. Informational change only.

CVE-2026-45498
Sin clasificar Defender

CVE-2026-41091 Microsoft Defender Elevation of Privilege Vulnerability

In the Security Updates table, added links to the Release Notes. This is an informational change only.

CVE-2026-41091
Sin clasificar Defender

CVE-2026-45584 Microsoft Defender Remote Code Execution Vulnerability

In the Security Updates table, added links to the Release Notes. This is an informational change only.

CVE-2026-45584
Sin clasificar SharePoint

CVE-2026-45659 Microsoft SharePoint Remote Code Execution Vulnerability

Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who ha...

CVE-2026-45659
Sin clasificar Microsoft

CVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leak

Information published.

CVE-2025-3198
Baja Microsoft

CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow

Information published.

CVE-2025-1176
Sin clasificar Microsoft

CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption

Information published.

CVE-2025-1178
Sin clasificar Microsoft

CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

Information published.

CVE-2026-1502
Sin clasificar Microsoft

CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Information published.

CVE-2026-33814
Sin clasificar Microsoft

CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

Information published.

CVE-2026-7790
Sin clasificar Microsoft

CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1

Information published.

CVE-2026-43968
Sin clasificar Microsoft

CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

Information published.

CVE-2026-44283
Sin clasificar Microsoft

CVE-2026-43029 mptcp: fix soft lockup in mptcp_recvmsg()

Information published.

CVE-2026-43029
Sin clasificar Microsoft

CVE-2026-43414 scsi: qla2xxx: Completely fix fcport double free

Information published.

CVE-2026-43414
Sin clasificar Microsoft

CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit

Information published.

CVE-2026-41054
Sin clasificar Microsoft

CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()

Information published.

CVE-2025-68768
Sin clasificar Microsoft

CVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW error

Information published.

CVE-2025-38096
Baja Microsoft

CVE-2025-51480 Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.

Information published.

CVE-2025-51480
Sin clasificar Microsoft

CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs

Information published.

CVE-2025-38140
Sin clasificar Microsoft

CVE-2026-41035 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.

Information published.

CVE-2026-41035
Sin clasificar Microsoft

CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"

Information published.

CVE-2026-7246
Baja Microsoft

CVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflow

Information published.

CVE-2026-44673
Sin clasificar Microsoft

CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls

Information published.

CVE-2026-43619
Baja Microsoft

CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure

Information published.

CVE-2026-43618
Sin clasificar Microsoft

CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()

Information published.

CVE-2026-43620
Sin clasificar Microsoft

CVE-2026-32792 Packet of death with DNSCrypt

Information published.

CVE-2026-32792
Sin clasificar Microsoft

CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section

Information published.

CVE-2026-42960
Sin clasificar Microsoft

CVE-2026-42959 Crash during DNSSEC validation of malicious content

Information published.

CVE-2026-42959
Sin clasificar Microsoft

CVE-2026-44608 Use after free and crash under special conditions in RPZ code

Information published.

CVE-2026-44608
Sin clasificar Microsoft

CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation

Information published.

CVE-2026-33278
Sin clasificar Microsoft

CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations

Information published.

CVE-2026-42923
Sin clasificar Microsoft

CVE-2026-3039 BIND 9 server memory exhaustion during GSS-API TKEY negotiation

Information published.

CVE-2026-3039
Sin clasificar Microsoft

CVE-2026-3592 Amplification vulnerabilities via self-pointed glue records

Information published.

CVE-2026-3592
Sin clasificar Microsoft

CVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

Information published.

CVE-2026-3593
Sin clasificar Microsoft

CVE-2026-5946 Invalid handling of CLASS != IN

Information published.

CVE-2026-5946
Sin clasificar Microsoft

CVE-2026-5950 Unbounded resend loop in BIND 9 resolver

Information published.

CVE-2026-5950
Sin clasificar Microsoft

CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability

Information published.

CVE-2026-42009
Sin clasificar Microsoft

CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit

Information published.

CVE-2026-41054
Sin clasificar Microsoft

CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly

Information published.

CVE-2026-8723
Baja Microsoft

CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading

Information published.

CVE-2025-14575
Sin clasificar Microsoft

CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution

Information published.

CVE-2026-43617
Sin clasificar Microsoft

CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy

Information published.

CVE-2026-45232
Baja Microsoft

CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write

Information published.

CVE-2026-29518
Sin clasificar Microsoft

CVE-2026-41292 Long list of incoming EDNS options degrades performance

Information published.

CVE-2026-41292
Sin clasificar Microsoft

CVE-2026-42534 Jostle logic bypass degrades resolution performance

Information published.

CVE-2026-42534
Sin clasificar Microsoft

CVE-2026-40622 Another 'ghost domain names' attack variant

Information published.

CVE-2026-40622
Baja Microsoft

CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options

Information published.

CVE-2026-42944
Sin clasificar Microsoft

CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service

Information published.

CVE-2026-44390
Sin clasificar Microsoft

CVE-2026-5947 SIG(0) validation during query flood may lead to undefined behavior

Information published.

CVE-2026-5947
Sin clasificar Microsoft

CVE-2026-8711 NGINX JavaScript vulnerability

Information published.

CVE-2026-8711
Sin clasificar Azure

CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability

The executive summary has been updated to include additional details about this vulnerability. This change does not affect the available security updates. Customers should install the recommended updates to remain pro...

CVE-2026-33117
Sin clasificar Windows

CVE-2026-34336 Windows DWM Core Library Elevation of Privilege Vulnerability

The security impact for this CVE has been revised based on a re-assessment of the vulnerability. The original classification of Information Disclosure (ID) has been updated to Elevation of Privilege (EoP).

CVE-2026-34336
Sin clasificar Microsoft

CVE-2023-6606 Kernel: out-of-bounds read vulnerability in smbcalcsize

Information published.

CVE-2023-6606
Sin clasificar Microsoft

CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT

Information published.

CVE-2025-21825
Sin clasificar Microsoft

CVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM type

Information published.

CVE-2025-21888
Sin clasificar Microsoft

CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().

Information published.

CVE-2025-40139
Sin clasificar Microsoft

CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown

Information published.

CVE-2025-40146
Sin clasificar Microsoft

CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().

Information published.

CVE-2025-40168
Sin clasificar Microsoft

CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()

Information published.

CVE-2025-40170
Sin clasificar Microsoft

CVE-2025-40158 ipv6: use RCU in ip6_output()

Information published.

CVE-2025-40158
Sin clasificar Microsoft

CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop

Information published.

CVE-2025-40180
Sin clasificar Microsoft

CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work

Information published.

CVE-2025-68822
Sin clasificar Microsoft

CVE-2025-71073 Input: lkkbd - disable pending work before freeing device

Information published.

CVE-2025-71073
Sin clasificar Microsoft

CVE-2025-71072 shmem: fix recovery on rename failures

Information published.

CVE-2025-71072
Sin clasificar Microsoft

CVE-2026-23214 btrfs: reject new transactions if the fs is fully read-only

Information published.

CVE-2026-23214
Sin clasificar Microsoft

CVE-2026-23229 crypto: virtio - Add spinlock protection with virtqueue notification

Information published.

CVE-2026-23229
Sin clasificar Microsoft

CVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset

Information published.

CVE-2026-23213
Sin clasificar Microsoft

CVE-2025-71225 md: suspend array while updating raid_disks via sysfs

Information published.

CVE-2025-71225
Sin clasificar Microsoft

CVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channels

Information published.

CVE-2025-71227
Sin clasificar Microsoft

CVE-2026-23223 xfs: fix UAF in xchk_btree_check_block_owner

Information published.

CVE-2026-23223
Sin clasificar Microsoft

CVE-2026-23225 sched/mmcid: Don't assume CID is CPU owned on mode switch

Information published.

CVE-2026-23225
Sin clasificar Microsoft

CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler

Information published.

CVE-2026-23207
Sin clasificar Microsoft

CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes

Information published.

CVE-2025-38041
Sin clasificar Microsoft

CVE-2025-38029 kasan: avoid sleepable page allocation from atomic context

Information published.

CVE-2025-38029
Sin clasificar Microsoft

CVE-2025-38064 virtio: break and reset virtio devices on device_shutdown()

Information published.

CVE-2025-38064
Sin clasificar Microsoft

CVE-2025-68201 drm/amdgpu: remove two invalid BUG_ON()s

Information published.

CVE-2025-68201
Sin clasificar Microsoft

CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough

Information published.

CVE-2025-68230
Sin clasificar Microsoft

CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition

Information published.

CVE-2025-68174
Sin clasificar Microsoft

CVE-2025-40355 sysfs: check visibility before changing group attribute ownership

Information published.

CVE-2025-40355
Sin clasificar Microsoft

CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side

Information published.

CVE-2025-68304
Sin clasificar Microsoft

CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work

Information published.

CVE-2025-68324
Sin clasificar Microsoft

CVE-2025-68736 landlock: Fix handling of disconnected directories

Information published.

CVE-2025-68736
Sin clasificar Microsoft

CVE-2025-68745 scsi: qla2xxx: Clear cmds after chip reset

Information published.

CVE-2025-68745
Sin clasificar Microsoft

CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved

Information published.

CVE-2025-40339
Sin clasificar Microsoft

CVE-2025-68190 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()

Information published.

CVE-2025-68190
Sin clasificar Microsoft

CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()

Information published.

CVE-2025-68188
Sin clasificar Microsoft

CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup

Information published.

CVE-2025-68296
Sin clasificar Microsoft

CVE-2025-68356 gfs2: Prevent recursive memory reclaim

Information published.

CVE-2025-68356
Sin clasificar Microsoft

CVE-2025-68374 md: fix rcu protection in md_wakeup_thread

Information published.

CVE-2025-68374
Sin clasificar Microsoft

CVE-2024-53133 drm/amd/display: Handle dml allocation failure to avoid crash

Information published.

CVE-2024-53133
Sin clasificar Microsoft

CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string

Information published.

CVE-2025-38660
Sin clasificar Microsoft

CVE-2025-38636 rv: Use strings in da monitors tracepoints

Information published.

CVE-2025-38636
Sin clasificar Microsoft

CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields

Information published.

CVE-2025-38591
Media Microsoft

CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()

Information published.

CVE-2025-38585
Sin clasificar Microsoft

CVE-2025-38584 padata: Fix pd UAF once and for all

Information published.

CVE-2025-38584
Sin clasificar Microsoft

CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port

Information published.

CVE-2024-38595
Sin clasificar Microsoft

CVE-2024-44951 serial: sc16is7xx: fix TX fifo corruption

Information published.

CVE-2024-44951
Sin clasificar Microsoft

CVE-2025-39932 smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work)

Information published.

CVE-2025-39932
Sin clasificar Microsoft

CVE-2025-40064 smc: Fix use-after-free in __pnet_find_base_ndev().

Information published.

CVE-2025-40064
Sin clasificar Microsoft

CVE-2025-39927 ceph: fix race condition validating r_parent before applying state

Information published.

CVE-2025-39927
Sin clasificar Microsoft

CVE-2025-39901 i40e: remove read access to debugfs files

Information published.

CVE-2025-39901
Sin clasificar Microsoft

CVE-2025-39905 net: phylink: add lock for serializing concurrent pl->phydev writes with resolver

Information published.

CVE-2025-39905
Baja Microsoft

CVE-2025-39940 dm-stripe: fix a possible integer overflow

Information published.

CVE-2025-39940
Sin clasificar Microsoft

CVE-2025-39990 bpf: Check the helper function is valid in get_helper_proto

Information published.

CVE-2025-39990
Sin clasificar Microsoft

CVE-2025-40003 net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work

Information published.

CVE-2025-40003
Sin clasificar Microsoft

CVE-2025-40074 ipv4: start using dst_dev_rcu()

Information published.

CVE-2025-40074
Sin clasificar Microsoft

CVE-2025-40065 RISC-V: KVM: Write hgatp register with valid mode bits

Information published.

CVE-2025-40065
Sin clasificar Microsoft

CVE-2025-40075 tcp_metrics: use dst_dev_net_rcu()

Information published.

CVE-2025-40075
Sin clasificar Microsoft

CVE-2025-40057 ptp: Add a upper bound on max_vclocks

Information published.

CVE-2025-40057
Sin clasificar Microsoft

CVE-2025-40102 KVM: arm64: Prevent access to vCPU events before init

Information published.

CVE-2025-40102
Sin clasificar Microsoft

CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying

Information published.

CVE-2025-22113
Sin clasificar Microsoft

CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()

Information published.

CVE-2025-21927
Sin clasificar Microsoft

CVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folio

Information published.

CVE-2025-21907
Sin clasificar Microsoft

CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb

Information published.

CVE-2025-22124
Sin clasificar Microsoft

CVE-2025-38333 f2fs: fix to bail out in get_new_segment()

Information published.

CVE-2025-38333
Sin clasificar Microsoft

CVE-2025-38264 nvme-tcp: sanitize request list handling

Information published.

CVE-2025-38264
Sin clasificar Microsoft

CVE-2025-38340 firmware: cs_dsp: Fix OOB memory read access in KUnit test

Information published.

CVE-2025-38340
Sin clasificar Microsoft

CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping

Information published.

CVE-2025-38279
Sin clasificar Microsoft

CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit()

Information published.

CVE-2025-38269
Sin clasificar Microsoft

CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed

Information published.

CVE-2024-42317
Sin clasificar Microsoft

CVE-2024-41008 drm/amdgpu: change vm->task_info handling

Information published.

CVE-2024-41008
Sin clasificar Microsoft

CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly

Information published.

CVE-2024-41067
Sin clasificar Microsoft

CVE-2024-41023 sched/deadline: Fix task_struct reference leak

Information published.

CVE-2024-41023
Sin clasificar Microsoft

CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()

Information published.

CVE-2024-50217
Sin clasificar Microsoft

CVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels

Information published.

CVE-2025-21768
Sin clasificar Microsoft

CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed

Information published.

CVE-2024-57976
Sin clasificar Microsoft

CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool

Information published.

CVE-2025-21786
Sin clasificar Microsoft

CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug

Information published.

CVE-2025-21693
Sin clasificar Microsoft

CVE-2025-21714 RDMA/mlx5: Fix implicit ODP use after free

Information published.

CVE-2025-21714
Sin clasificar Microsoft

CVE-2024-56775 drm/amd/display: Fix handling of plane refcount

Information published.

CVE-2024-56775
Sin clasificar Microsoft

CVE-2024-57857 RDMA/siw: Remove direct link to net_device

Information published.

CVE-2024-57857
Sin clasificar Microsoft

CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()

Information published.

CVE-2026-31419
Sin clasificar Microsoft

CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free

Information published.

CVE-2026-31493
Sin clasificar Microsoft

CVE-2026-31557 nvmet: move async event work off nvmet-wq

Information published.

CVE-2026-31557
Sin clasificar Microsoft

CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use

Information published.

CVE-2026-31606
Sin clasificar Microsoft

CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK

Information published.

CVE-2026-31663
Sin clasificar Microsoft

CVE-2026-31645 net: lan966x: fix page pool leak in error paths

Information published.

CVE-2026-31645
Sin clasificar Microsoft

CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output

Information published.

CVE-2026-31630
Sin clasificar Microsoft

CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock

Information published.

CVE-2026-31592
Sin clasificar Microsoft

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

Information published.

CVE-2026-6357
Sin clasificar Microsoft

CVE-2026-31487 spi: use generic driver_override infrastructure

Information published.

CVE-2026-31487
Sin clasificar Microsoft

CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown

Information published.

CVE-2026-31516
Sin clasificar Microsoft

CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation

Information published.

CVE-2026-31488
Sin clasificar Microsoft

CVE-2026-31506 net: bcmasp: fix double free of WoL irq

Information published.

CVE-2026-31506
Sin clasificar Microsoft

CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory

Information published.

CVE-2026-31440
Sin clasificar Microsoft

CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()

Information published.

CVE-2026-31505
Sin clasificar Microsoft

CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes

Information published.

CVE-2026-31449
Sin clasificar Microsoft

CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED

Information published.

CVE-2026-31536
Sin clasificar Microsoft

CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response

Information published.

CVE-2026-31613
Sin clasificar Microsoft

CVE-2026-31688 driver core: enforce device_lock for driver_match_device()

Information published.

CVE-2026-31688
Sin clasificar Microsoft

CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns

Information published.

CVE-2026-31692
Sin clasificar Microsoft

CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly

Information published.

CVE-2024-35808
Sin clasificar Microsoft

CVE-2024-26944 btrfs: zoned: fix use-after-free in do_zone_finish()

Information published.

CVE-2024-26944
Sin clasificar Microsoft

CVE-2024-35794 dm-raid: really frozen sync_thread during suspend

Information published.

CVE-2024-35794
Sin clasificar Microsoft

CVE-2025-37907 accel/ivpu: Fix locking order in ivpu_job_submit

Information published.

CVE-2025-37907
Sin clasificar Microsoft

CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio

Information published.

CVE-2025-37834
Sin clasificar Microsoft

CVE-2025-37877 iommu: Clear iommu-dma ops on cleanup

Information published.

CVE-2025-37877
Sin clasificar Microsoft

CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()

Information published.

CVE-2025-37826
Sin clasificar Microsoft

CVE-2025-37856 btrfs: harden block_group::bg_list against list_del() races

Information published.

CVE-2025-37856
Sin clasificar Microsoft

CVE-2025-37882 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling

Information published.

CVE-2025-37882
Sin clasificar Microsoft

CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

Information published.

CVE-2025-37861
Sin clasificar Microsoft

CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap

Information published.

CVE-2025-37807
Sin clasificar Microsoft

CVE-2025-37747 perf: Fix hang while freeing sigtrap event

Information published.

CVE-2025-37747
Sin clasificar Microsoft

CVE-2025-37750 smb: client: fix UAF in decryption with multichannel

Information published.

CVE-2025-37750
Sin clasificar Microsoft

CVE-2026-23241 audit: add missing syscalls to read class

Information published.

CVE-2026-23241
Sin clasificar Microsoft

CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements

Information published.

CVE-2026-23278
Sin clasificar Microsoft

CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion

Information published.

CVE-2026-23272
Sin clasificar Microsoft

CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz

Information published.

CVE-2026-23377
Sin clasificar Microsoft

CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing

Information published.

CVE-2026-23383
Sin clasificar Microsoft

CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.

Information published.

CVE-2026-23394
Sin clasificar Microsoft

CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()

Information published.

CVE-2026-23240
Sin clasificar Microsoft

CVE-2026-23248 perf/core: Fix refcount bug and potential UAF in perf_mmap

Information published.

CVE-2026-23248
Sin clasificar Microsoft

CVE-2026-23247 tcp: secure_seq: add back ports to TS offset

Information published.

CVE-2026-23247
Sin clasificar Microsoft

CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry

Information published.

CVE-2026-23361
Sin clasificar Microsoft

CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()

Information published.

CVE-2026-23346
Sin clasificar Microsoft

CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message

Information published.

CVE-2026-0968
Sin clasificar Microsoft

CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'

Information published.

CVE-2024-26672
Sin clasificar Microsoft

CVE-2024-26757 md: Don't ignore read-only array in md_check_recovery()

Information published.

CVE-2024-26757
Sin clasificar Microsoft

CVE-2024-26758 md: Don't ignore suspended array in md_check_recovery()

Information published.

CVE-2024-26758
Sin clasificar Microsoft

CVE-2024-26756 md: Don't register sync_thread for reshape directly

Information published.

CVE-2024-26756
Sin clasificar Microsoft

CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq

Information published.

CVE-2023-52586
Sin clasificar Microsoft

CVE-2023-52624 drm/amd/display: Wake DMCUB before executing GPINT commands

Information published.

CVE-2023-52624
Sin clasificar Microsoft

CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()

Information published.

CVE-2026-31706
Sin clasificar Microsoft

CVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()

Information published.

CVE-2026-31707
Sin clasificar Microsoft

CVE-2026-43042 mpls: add seqcount to protect the platform_label{,s} pair

Information published.

CVE-2026-43042
Sin clasificar Microsoft

CVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlers

Information published.

CVE-2026-31771
Sin clasificar Microsoft

CVE-2026-43052 wifi: mac80211: check tdls flag in ieee80211_tdls_oper

Information published.

CVE-2026-43052
Sin clasificar Microsoft

CVE-2026-31709 smb: client: validate the whole DACL before rewriting it in cifsacl

Information published.

CVE-2026-31709
Sin clasificar Microsoft

CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa

Information published.

CVE-2026-43248
Sin clasificar Microsoft

CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex

Information published.

CVE-2026-43127
Sin clasificar Microsoft

CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode

Information published.

CVE-2026-43161
Sin clasificar Microsoft

CVE-2026-43245 ntfs: ->d_compare() must not block

Information published.

CVE-2026-43245
Sin clasificar Microsoft

CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()

Information published.

CVE-2025-71273
Sin clasificar Microsoft

CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname

Information published.

CVE-2026-43153
Sin clasificar Microsoft

CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack

Information published.

CVE-2026-43116
Sin clasificar Microsoft

CVE-2026-43331 x86/kexec: Disable KCOV instrumentation after load_segments()

Information published.

CVE-2026-43331
Sin clasificar Microsoft

CVE-2026-43319 spi: spidev: fix lock inversion between spi_lock and buf_lock

Information published.

CVE-2026-43319
Sin clasificar Microsoft

CVE-2026-43303 mm/page_alloc: clear page->private in free_pages_prepare()

Information published.

CVE-2026-43303
Sin clasificar Microsoft

CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode

Information published.

CVE-2026-31767
Sin clasificar Microsoft

CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls

Information published.

CVE-2026-43249
Sin clasificar Microsoft

CVE-2026-43490 ksmbd: validate inherited ACE SID length

Information published.

CVE-2026-43490
Sin clasificar Microsoft

CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests

Information published.

CVE-2026-43493
Sin clasificar Microsoft

CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node

Information published.

CVE-2026-43491
Sin clasificar Microsoft

CVE-2026-43465 net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ

Information published.

CVE-2026-43465
Sin clasificar Microsoft

CVE-2026-43499 rtmutex: Use waiter::task instead of current in remove_waiter()

Information published.

CVE-2026-43499
Sin clasificar Microsoft

CVE-2026-43497 fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free

Information published.

CVE-2026-43497
Sin clasificar Microsoft

CVE-2026-43502 net/rds: handle zerocopy send cleanup before the message is queued

Information published.

CVE-2026-43502
Sin clasificar Microsoft

CVE-2026-43501 ipv6: rpl: reserve mac_len headroom when recompressed SRH grows

Information published.

CVE-2026-43501
Sin clasificar Microsoft

CVE-2026-43496 net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked

Information published.

CVE-2026-43496
Sin clasificar Microsoft

CVE-2026-43048 HID: core: Mitigate potential OOB by removing bogus memset()

Information published.

CVE-2026-43048
Sin clasificar Microsoft

CVE-2026-43049 HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure

Information published.

CVE-2026-43049
Sin clasificar Microsoft

CVE-2026-31712 ksmbd: require minimum ACE size in smb_check_perm_dacl()

Information published.

CVE-2026-31712
Sin clasificar Microsoft

CVE-2026-43019 Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync

Information published.

CVE-2026-43019
Sin clasificar Microsoft

CVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision tracking

Information published.

CVE-2026-43009
Sin clasificar Microsoft

CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function

Information published.

CVE-2026-43073
Sin clasificar Microsoft

CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree

Information published.

CVE-2026-43125
Sin clasificar Microsoft

CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()

Information published.

CVE-2026-43198
Sin clasificar Microsoft

CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing

Information published.

CVE-2026-43172
Sin clasificar Microsoft

CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels

Information published.

CVE-2025-71285
Sin clasificar Microsoft

CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay

Information published.

CVE-2026-43118
Sin clasificar Microsoft

CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock

Information published.

CVE-2026-43109
Sin clasificar Microsoft

CVE-2026-43258 alpha: fix user-space corruption during memory compaction

Information published.

CVE-2026-43258
Sin clasificar Microsoft

CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files

Information published.

CVE-2025-71289
Sin clasificar Microsoft

CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()

Information published.

CVE-2026-43250
Sin clasificar Microsoft

CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports

Information published.

CVE-2026-43088
Sin clasificar Microsoft

CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status

Information published.

CVE-2026-43119
Sin clasificar Microsoft

CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()

Information published.

CVE-2026-43101
Sin clasificar Microsoft

CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query

Information published.

CVE-2026-43199
Sin clasificar Microsoft

CVE-2026-43083 net: ioam6: fix OOB and missing lock

Information published.

CVE-2026-43083
Sin clasificar Microsoft

CVE-2026-43338 btrfs: reserve enough transaction items for qgroup ioctls

Information published.

CVE-2026-43338
Sin clasificar Microsoft

CVE-2026-43318 drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify

Information published.

CVE-2026-43318
Sin clasificar Microsoft

CVE-2026-43416 powerpc, perf: Check that current->mm is alive before getting user callchain

Information published.

CVE-2026-43416
Sin clasificar Microsoft

CVE-2026-43298 drm/amdgpu: Skip vcn poison irq release on VF

Information published.

CVE-2026-43298
Baja Microsoft

CVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()

Information published.

CVE-2026-43492
Sin clasificar Microsoft

CVE-2026-45736 ws: Uninitialized memory disclosure

Information published.

CVE-2026-45736
Sin clasificar Microsoft

CVE-2026-43464 net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ

Information published.

CVE-2026-43464
Sin clasificar Microsoft

CVE-2026-43495 net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler

Information published.

CVE-2026-43495
Sin clasificar Microsoft

CVE-2026-43494 net/rds: reset op_nents when zerocopy page pin fails

Information published.

CVE-2026-43494
Sin clasificar Microsoft

CVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migration

Information published.

CVE-2025-39754
Sin clasificar Microsoft

CVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliable

Information published.

CVE-2025-39746
Sin clasificar Microsoft

CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer

Information published.

CVE-2025-39833
Sin clasificar Microsoft

CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects

Information published.

CVE-2025-39850
Sin clasificar Microsoft

CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal

Information published.

CVE-2025-39677
Sin clasificar Microsoft

CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities

Information published.

CVE-2025-39707
Sin clasificar Microsoft

CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown

Information published.

CVE-2025-39810
Sin clasificar Microsoft

CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object

Information published.

CVE-2025-39851
Sin clasificar Microsoft

CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart

Information published.

CVE-2025-39862
Sin clasificar Microsoft

CVE-2024-58241 Bluetooth: hci_core: Disable works on hci_unregister_dev

Information published.

CVE-2024-58241
Sin clasificar Windows

CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability

Fixed a typographical error. This is an information change only.

CVE-2026-45585
Sin clasificar Windows

CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability

Added a script to implement a mitigation and removed the manual mitigations. Please read the information to decide if you need to run the provided script.

CVE-2026-45585
Sin clasificar Microsoft

CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node

Information published.

CVE-2026-43491
Sin clasificar Microsoft

CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls

Information published.

CVE-2026-43619
Baja Microsoft

CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure

Information published.

CVE-2026-43618
Sin clasificar Microsoft

CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()

Information published.

CVE-2026-43620
Sin clasificar Microsoft

CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.

Information published.

CVE-2026-47784
Sin clasificar Microsoft

CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

Information published.

CVE-2026-47783
Sin clasificar Microsoft

CVE-2026-32792 Packet of death with DNSCrypt

Information published.

CVE-2026-32792
Sin clasificar Microsoft

CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section

Information published.

CVE-2026-42960
Sin clasificar Microsoft

CVE-2026-42959 Crash during DNSSEC validation of malicious content

Information published.

CVE-2026-42959
Sin clasificar Microsoft

CVE-2026-44608 Use after free and crash under special conditions in RPZ code

Information published.

CVE-2026-44608
Sin clasificar Microsoft

CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation

Information published.

CVE-2026-33278
Sin clasificar Microsoft

CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations

Information published.

CVE-2026-42923
Baja Microsoft

CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection

Information published.

CVE-2026-45803
Baja Microsoft

CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame

Information published.

CVE-2026-43970
Sin clasificar Microsoft

CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic

Information published.

CVE-2026-46333
Sin clasificar Microsoft

CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution

Information published.

CVE-2026-43617
Sin clasificar Microsoft

CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy

Information published.

CVE-2026-45232
Baja Microsoft

CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write

Information published.

CVE-2026-29518
Sin clasificar Microsoft

CVE-2026-41292 Long list of incoming EDNS options degrades performance

Information published.

CVE-2026-41292
Sin clasificar Microsoft

CVE-2026-42534 Jostle logic bypass degrades resolution performance

Information published.

CVE-2026-42534
Sin clasificar Microsoft

CVE-2026-40622 Another 'ghost domain names' attack variant

Information published.

CVE-2026-40622
Baja Microsoft

CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options

Information published.

CVE-2026-42944
Sin clasificar Microsoft

CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service

Information published.

CVE-2026-44390
Sin clasificar Microsoft

CVE-2026-45736 ws: Uninitialized memory disclosure

Information published.

CVE-2026-45736
Sin clasificar Microsoft

CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability

Today's changes were made in error and have been reverted. This is an informational change only.

CVE-2026-40367
Crítica Microsoft

CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability

The security impact for this vulnerability has been revised from Critical to Important. In addition, the CVSS vector and FAQs were modified. This change does not affect the available security updates. Customers shoul...

CVE-2026-40367
Sin clasificar Microsoft

CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command

Information published.

CVE-2026-34956
Sin clasificar Microsoft

CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests

Information published.

CVE-2026-43493
Sin clasificar Microsoft

CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node

Information published.

CVE-2026-43491
Sin clasificar Microsoft

CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag

Information published.

CVE-2026-46483
Baja Microsoft

CVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()

Information published.

CVE-2026-43492
Baja Windows

CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best p...

CVE-2026-45585
Sin clasificar Microsoft

CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference

Information published.

CVE-2025-8224
Baja Microsoft

CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow

Information published.

CVE-2025-1176
Sin clasificar Microsoft

CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption

Information published.

CVE-2025-1178
Sin clasificar Microsoft

CVE-2025-0665 eventfd double close

Information published.

CVE-2025-0665
Sin clasificar Microsoft

CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure

Information published.

CVE-2026-34757
Sin clasificar Microsoft

CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

Information published.

CVE-2026-41080
Sin clasificar Microsoft

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

Information published.

CVE-2026-6357
Sin clasificar Windows

CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs

Information published.

CVE-2026-3087
Sin clasificar Microsoft

CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives

Information published.

CVE-2026-3219
Sin clasificar Microsoft

CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)

Information published.

CVE-2026-28808
Sin clasificar Microsoft

CVE-2026-41604 Apache Thrift: Swift Range crash in skip()

Information published.

CVE-2026-41604
Baja Microsoft

CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow

Information published.

CVE-2026-40170
Sin clasificar Microsoft

CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison

Information published.

CVE-2026-3833
Baja Microsoft

CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.

Information published.

CVE-2026-34874
Baja Microsoft

CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.

Information published.

CVE-2026-34876
Sin clasificar Microsoft

CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).

Information published.

CVE-2026-25835
Sin clasificar Microsoft

CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.

Information published.

CVE-2025-66442
Sin clasificar Microsoft

CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.

Information published.

CVE-2026-34873
Sin clasificar Microsoft

CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).

Information published.

CVE-2026-34871
Sin clasificar Microsoft

CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).

Information published.

CVE-2026-34872
Baja Microsoft

CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.

Information published.

CVE-2026-25834
Baja Microsoft

CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function

Information published.

CVE-2026-25833
Sin clasificar Microsoft

CVE-2026-41082 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.

Information published.

CVE-2026-41082
Sin clasificar Microsoft

CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"

Information published.

CVE-2026-7246
Sin clasificar Microsoft

CVE-2026-31723 usb: gadget: f_subset: Fix net_device lifecycle with device_move

Information published.

CVE-2026-31723
Sin clasificar Microsoft

CVE-2026-31724 usb: gadget: f_eem: Fix net_device lifecycle with device_move

Information published.

CVE-2026-31724
Sin clasificar Microsoft

CVE-2026-31721 usb: gadget: f_hid: move list and spinlock inits from bind to alloc

Information published.

CVE-2026-31721
Baja Microsoft

CVE-2026-31704 ksmbd: use check_add_overflow() to prevent u16 DACL size overflow

Information published.

CVE-2026-31704
Sin clasificar Microsoft

CVE-2026-31702 f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()

Information published.

CVE-2026-31702
Sin clasificar Microsoft

CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()

Information published.

CVE-2026-43185
Sin clasificar Microsoft

CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths

Information published.

CVE-2025-71272
Sin clasificar Microsoft

CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization

Information published.

CVE-2026-41673
Sin clasificar Microsoft

CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition

Information published.

CVE-2026-43443
Media Microsoft

CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC

Information published.

CVE-2026-43310
Sin clasificar Microsoft

CVE-2026-43421 usb: gadget: f_ncm: Fix net_device lifecycle with device_move

Information published.

CVE-2026-43421
Baja Microsoft

CVE-2026-37458 Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.

Information published.

CVE-2026-37458
Sin clasificar Microsoft

CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Information published.

CVE-2026-33814
Sin clasificar Microsoft

CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

Information published.

CVE-2026-39823
Sin clasificar Microsoft

CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication

Information published.

CVE-2026-42256
Sin clasificar Microsoft

CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing

Information published.

CVE-2026-42246
Media Microsoft

CVE-2026-45186 In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.

Information published.

CVE-2026-45186
Baja Microsoft

CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash

Information published.

CVE-2026-6210
Sin clasificar Microsoft

CVE-2026-4873 connection reuse ignores TLS requirement

Information published.

CVE-2026-4873
Sin clasificar Microsoft

CVE-2026-6429 netrc credential leak with reused proxy connection

Information published.

CVE-2026-6429
Sin clasificar Microsoft

CVE-2026-5545 wrong reuse of HTTP Negotiate connection

Information published.

CVE-2026-5545
Sin clasificar Microsoft

CVE-2026-6253 proxy credentials leak over redirect-to proxy

Information published.

CVE-2026-6253
Sin clasificar Microsoft

CVE-2026-5773 wrong reuse of SMB connection

Information published.

CVE-2026-5773
Sin clasificar Microsoft

CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling

Information published.

CVE-2026-42011
Sin clasificar Microsoft

CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

Information published.

CVE-2026-7210
Sin clasificar SQL Server

CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound

Information published.

CVE-2026-6473
Sin clasificar Microsoft

CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory

Information published.

CVE-2026-6477
Baja Microsoft

CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding

Information published.

CVE-2026-44662
Sin clasificar Microsoft

CVE-2026-31777 ALSA: ctxfi: Check the error for index mapping

Information published.

CVE-2026-31777
Sin clasificar Microsoft

CVE-2026-31722 usb: gadget: f_rndis: Fix net_device lifecycle with device_move

Information published.

CVE-2026-31722
Sin clasificar Microsoft

CVE-2026-31725 usb: gadget: f_ecm: Fix net_device lifecycle with device_move

Information published.

CVE-2026-31725
Sin clasificar Microsoft

CVE-2026-31729 usb: typec: ucsi: validate connector number in ucsi_notify_common()

Information published.

CVE-2026-31729
Sin clasificar Microsoft

CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()

Information published.

CVE-2026-31715
Baja Microsoft

CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow

Information published.

CVE-2026-7598
Media Microsoft

CVE-2026-43058 media: vidtv: fix pass-by-value structs causing MSAN warnings

Information published.

CVE-2026-43058
Sin clasificar Microsoft

CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE

Information published.

CVE-2026-43176
Sin clasificar Microsoft

CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams

Information published.

CVE-2026-43204
Sin clasificar Microsoft

CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints

Information published.

CVE-2026-43126
Sin clasificar Microsoft

CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU

Information published.

CVE-2026-43115
Sin clasificar Microsoft

CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet

Information published.

CVE-2026-43219
Sin clasificar Microsoft

CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report

Information published.

CVE-2026-43213
Sin clasificar Microsoft

CVE-2026-43228 hfs: Replace BUG_ON with error handling for CNID count checks

Information published.

CVE-2026-43228
Sin clasificar Microsoft

CVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon tracking

Information published.

CVE-2026-43267
Sin clasificar Microsoft

CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability

Information published.

CVE-2026-43870
Sin clasificar Microsoft

CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern

Information published.

CVE-2026-43868 CVE-2020-13949
Sin clasificar Microsoft

CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification

Information published.

CVE-2026-43869
Sin clasificar Microsoft

CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization

Information published.

CVE-2026-41672
Sin clasificar Microsoft

CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization

Information published.

CVE-2026-41674
Sin clasificar Microsoft

CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization

Information published.

CVE-2026-41675
Sin clasificar Microsoft

CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect

Information published.

CVE-2026-31717
Sin clasificar Microsoft

CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue

Information published.

CVE-2026-43352
Sin clasificar Microsoft

CVE-2026-43317 most: core: fix leak on early registration failure

Information published.

CVE-2026-43317
Sin clasificar Microsoft

CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue

Information published.

CVE-2026-43353
Baja Microsoft

CVE-2026-37459 An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

Information published.

CVE-2026-37459
Sin clasificar Microsoft

CVE-2026-33811 Crash when handling long CNAME response in net

Information published.

CVE-2026-33811
Sin clasificar Microsoft

CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go

Information published.

CVE-2026-39817
Baja Microsoft

CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

Information published.

CVE-2026-39819
Sin clasificar Microsoft

CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail

Information published.

CVE-2026-39820
Sin clasificar Microsoft

CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil

Information published.

CVE-2026-39825
Sin clasificar Microsoft

CVE-2026-39826 Escaper bypass leads to XSS in html/template

Information published.

CVE-2026-39826
Sin clasificar Windows

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

Information published.

CVE-2026-39836
Sin clasificar Microsoft

CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail

Information published.

CVE-2026-42499
Sin clasificar Microsoft

CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go

Information published.

CVE-2026-42501
Sin clasificar Microsoft

CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands

Information published.

CVE-2026-42257
Sin clasificar Microsoft

CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs

Information published.

CVE-2026-42258
Sin clasificar Microsoft

CVE-2026-6276 stale custom cookie host causes cookie leak

Information published.

CVE-2026-6276
Sin clasificar Microsoft

CVE-2026-7168 cross-proxy Digest auth state leak

Information published.

CVE-2026-7168
Baja Microsoft

CVE-2026-8295 Integer overflow in simdjson

Information published.

CVE-2026-8295
Sin clasificar Microsoft

CVE-2026-4892 CVE-2026-4892

Information published.

CVE-2026-4892
Sin clasificar Microsoft

CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

Information published.

CVE-2026-8328
Media Microsoft

CVE-2026-32185 Microsoft Teams Spoofing Vulnerability

The security update for Microsoft Teams for Android is not immediately available. Customers running affected Microsoft Teams for would need to install the update to be protected from this vulnerability, once the updat...

CVE-2026-32185
Sin clasificar Exchange Server

CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability

Updated FAQ information. This is an informational change only.

CVE-2026-42897
Baja Azure

CVE-2026-42822 Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability

Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-42822
Sin clasificar Microsoft

CVE-2026-32177 .NET Elevation of Privilege Vulnerability

Update the Security Updates table to remove incorrectly added software

CVE-2026-32177
Sin clasificar Microsoft

CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()

Information published.

CVE-2026-43308
Sin clasificar Microsoft

CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

Information published.

CVE-2026-7210
Sin clasificar Microsoft

CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag

Information published.

CVE-2026-46483
Sin clasificar Microsoft

CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

Information published.

CVE-2026-44283
Sin clasificar Microsoft

CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

Information published.

CVE-2026-8368
Sin clasificar Microsoft

CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

Information published.

CVE-2026-8328
Baja Microsoft

CVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflow

Information published.

CVE-2026-44673
Sin clasificar Microsoft

CVE-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channel

Information published.

CVE-2026-6478
Sin clasificar SQL Server

CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound

Information published.

CVE-2026-6473
Baja Microsoft

CVE-2026-6638 PostgreSQL REFRESH PUBLICATION allows SQL injection via table name

Information published.

CVE-2026-6638
Baja Microsoft

CVE-2026-6637 PostgreSQL refint allows stack buffer overflow and SQL injection

Information published.

CVE-2026-6637
Sin clasificar Microsoft

CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory

Information published.

CVE-2026-6477
Sin clasificar Microsoft

CVE-2026-40460 NGINX ngx_quic_module vulnerability

Information published.

CVE-2026-40460
Sin clasificar Microsoft

CVE-2026-42934 NGINX ngx_http_charset_module vulnerability

Information published.

CVE-2026-42934
Sin clasificar Microsoft

CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability

Information published.

CVE-2026-42946
Baja Microsoft

CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding

Information published.

CVE-2026-44662
Baja Microsoft

CVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects

Information published.

CVE-2026-44431
Sin clasificar Microsoft

CVE-2026-43490 ksmbd: validate inherited ACE SID length

Information published.

CVE-2026-43490
Sin clasificar Microsoft

CVE-2026-6475 PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice

Information published.

CVE-2026-6475
Sin clasificar Microsoft

CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory

Information published.

CVE-2026-6474
Sin clasificar Microsoft

CVE-2026-6472 PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege

Information published.

CVE-2026-6472
Sin clasificar Microsoft

CVE-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

Information published.

CVE-2026-6479
Sin clasificar Microsoft

CVE-2026-40701 NGINX ngx_http_ssl_module vulnerability

Information published.

CVE-2026-40701
Sin clasificar Microsoft

CVE-2026-42945 NGINX ngx_http_rewrite_module vulnerability

Information published.

CVE-2026-42945
Sin clasificar Microsoft

CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic

Information published.

CVE-2026-46333
Sin clasificar Azure

CVE-2026-40379 Azure Entra ID Spoofing Vulnerability

Corrected CVE title. This is an informational change only.

CVE-2026-40379
Sin clasificar Windows

CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability

Updated Hotpatch links. This is in informational change only.

CVE-2026-32161
Sin clasificar Windows

CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability

Updated Hotpatch links. This is in informational change only.

CVE-2026-32170
Sin clasificar Windows

CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability

Updated Hotpatch links. This is in informational change only.

CVE-2026-21530
Sin clasificar Microsoft

CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

Information published.

CVE-2026-29181
Sin clasificar Microsoft

CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Information published.

CVE-2026-33814
Sin clasificar Microsoft

CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains

Information published.

CVE-2026-42304
Sin clasificar Microsoft

CVE-2026-4893 CVE-2026-4893

Information published.

CVE-2026-4893
Sin clasificar Microsoft

CVE-2026-2291 CVE-2026-2291

Information published.

CVE-2026-2291
Sin clasificar Microsoft

CVE-2026-5172 CVE-2026-5172

Information published.

CVE-2026-5172
Sin clasificar Microsoft

CVE-2026-4890 CVE-2026-4890

Information published.

CVE-2026-4890
Sin clasificar Microsoft

CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling

Information published.

CVE-2026-42011
Sin clasificar Microsoft

CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command

Information published.

CVE-2026-34956
Sin clasificar Microsoft

CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

Information published.

CVE-2026-7210
Sin clasificar Microsoft

CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Information published.

CVE-2026-43969
Baja Microsoft

CVE-2026-8295 Integer overflow in simdjson

Information published.

CVE-2026-8295
Sin clasificar Microsoft

CVE-2026-4891 CVE-2026-4891

Information published.

CVE-2026-4891
Sin clasificar Microsoft

CVE-2026-4892 CVE-2026-4892

Information published.

CVE-2026-4892
Sin clasificar Microsoft

CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username

Information published.

CVE-2026-42010
Sin clasificar Microsoft

CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

Information published.

CVE-2026-7790
Sin clasificar Microsoft

CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1

Information published.

CVE-2026-43968
Sin clasificar Microsoft

CVE-2026-32177 .NET Elevation of Privilege Vulnerability

New .NET Framework Packages have been added

CVE-2026-32177
Sin clasificar Microsoft

CVE-2026-35433 .NET Elevation of Privilege Vulnerability

New .NET Framework Packages have been added

CVE-2026-35433
Baja Microsoft

CVE-2026-41615 Microsoft Authenticator Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.

CVE-2026-41615
Baja Exchange Server

CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-42897
Baja Microsoft

CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve

Information published.

CVE-2026-25541
Sin clasificar Dynamics

CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Updated the fixed version number. This is an informational change only.

CVE-2026-42833
Sin clasificar Dynamics

CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Acknowledgement Updated

CVE-2026-42898
Sin clasificar Dynamics

CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Updated the fixed version number. This is an informational change only.

CVE-2026-42898
Sin clasificar Azure

CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API

Information published.

CVE-2026-42151
Baja Microsoft

CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload

Information published.

CVE-2026-42154
Sin clasificar Microsoft

CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Information published.

CVE-2026-33814
Sin clasificar Microsoft

CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

Information published.

CVE-2026-39823
Sin clasificar Microsoft

CVE-2026-45186

Information published.

CVE-2026-45186
Baja Microsoft

CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro

Information published.

CVE-2026-43894
Baja Microsoft

CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge

Information published.

CVE-2026-43896
Sin clasificar Microsoft

CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

Information published.

CVE-2026-43895
Baja Microsoft

CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains

Information published.

CVE-2026-40612
Sin clasificar Microsoft

CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f

Information published.

CVE-2026-41256
Sin clasificar Microsoft

CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode

Information published.

CVE-2026-31767
Sin clasificar Microsoft

CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls

Information published.

CVE-2026-43249
Sin clasificar Microsoft

CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences

Information published.

CVE-2026-8177
Baja Microsoft

CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash

Information published.

CVE-2026-6210
Baja Microsoft

CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing

Information published.

CVE-2026-6664
Baja Microsoft

CVE-2026-6665 PgBouncer buffer overflow in SCRAM

Information published.

CVE-2026-6665
Sin clasificar Microsoft

CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command

Information published.

CVE-2026-6667
Sin clasificar Microsoft

CVE-2026-6666 PgBouncer crash in kill_pool_logins_server_error

Information published.

CVE-2026-6666
Baja Microsoft

CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading

Information published.

CVE-2026-45130
Sin clasificar Microsoft

CVE-2026-44656 Vim: OS Command Injection via 'path' completion

Information published.

CVE-2026-44656
Sin clasificar Microsoft

CVE-2026-33811 Crash when handling long CNAME response in net

Information published.

CVE-2026-33811
Sin clasificar Microsoft

CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go

Information published.

CVE-2026-39817
Baja Microsoft

CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

Information published.

CVE-2026-39819
Sin clasificar Microsoft

CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail

Information published.

CVE-2026-39820
Sin clasificar Microsoft

CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil

Information published.

CVE-2026-39825
Sin clasificar Microsoft

CVE-2026-39826 Escaper bypass leads to XSS in html/template

Information published.

CVE-2026-39826
Sin clasificar Windows

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

Information published.

CVE-2026-39836
Sin clasificar Microsoft

CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail

Information published.

CVE-2026-42499
Sin clasificar Microsoft

CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go

Information published.

CVE-2026-42501
Baja Microsoft

CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)

Information published.

CVE-2026-41257
Sin clasificar Microsoft

CVE-2026-35469 SpdyStream: DOS on CRI

Information published.

CVE-2026-35469
Sin clasificar Microsoft

CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification

Information published.

CVE-2026-41603
Sin clasificar Microsoft

CVE-2026-41636 Apache Thrift: Node.js skip() recursion

Information published.

CVE-2026-41636
Sin clasificar Microsoft

CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.

Information published.

CVE-2025-48431
Baja Microsoft

CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow

Information published.

CVE-2026-41602
Baja Microsoft

CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow

Information published.

CVE-2026-41605
Baja Azure

CVE-2026-32204 Azure Monitor Agent Elevation of Privilege Vulnerability

External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

CVE-2026-32204
Baja Microsoft

CVE-2026-32177 .NET Elevation of Privilege Vulnerability

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

CVE-2026-32177
Baja Windows

CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.

CVE-2026-21530
Baja Azure

CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability

Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-33117
Baja Windows

CVE-2026-33834 Windows Event Logging Service Elevation of Privilege Vulnerability

Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.

CVE-2026-33834
Baja Windows

CVE-2026-33839 Win32k Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-33839
Baja Windows

CVE-2026-33840 Win32k Elevation of Privilege Vulnerability

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

CVE-2026-33840
Baja Windows

CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-33841
Baja Windows

CVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.

CVE-2026-34329
Baja Windows

CVE-2026-34330 Win32k Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-34330
Baja Windows

CVE-2026-34331 Win32k Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-34331
Baja Windows

CVE-2026-34333 Windows Win32k Elevation of Privilege Vulnerability

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-34333
Baja Windows

CVE-2026-34342 Windows Print Spooler Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

CVE-2026-34342
Baja Windows

CVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.

CVE-2026-34343
Baja Windows

CVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-34344
Baja Windows

CVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-34345
Baja Windows

CVE-2026-34347 Windows Win32k Elevation of Privilege Vulnerability

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-34347
Baja Windows

CVE-2026-34350 Windows Storport Miniport Driver Denial of Service Vulnerability

Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.

CVE-2026-34350
Baja Windows

CVE-2026-34351 Windows TCP/IP Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2026-34351
Baja Windows

CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

CVE-2026-35415
Baja Windows

CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-35416
Baja Windows

CVE-2026-35417 Windows Win32k Elevation of Privilege Vulnerability

Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

CVE-2026-35417
Baja Windows

CVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-35418
Baja Windows

CVE-2026-35419 Windows DWM Core Library Information Disclosure Vulnerability

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

CVE-2026-35419
Baja Windows

CVE-2026-35420 Windows Kernel Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-35420
Baja Windows

CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

CVE-2026-35421
Baja Windows

CVE-2026-35422 Windows TCP/IP Driver Security Feature Bypass Vulnerability

Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.

CVE-2026-35422
Baja Windows

CVE-2026-35423 Windows 11 Telnet Client Information Disclosure Vulnerability

Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.

CVE-2026-35423
Baja Windows

CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.

CVE-2026-35424
Baja Microsoft

CVE-2026-35433 .NET Elevation of Privilege Vulnerability

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

CVE-2026-35433
Baja Windows

CVE-2026-35438 Windows Admin Center Elevation of Privilege Vulnerability

Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

CVE-2026-35438
Baja Microsoft Office

CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-35439
Baja Microsoft Office

CVE-2026-35440 Microsoft Word Information Disclosure Vulnerability

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

CVE-2026-35440
Baja Microsoft Office

CVE-2026-40360 Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-40360
Baja Microsoft Office

CVE-2026-40363 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-40363
Baja Microsoft Office

CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-40364
Baja Microsoft Office

CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-40366
Baja Microsoft Office

CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-40368
Baja Microsoft

CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.

CVE-2026-40374
Baja Windows

CVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

CVE-2026-40377
Baja Windows

CVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution Vulnerability

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.

CVE-2026-40380
Baja Windows

CVE-2026-40399 Windows TCP/IP Elevation of Privilege Vulnerability

Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2026-40399
Baja Windows

CVE-2026-40405 Windows TCP/IP Denial of Service Vulnerability

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.

CVE-2026-40405
Baja Windows

CVE-2026-40406 Windows TCP/IP Information Disclosure Vulnerability

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

CVE-2026-40406
Baja Windows

CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-40407
Baja Windows

CVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege Vulnerability

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

CVE-2026-40408
Baja Windows

CVE-2026-40410 Windows SMB Client Elevation of Privilege Vulnerability

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

CVE-2026-40410
Baja Windows

CVE-2026-40414 Windows TCP/IP Denial of Service Vulnerability

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

CVE-2026-40414
Baja Windows

CVE-2026-40415 Windows TCP/IP Remote Code Execution Vulnerability

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

CVE-2026-40415
Baja Dynamics

CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

CVE-2026-40417
Baja Microsoft Office

CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40419
Baja Microsoft Office

CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.

CVE-2026-40421
Baja Windows

CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-41088
Baja Windows

CVE-2026-41089 Windows Netlogon Remote Code Execution Vulnerability

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

CVE-2026-41089
Baja Microsoft

CVE-2026-41094 Microsoft Data Formulator Remote Code Execution Vulnerability

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

CVE-2026-41094
Baja Microsoft

CVE-2026-41095 Data Deduplication Elevation of Privilege Vulnerability

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

CVE-2026-41095
Baja Windows

CVE-2026-41096 Windows DNS Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

CVE-2026-41096
Baja Microsoft 365

CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

CVE-2026-41100
Baja Microsoft Office

CVE-2026-41101 Microsoft Word for Android Spoofing Vulnerability

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

CVE-2026-41101
Baja Microsoft Office

CVE-2026-41102 Microsoft PowerPoint for Android Spoofing Vulnerability

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

CVE-2026-41102
Baja Visual Studio

CVE-2026-41610 Visual Studio Code Security Feature Bypass Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-41610
Baja Visual Studio

CVE-2026-41611 Visual Studio Code Remote Code Execution Vulnerability

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

CVE-2026-41611
Baja Visual Studio

CVE-2026-41612 Visual Studio Code Information Disclosure Vulnerability

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.

CVE-2026-41612
Baja Microsoft

CVE-2026-41614 M365 Copilot for Desktop Spoofing Vulnerability

Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.

CVE-2026-41614
Baja Windows

CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.

CVE-2026-32161
Baja Windows

CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability

Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.

CVE-2026-32170
Baja Microsoft

CVE-2026-32185 Microsoft Teams Spoofing Vulnerability

Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.

CVE-2026-32185
Baja Microsoft Office

CVE-2026-42831 Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-42831
Sin clasificar Microsoft

CVE-2026-32175 .NET Core Tampering Vulnerability

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on...

CVE-2026-32175
Baja Windows

CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

CVE-2026-42825
Sin clasificar Microsoft

ADV990001 Latest Servicing Stack Updates

Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.

Baja Windows

CVE-2026-42896 Windows DWM Core Library Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-42896
Baja Dynamics

CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

CVE-2026-42898
Baja Microsoft

CVE-2026-42899 ASP.NET Core Denial of Service Vulnerability

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

CVE-2026-42899
Baja Microsoft Office

CVE-2026-33110 Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-33110
Baja Microsoft Office

CVE-2026-33112 Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-33112
Baja Azure

CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-33833
Baja Windows

CVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-33835
Baja Windows

CVE-2026-33837 Windows TCP/IP Local Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2026-33837
Baja Windows

CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

CVE-2026-33838
Baja Windows

CVE-2026-34332 Windows Kernel-Mode Driver Remote Code Execution Vulnerability

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

CVE-2026-34332
Baja Windows

CVE-2026-34334 Windows TCP/IP Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2026-34334
Baja Windows

CVE-2026-34336 Windows DWM Core Library Information Disclosure Vulnerability

Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

CVE-2026-34336
Baja Windows

CVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-34337
Baja Windows

CVE-2026-34338 Windows Telephony Service Elevation of Privilege Vulnerability

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

CVE-2026-34338
Baja Windows

CVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.

CVE-2026-34339
Baja Windows

CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

CVE-2026-34340
Baja Windows

CVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability

Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.

CVE-2026-34341
Baja Microsoft Office

CVE-2026-40357 Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-40357
Baja Microsoft Office

CVE-2026-40358 Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-40358
Baja Microsoft Office

CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-40359
Baja Microsoft Office

CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-40361
Baja Microsoft Office

CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-40362
Baja Microsoft Office

CVE-2026-40365 Microsoft SharePoint Server Remote Code Execution Vulnerability

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-40365
Baja Microsoft Office

CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-40367
Baja SQL Server

CVE-2026-40370 SQL Server Remote Code Execution Vulnerability

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

CVE-2026-40370
Baja Windows

CVE-2026-40369 Windows Kernel Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-40369
Baja Windows

CVE-2026-40382 Windows Telephony Service Elevation of Privilege Vulnerability

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

CVE-2026-40382
Baja Windows

CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability

Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-40397
Baja Windows

CVE-2026-32209 Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability

Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.

CVE-2026-32209
Baja Windows

CVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

CVE-2026-40398
Baja Windows

CVE-2026-40401 Windows TCP/IP Denial of Service Vulnerability

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.

CVE-2026-40401
Baja Windows

CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

CVE-2026-40402
Baja Windows

CVE-2026-40403 Windows Graphics Component Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

CVE-2026-40403
Baja Windows

CVE-2026-40413 Windows TCP/IP Denial of Service Vulnerability

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

CVE-2026-40413
Baja Microsoft Office

CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

CVE-2026-40418
Baja Microsoft Office

CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

CVE-2026-35436
Baja Microsoft Office

CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

CVE-2026-40420
Baja Windows

CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

CVE-2026-41086
Baja Windows

CVE-2026-41097 Secure Boot Security Feature Bypass Vulnerability

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-41097
Baja Azure

CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

CVE-2026-40381
Baja Microsoft

CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-41103
Baja Visual Studio

CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-41613
Baja Azure

CVE-2026-42823 Azure Logic Apps Elevation of Privilege Vulnerability

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

CVE-2026-42823
Baja Azure

CVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

CVE-2026-42830
Baja Microsoft Office

CVE-2026-42832 Microsoft Office Spoofing Vulnerability

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

CVE-2026-42832
Baja Dynamics

CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

CVE-2026-42833
Baja Windows

CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption

This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible. The vulnerability assigned...

CVE-2025-54518
Baja Microsoft

CVE-2026-42893 Microsoft Outlook for iOS Tampering Vulnerability

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

CVE-2026-42893
Sin clasificar Microsoft

CVE-2025-6965 Integer Truncation on SQLite

Boletin publicado por Microsoft Security Response Center.

CVE-2025-6965
Sin clasificar Microsoft

CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

Information published.

CVE-2026-29181
Sin clasificar Microsoft

CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies

Information published.

CVE-2026-39882
Sin clasificar Microsoft

CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue

Information published.

CVE-2026-43353
Sin clasificar Microsoft

CVE-2026-43500 rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

Information published.

CVE-2026-43500
Sin clasificar Windows

CVE-2026-20841 Windows Notepad App Remote Code Execution Vulnerability

Added FAQ information. This is an informational change only.

CVE-2026-20841
Sin clasificar Microsoft

CVE-2026-32226 .NET Framework Denial of Service Vulnerability

This CVE has been updated to include additional Security Updates for .NET Framework

CVE-2026-32226
Sin clasificar Microsoft

CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT

Information published.

CVE-2025-21825
Sin clasificar Microsoft

CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed

Information published.

CVE-2024-58089
Baja Microsoft

CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP

Information published.

CVE-2025-21892
Sin clasificar Microsoft

CVE-2025-21885 RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers

Information published.

CVE-2025-21885
Sin clasificar Microsoft

CVE-2025-21833 iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE

Information published.

CVE-2025-21833
Sin clasificar Microsoft

CVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM type

Information published.

CVE-2025-21888
Sin clasificar Microsoft

CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers

Information published.

CVE-2025-21870
Sin clasificar Microsoft

CVE-2026-23214 btrfs: reject new transactions if the fs is fully read-only

Information published.

CVE-2026-23214
Sin clasificar Microsoft

CVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset

Information published.

CVE-2026-23213
Sin clasificar Microsoft

CVE-2025-71225 md: suspend array while updating raid_disks via sysfs

Information published.

CVE-2025-71225
Sin clasificar Microsoft

CVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channels

Information published.

CVE-2025-71227
Sin clasificar Microsoft

CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler

Information published.

CVE-2026-23207
Sin clasificar Microsoft

CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().

Information published.

CVE-2025-40139
Sin clasificar Microsoft

CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown

Information published.

CVE-2025-40146
Sin clasificar Microsoft

CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().

Information published.

CVE-2025-40168
Sin clasificar Microsoft

CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()

Information published.

CVE-2025-40170
Sin clasificar Microsoft

CVE-2025-40158 ipv6: use RCU in ip6_output()

Information published.

CVE-2025-40158
Sin clasificar Microsoft

CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop

Information published.

CVE-2025-40180
Sin clasificar Microsoft

CVE-2025-68201 drm/amdgpu: remove two invalid BUG_ON()s

Information published.

CVE-2025-68201
Sin clasificar Microsoft

CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough

Information published.

CVE-2025-68230
Sin clasificar Microsoft

CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition

Information published.

CVE-2025-68174
Sin clasificar Microsoft

CVE-2025-40355 sysfs: check visibility before changing group attribute ownership

Information published.

CVE-2025-40355
Sin clasificar Microsoft

CVE-2025-68209 mlx5: Fix default values in create CQ

Information published.

CVE-2025-68209
Sin clasificar Microsoft

CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side

Information published.

CVE-2025-68304
Sin clasificar Microsoft

CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work

Information published.

CVE-2025-68324
Sin clasificar Microsoft

CVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irq

Information published.

CVE-2025-68338
Sin clasificar Microsoft

CVE-2025-68736 landlock: Fix handling of disconnected directories

Information published.

CVE-2025-68736
Sin clasificar Microsoft

CVE-2025-68745 scsi: qla2xxx: Clear cmds after chip reset

Information published.

CVE-2025-68745
Sin clasificar Microsoft

CVE-2025-40289 drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM

Information published.

CVE-2025-40289
Sin clasificar Microsoft

CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved

Information published.

CVE-2025-40339
Sin clasificar Microsoft

CVE-2025-68190 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()

Information published.

CVE-2025-68190
Sin clasificar Microsoft

CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()

Information published.

CVE-2025-68188
Sin clasificar Microsoft

CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup

Information published.

CVE-2025-68296
Sin clasificar Microsoft

CVE-2025-68356 gfs2: Prevent recursive memory reclaim

Information published.

CVE-2025-68356
Baja Microsoft

CVE-2025-68378 bpf: Fix stackmap overflow check in __bpf_get_stackid()

Information published.

CVE-2025-68378
Sin clasificar Microsoft

CVE-2025-68374 md: fix rcu protection in md_wakeup_thread

Information published.

CVE-2025-68374
Sin clasificar Microsoft

CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes

Information published.

CVE-2025-38041
Sin clasificar Microsoft

CVE-2025-38029 kasan: avoid sleepable page allocation from atomic context

Information published.

CVE-2025-38029
Sin clasificar Microsoft

CVE-2025-38064 virtio: break and reset virtio devices on device_shutdown()

Information published.

CVE-2025-38064
Sin clasificar Microsoft

CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work

Information published.

CVE-2025-68822
Sin clasificar Microsoft

CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()

Information published.

CVE-2025-68768
Sin clasificar Microsoft

CVE-2025-71072 shmem: fix recovery on rename failures

Information published.

CVE-2025-71072
Sin clasificar Microsoft

CVE-2024-53201 drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe

Information published.

CVE-2024-53201
Sin clasificar Microsoft

CVE-2024-56647 net: Fix icmp host relookup triggering ip_rt_bug

Information published.

CVE-2024-56647
Sin clasificar Microsoft

CVE-2024-53114 x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client

Information published.

CVE-2024-53114
Sin clasificar Microsoft

CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO

Information published.

CVE-2024-53219
Sin clasificar Microsoft

CVE-2024-56712 udmabuf: fix memory leak on last export_udmabuf() error path

Information published.

CVE-2024-56712
Sin clasificar Microsoft

CVE-2024-56591 Bluetooth: hci_conn: Use disable_delayed_work_sync

Information published.

CVE-2024-56591
Sin clasificar Microsoft

CVE-2024-53133 drm/amd/display: Handle dml allocation failure to avoid crash

Information published.

CVE-2024-53133
Sin clasificar Microsoft

CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string

Information published.

CVE-2025-38660
Sin clasificar Microsoft

CVE-2025-38636 rv: Use strings in da monitors tracepoints

Information published.

CVE-2025-38636
Sin clasificar Microsoft

CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields

Information published.

CVE-2025-38591
Sin clasificar Microsoft

CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()

Information published.

CVE-2025-38656
Media Microsoft

CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()

Information published.

CVE-2025-38585
Sin clasificar Microsoft

CVE-2025-38584 padata: Fix pd UAF once and for all

Information published.

CVE-2025-38584
Sin clasificar Microsoft

CVE-2023-52485 drm/amd/display: Wake DMCUB before sending a command

Information published.

CVE-2023-52485
Sin clasificar Microsoft

CVE-2024-25740 A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.

Information published.

CVE-2024-25740
Baja Microsoft

CVE-2024-1151 Kernel: stack overflow problem in open vswitch kernel module leading to dos

Information published.

CVE-2024-1151
Sin clasificar Microsoft

CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta

Information published.

CVE-2024-47702
Baja Microsoft

CVE-2024-49888 bpf: Fix a sdiv overflow issue

Information published.

CVE-2024-49888
Sin clasificar Microsoft

CVE-2024-47662 drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection

Information published.

CVE-2024-47662
Baja Microsoft

CVE-2024-49940 l2tp: prevent possible tunnel refcount underflow

Information published.

CVE-2024-49940
Sin clasificar Microsoft

CVE-2024-49932 btrfs: don't readahead the relocation inode on RST

Information published.

CVE-2024-49932
Sin clasificar Microsoft

CVE-2024-49893 drm/amd/display: Check stream_status before it is used

Information published.

CVE-2024-49893
Sin clasificar Microsoft

CVE-2024-49885 mm, slub: avoid zeroing kmalloc redzone

Information published.

CVE-2024-49885
Sin clasificar Microsoft

CVE-2024-49972 drm/amd/display: Deallocate DML memory if allocation fails

Information published.

CVE-2024-49972
Sin clasificar Microsoft

CVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structure

Information published.

CVE-2024-49945
Sin clasificar Microsoft

CVE-2024-49920 drm/amd/display: Check null pointers before multiple uses

Information published.

CVE-2024-49920
Baja Microsoft

CVE-2024-47661 drm/amd/display: Avoid overflow from uint32_t to uint8_t

Information published.

CVE-2024-47661
Sin clasificar Microsoft

CVE-2024-49904 drm/amdgpu: add list empty check to avoid null pointer issue

Information published.

CVE-2024-49904
Sin clasificar Microsoft

CVE-2024-50028 thermal: core: Reference count the zone in thermal_zone_get_by_id()

Information published.

CVE-2024-50028
Sin clasificar Microsoft

CVE-2024-49922 drm/amd/display: Check null pointers before using them

Information published.

CVE-2024-49922
Sin clasificar Microsoft

CVE-2024-46870 drm/amd/display: Disable DMCUB timeout for DCN35

Information published.

CVE-2024-46870
Sin clasificar Microsoft

CVE-2024-49971 drm/amd/display: Increase array size of dummy_boolean

Information published.

CVE-2024-49971
Sin clasificar Microsoft

CVE-2024-49921 drm/amd/display: Check null pointers before used

Information published.

CVE-2024-49921
Sin clasificar Microsoft

CVE-2024-38608 net/mlx5e: Fix netif state handling

Information published.

CVE-2024-38608
Sin clasificar Microsoft

CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port

Information published.

CVE-2024-38595
Baja Microsoft

CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.

Information published.

CVE-2022-4543
Sin clasificar Microsoft

CVE-2024-46834 ethtool: fail closed if we can't get max channel used in indirection tables

Information published.

CVE-2024-46834
Sin clasificar Microsoft

CVE-2024-44951 serial: sc16is7xx: fix TX fifo corruption

Information published.

CVE-2024-44951
Sin clasificar Microsoft

CVE-2024-46730 drm/amd/display: Ensure array index tg_inst won't be -1

Information published.

CVE-2024-46730
Sin clasificar Microsoft

CVE-2024-46727 drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update

Information published.

CVE-2024-46727
Sin clasificar Microsoft

CVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.

Information published.

CVE-2024-46754
Baja Microsoft

CVE-2025-21976 fbdev: hyperv_fb: Allow graceful removal of framebuffer

Information published.

CVE-2025-21976
Sin clasificar Microsoft

CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying

Information published.

CVE-2025-22113
Sin clasificar Microsoft

CVE-2025-22108 bnxt_en: Mask the bd_cnt field in the TX BD properly

Information published.

CVE-2025-22108
Sin clasificar Microsoft

CVE-2025-22070 fs/9p: fix NULL pointer dereference on mkdir

Information published.

CVE-2025-22070
Sin clasificar Microsoft

CVE-2025-21961 eth: bnxt: fix truesize for mb-xdp-pass case

Information published.

CVE-2025-21961
Sin clasificar Microsoft

CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses

Information published.

CVE-2025-21985
Sin clasificar Microsoft

CVE-2025-22115 btrfs: fix block group refcount race in btrfs_create_pending_block_groups()

Information published.

CVE-2025-22115
Sin clasificar Microsoft

CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()

Information published.

CVE-2025-21927
Sin clasificar Microsoft

CVE-2025-21949 LoongArch: Set hugetlb mmap base address aligned with pmd size

Information published.

CVE-2025-21949
Sin clasificar Microsoft

CVE-2025-23131 dlm: prevent NPD when writing a positive value to event_done

Information published.

CVE-2025-23131
Sin clasificar Microsoft

CVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folio

Information published.

CVE-2025-21907
Sin clasificar Microsoft

CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb

Information published.

CVE-2025-22124
Sin clasificar Microsoft

CVE-2025-23135 RISC-V: KVM: Teardown riscv specific bits after kvm_exit

Information published.

CVE-2025-23135
Sin clasificar Microsoft

CVE-2025-22109 ax25: Remove broken autobind

Information published.

CVE-2025-22109
Sin clasificar Microsoft

CVE-2025-40325 md/raid10: wait barrier before returning discard request with REQ_NOWAIT

Information published.

CVE-2025-40325
Sin clasificar Microsoft

CVE-2025-37860 sfc: fix NULL dereferences in ef100_process_design_param()

Information published.

CVE-2025-37860
Sin clasificar Microsoft

CVE-2024-43901 drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401

Information published.

CVE-2024-43901
Sin clasificar Microsoft

CVE-2024-43872 RDMA/hns: Fix soft lockup under heavy CEQE load

Information published.

CVE-2024-43872
Sin clasificar Microsoft

CVE-2024-43819 kvm: s390: Reject memory region operations for ucontrol VMs

Information published.

CVE-2024-43819
Sin clasificar Microsoft

CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed

Information published.

CVE-2024-42317
Sin clasificar Microsoft

CVE-2025-38333 f2fs: fix to bail out in get_new_segment()

Information published.

CVE-2025-38333
Sin clasificar Microsoft

CVE-2025-38359 s390/mm: Fix in_atomic() handling in do_secure_storage_access()

Information published.

CVE-2025-38359
Sin clasificar Microsoft

CVE-2025-38264 nvme-tcp: sanitize request list handling

Information published.

CVE-2025-38264
Sin clasificar Microsoft

CVE-2025-38303 Bluetooth: eir: Fix possible crashes on eir_create_adv_data

Information published.

CVE-2025-38303
Sin clasificar Microsoft

CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping

Information published.

CVE-2025-38279
Sin clasificar Microsoft

CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit()

Information published.

CVE-2025-38269
Sin clasificar Microsoft

CVE-2025-38272 net: dsa: b53: do not enable EEE on bcm63xx

Information published.

CVE-2025-38272
Sin clasificar Microsoft

CVE-2025-38311 iavf: get rid of the crit lock

Information published.

CVE-2025-38311
Sin clasificar Microsoft

CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs

Information published.

CVE-2025-38140
Sin clasificar Microsoft

CVE-2024-42107 ice: Don't process extts if PTP is disabled

Information published.

CVE-2024-42107
Sin clasificar Microsoft

CVE-2024-42064 drm/amd/display: Skip pipe if the pipe idx not set properly

Information published.

CVE-2024-42064
Sin clasificar Microsoft

CVE-2024-42065 drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init

Information published.

CVE-2024-42065
Baja Microsoft

CVE-2024-42066 drm/xe: Fix potential integer overflow in page size calculation

Information published.

CVE-2024-42066
Sin clasificar Microsoft

CVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_free

Information published.

CVE-2024-41045
Sin clasificar Microsoft

CVE-2024-42151 bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable

Information published.

CVE-2024-42151
Sin clasificar Microsoft

CVE-2024-41008 drm/amdgpu: change vm->task_info handling

Information published.

CVE-2024-41008
Sin clasificar Microsoft

CVE-2024-41082 nvme-fabrics: use reserved tag for reg read/write command

Information published.

CVE-2024-41082
Sin clasificar Microsoft

CVE-2024-42134 virtio-pci: Check if is_avq is NULL

Information published.

CVE-2024-42134
Sin clasificar Microsoft

CVE-2024-40999 net: ena: Add validation for completion descriptors consistency

Information published.

CVE-2024-40999
Sin clasificar Microsoft

CVE-2024-42118 drm/amd/display: Do not return negative stream id for array

Information published.

CVE-2024-42118
Sin clasificar Microsoft

CVE-2024-39478 crypto: starfive - Do not free stack buffer

Information published.

CVE-2024-39478
Sin clasificar Microsoft

CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly

Information published.

CVE-2024-41067
Sin clasificar Microsoft

CVE-2024-42081 drm/xe/xe_devcoredump: Check NULL before assignments

Information published.

CVE-2024-42081
Sin clasificar Microsoft

CVE-2024-53050 drm/i915/hdcp: Add encoder check in hdcp2_get_capability

Information published.

CVE-2024-53050
Sin clasificar Microsoft

CVE-2024-53090 afs: Fix lock recursion

Information published.

CVE-2024-53090
Sin clasificar Microsoft

CVE-2024-53089 LoongArch: KVM: Mark hrtimer to expire in hard interrupt context

Information published.

CVE-2024-53089
Sin clasificar Microsoft

CVE-2024-50177 drm/amd/display: fix a UBSAN warning in DML2.1

Information published.

CVE-2024-50177
Sin clasificar Microsoft

CVE-2024-50277 dm: fix a crash if blk_alloc_disk fails

Information published.

CVE-2024-50277
Sin clasificar Microsoft

CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()

Information published.

CVE-2024-50217
Media Microsoft

CVE-2024-23848 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.

Information published.

CVE-2024-23848
Sin clasificar Microsoft

CVE-2025-21696 mm: clear uffd-wp PTE/PMD state on mremap()

Information published.

CVE-2025-21696
Sin clasificar Microsoft

CVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels

Information published.

CVE-2025-21768
Sin clasificar Microsoft

CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash

Information published.

CVE-2024-57974
Sin clasificar Microsoft

CVE-2025-21801 net: ravb: Fix missing rtnl lock in suspend/resume path

Information published.

CVE-2025-21801
Sin clasificar Microsoft

CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed

Information published.

CVE-2024-57976
Sin clasificar Microsoft

CVE-2025-21732 RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error

Information published.

CVE-2025-21732
Sin clasificar Microsoft

CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool

Information published.

CVE-2025-21786
Sin clasificar Microsoft

CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug

Information published.

CVE-2025-21693
Sin clasificar Microsoft

CVE-2024-58006 PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()

Information published.

CVE-2024-58006
Sin clasificar Microsoft

CVE-2025-21723 scsi: mpi3mr: Fix possible crash when setting up bsg fails

Information published.

CVE-2025-21723
Sin clasificar Microsoft

CVE-2025-21714 RDMA/mlx5: Fix implicit ODP use after free

Information published.

CVE-2025-21714
Sin clasificar Microsoft

CVE-2024-57872 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()

Information published.

CVE-2024-57872
Sin clasificar Microsoft

CVE-2024-56775 drm/amd/display: Fix handling of plane refcount

Information published.

CVE-2024-56775
Sin clasificar Microsoft

CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap

Information published.

CVE-2024-57875
Sin clasificar Microsoft

CVE-2024-41932 sched: fix warning in sched_setaffinity

Information published.

CVE-2024-41932
Sin clasificar Microsoft

CVE-2024-57804 scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs

Information published.

CVE-2024-57804
Sin clasificar Microsoft

CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up

Information published.

CVE-2024-57898
Sin clasificar Microsoft

CVE-2025-21635 rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy

Information published.

CVE-2025-21635
Sin clasificar Microsoft

CVE-2025-21649 net: hns3: fix kernel crash when 1588 is sent on HIP08 devices

Information published.

CVE-2025-21649
Sin clasificar Microsoft

CVE-2025-21634 cgroup/cpuset: remove kernfs active break

Information published.

CVE-2025-21634
Sin clasificar Microsoft

CVE-2024-57809 PCI: imx6: Fix suspend/resume support on i.MX6QDL

Information published.

CVE-2024-57809
Sin clasificar Microsoft

CVE-2024-56782 ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()

Information published.

CVE-2024-56782
Sin clasificar Microsoft

CVE-2024-47794 bpf: Prevent tailcall infinite loop caused by freplace

Information published.

CVE-2024-47794
Sin clasificar Microsoft

CVE-2024-57857 RDMA/siw: Remove direct link to net_device

Information published.

CVE-2024-57857
Sin clasificar Microsoft

CVE-2025-21672 afs: Fix merge preference rule failure condition

Information published.

CVE-2025-21672
Sin clasificar Microsoft

CVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion

Information published.

CVE-2026-23468
Sin clasificar Microsoft

CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()

Information published.

CVE-2026-31419
Sin clasificar Microsoft

CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free

Information published.

CVE-2026-31493
Sin clasificar Microsoft

CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()

Information published.

CVE-2026-31531
Sin clasificar Microsoft

CVE-2026-31557 nvmet: move async event work off nvmet-wq

Information published.

CVE-2026-31557
Sin clasificar Microsoft

CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use

Information published.

CVE-2026-31606
Sin clasificar Microsoft

CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK

Information published.

CVE-2026-31663
Sin clasificar Microsoft

CVE-2026-31645 net: lan966x: fix page pool leak in error paths

Information published.

CVE-2026-31645
Sin clasificar Microsoft

CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction

Information published.

CVE-2026-31560
Sin clasificar Microsoft

CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory

Information published.

CVE-2026-31568
Sin clasificar Microsoft

CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation

Information published.

CVE-2026-31575
Sin clasificar Microsoft

CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit

Information published.

CVE-2026-31579
Sin clasificar Microsoft

CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output

Information published.

CVE-2026-31630
Sin clasificar Microsoft

CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock

Information published.

CVE-2026-31592
Sin clasificar Microsoft

CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN

Information published.

CVE-2026-23472
Sin clasificar Microsoft

CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex

Information published.

CVE-2026-31486
Sin clasificar Microsoft

CVE-2026-31487 spi: use generic driver_override infrastructure

Information published.

CVE-2026-31487
Sin clasificar Microsoft

CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown

Information published.

CVE-2026-31516
Sin clasificar Microsoft

CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation

Information published.

CVE-2026-31488
Sin clasificar Microsoft

CVE-2026-31506 net: bcmasp: fix double free of WoL irq

Information published.

CVE-2026-31506
Media Microsoft

CVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse case

Information published.

CVE-2026-31462
Sin clasificar Microsoft

CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory

Information published.

CVE-2026-31440
Sin clasificar Microsoft

CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()

Information published.

CVE-2026-31505
Sin clasificar Microsoft

CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path

Information published.

CVE-2026-31489
Sin clasificar Microsoft

CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes

Information published.

CVE-2026-31449
Sin clasificar Microsoft

CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED

Information published.

CVE-2026-31536
Sin clasificar Microsoft

CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag

Information published.

CVE-2026-31574
Sin clasificar Microsoft

CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response

Information published.

CVE-2026-31613
Sin clasificar Microsoft

CVE-2026-31677 crypto: af_alg - limit RX SG extraction by receive buffer budget

Information published.

CVE-2026-31677
Sin clasificar Microsoft

CVE-2026-31688 driver core: enforce device_lock for driver_match_device()

Information published.

CVE-2026-31688
Sin clasificar Microsoft

CVE-2026-31499 Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()

Information published.

CVE-2026-31499
Sin clasificar Microsoft

CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns

Information published.

CVE-2026-31692
Sin clasificar Microsoft

CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements

Information published.

CVE-2026-23278
Sin clasificar Microsoft

CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion

Information published.

CVE-2026-23272
Sin clasificar Microsoft

CVE-2026-23276 net: add xmit recursion limit to tunnel xmit functions

Information published.

CVE-2026-23276
Sin clasificar Microsoft

CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz

Information published.

CVE-2026-23377
Sin clasificar Microsoft

CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing

Information published.

CVE-2026-23383
Sin clasificar Microsoft

CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting

Information published.

CVE-2026-23371
Sin clasificar Microsoft

CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.

Information published.

CVE-2026-23394
Sin clasificar Microsoft

CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()

Information published.

CVE-2026-23240
Sin clasificar Microsoft

CVE-2026-23247 tcp: secure_seq: add back ports to TS offset

Information published.

CVE-2026-23247
Sin clasificar Microsoft

CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry

Information published.

CVE-2026-23361
Sin clasificar Microsoft

CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()

Information published.

CVE-2026-23346
Sin clasificar Microsoft

CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly

Information published.

CVE-2024-35808
Sin clasificar Microsoft

CVE-2024-35931 drm/amdgpu: Skip do PCI error slot reset during RAS recovery

Information published.

CVE-2024-35931
Baja Microsoft

CVE-2024-36024 drm/amd/display: Disable idle reallow as part of command/gpint execution

Information published.

CVE-2024-36024
Sin clasificar Microsoft

CVE-2024-35794 dm-raid: really frozen sync_thread during suspend

Information published.

CVE-2024-35794
Sin clasificar Microsoft

CVE-2025-37907 accel/ivpu: Fix locking order in ivpu_job_submit

Information published.

CVE-2025-37907
Sin clasificar Microsoft

CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio

Information published.

CVE-2025-37834
Sin clasificar Microsoft

CVE-2025-37870 drm/amd/display: prevent hang on link training fail

Information published.

CVE-2025-37870
Sin clasificar Microsoft

CVE-2025-37877 iommu: Clear iommu-dma ops on cleanup

Information published.

CVE-2025-37877
Sin clasificar Microsoft

CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()

Information published.

CVE-2025-37826
Sin clasificar Microsoft

CVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()

Information published.

CVE-2025-37745
Sin clasificar Microsoft

CVE-2025-37856 btrfs: harden block_group::bg_list against list_del() races

Information published.

CVE-2025-37856
Sin clasificar Microsoft

CVE-2025-37882 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling

Information published.

CVE-2025-37882
Sin clasificar Microsoft

CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

Information published.

CVE-2025-37861
Sin clasificar Microsoft

CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap

Information published.

CVE-2025-37807
Sin clasificar Microsoft

CVE-2025-37747 perf: Fix hang while freeing sigtrap event

Information published.

CVE-2025-37747
Sin clasificar Microsoft

CVE-2025-37750 smb: client: fix UAF in decryption with multichannel

Information published.

CVE-2025-37750
Sin clasificar Microsoft

CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq

Information published.

CVE-2023-52586
Sin clasificar Microsoft

CVE-2023-52624 drm/amd/display: Wake DMCUB before executing GPINT commands

Information published.

CVE-2023-52624
Sin clasificar Microsoft

CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()

Information published.

CVE-2026-31706
Sin clasificar Microsoft

CVE-2026-31723 usb: gadget: f_subset: Fix net_device lifecycle with device_move

Information published.

CVE-2026-31723
Sin clasificar Microsoft

CVE-2026-31724 usb: gadget: f_eem: Fix net_device lifecycle with device_move

Information published.

CVE-2026-31724
Sin clasificar Microsoft

CVE-2026-43036 net: use skb_header_pointer() for TCPv4 GSO frag_off check

Information published.

CVE-2026-43036
Sin clasificar Microsoft

CVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()

Information published.

CVE-2026-31707
Sin clasificar Microsoft

CVE-2026-43042 mpls: add seqcount to protect the platform_label{,s} pair

Information published.

CVE-2026-43042
Sin clasificar Microsoft

CVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlers

Information published.

CVE-2026-31771
Sin clasificar Microsoft

CVE-2026-43052 wifi: mac80211: check tdls flag in ieee80211_tdls_oper

Information published.

CVE-2026-43052
Sin clasificar Microsoft

CVE-2026-31709 smb: client: validate the whole DACL before rewriting it in cifsacl

Information published.

CVE-2026-31709
Sin clasificar Microsoft

CVE-2026-43010 bpf: Reject sleepable kprobe_multi programs at attach time

Information published.

CVE-2026-43010
Sin clasificar Microsoft

CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa

Information published.

CVE-2026-43248
Sin clasificar Microsoft

CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex

Information published.

CVE-2026-43127
Sin clasificar Microsoft

CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode

Information published.

CVE-2026-43161
Sin clasificar Microsoft

CVE-2026-43245 ntfs: ->d_compare() must not block

Information published.

CVE-2026-43245
Sin clasificar Microsoft

CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference

Information published.

CVE-2026-43137
Sin clasificar Microsoft

CVE-2026-43234 team: avoid NETDEV_CHANGEMTU event when unregistering slave

Information published.

CVE-2026-43234
Sin clasificar Microsoft

CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()

Information published.

CVE-2026-43185
Sin clasificar Microsoft

CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()

Information published.

CVE-2025-71273
Sin clasificar Microsoft

CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname

Information published.

CVE-2026-43153
Sin clasificar Microsoft

CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack

Information published.

CVE-2026-43116
Sin clasificar Microsoft

CVE-2026-43244 kcm: fix zero-frag skb in frag_list on partial sendmsg error

Information published.

CVE-2026-43244
Sin clasificar Microsoft

CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths

Information published.

CVE-2025-71272
Sin clasificar Microsoft

CVE-2026-43474 fs: init flags_valid before calling vfs_fileattr_get

Information published.

CVE-2026-43474
Sin clasificar Microsoft

CVE-2025-71302 drm/panthor: fix for dma-fence safe access rules

Information published.

CVE-2025-71302
Sin clasificar Microsoft

CVE-2026-43309 md raid: fix hang when stopping arrays with metadata through dm-raid

Information published.

CVE-2026-43309
Sin clasificar Microsoft

CVE-2026-43320 drm/amd/display: Fix dsc eDP issue

Information published.

CVE-2026-43320
Sin clasificar Microsoft

CVE-2026-43300 drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()

Information published.

CVE-2026-43300
Sin clasificar Microsoft

CVE-2026-43306 bpf: crypto: Use the correct destructor kfunc type

Information published.

CVE-2026-43306
Sin clasificar Microsoft

CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition

Information published.

CVE-2026-43443
Sin clasificar Microsoft

CVE-2026-43319 spi: spidev: fix lock inversion between spi_lock and buf_lock

Information published.

CVE-2026-43319
Sin clasificar Microsoft

CVE-2026-43344 perf/x86/intel/uncore: Fix die ID init and look up bugs

Information published.

CVE-2026-43344
Sin clasificar Microsoft

CVE-2026-43305 drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path

Information published.

CVE-2026-43305
Media Microsoft

CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC

Information published.

CVE-2026-43310
Sin clasificar Microsoft

CVE-2026-43400 drm/amdgpu: add upper bound check on user inputs in signal ioctl

Information published.

CVE-2026-43400
Sin clasificar Microsoft

CVE-2026-43292 mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node

Information published.

CVE-2026-43292
Sin clasificar Microsoft

CVE-2026-43398 drm/amdgpu: add upper bound check on user inputs in wait ioctl

Information published.

CVE-2026-43398
Sin clasificar Microsoft

CVE-2026-43311 soc/tegra: pmc: Fix unsafe generic_handle_irq() call

Information published.

CVE-2026-43311
Sin clasificar Microsoft

CVE-2026-43421 usb: gadget: f_ncm: Fix net_device lifecycle with device_move

Information published.

CVE-2026-43421
Sin clasificar Microsoft

CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()

Information published.

CVE-2026-43308
Sin clasificar Microsoft

CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication

Information published.

CVE-2026-42256
Sin clasificar Microsoft

CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing

Information published.

CVE-2026-42246
Sin clasificar Microsoft

CVE-2026-45186

Information published.

CVE-2026-45186
Sin clasificar Microsoft

CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault

Information published.

CVE-2026-7261
Baja Microsoft

CVE-2026-7568 Signed integer overflow in metaphone()

Information published.

CVE-2026-7568
Sin clasificar Microsoft

CVE-2026-43053 xfs: close crash window in attr dabtree inactivation

Information published.

CVE-2026-43053
Sin clasificar Microsoft

CVE-2026-43048 HID: core: Mitigate potential OOB by removing bogus memset()

Information published.

CVE-2026-43048
Sin clasificar Microsoft

CVE-2026-31777 ALSA: ctxfi: Check the error for index mapping

Information published.

CVE-2026-31777
Sin clasificar Microsoft

CVE-2026-31722 usb: gadget: f_rndis: Fix net_device lifecycle with device_move

Information published.

CVE-2026-31722
Sin clasificar Microsoft

CVE-2026-31725 usb: gadget: f_ecm: Fix net_device lifecycle with device_move

Information published.

CVE-2026-31725
Sin clasificar Microsoft

CVE-2026-43049 HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure

Information published.

CVE-2026-43049
Sin clasificar Microsoft

CVE-2026-31712 ksmbd: require minimum ACE size in smb_check_perm_dacl()

Information published.

CVE-2026-31712
Sin clasificar Microsoft

CVE-2026-43019 Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync

Information published.

CVE-2026-43019
Sin clasificar Microsoft

CVE-2026-31729 usb: typec: ucsi: validate connector number in ucsi_notify_common()

Information published.

CVE-2026-31729
Sin clasificar Microsoft

CVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision tracking

Information published.

CVE-2026-43009
Sin clasificar Microsoft

CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()

Information published.

CVE-2026-31715
Sin clasificar Microsoft

CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function

Information published.

CVE-2026-43073
Sin clasificar Microsoft

CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree

Information published.

CVE-2026-43125
Sin clasificar Microsoft

CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams

Information published.

CVE-2026-43204
Sin clasificar Microsoft

CVE-2026-43131 drm/amd/pm: Fix null pointer dereference issue

Information published.

CVE-2026-43131
Sin clasificar Microsoft

CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints

Information published.

CVE-2026-43126
Sin clasificar Microsoft

CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()

Information published.

CVE-2026-43198
Sin clasificar Microsoft

CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU

Information published.

CVE-2026-43115
Sin clasificar Microsoft

CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing

Information published.

CVE-2026-43172
Sin clasificar Microsoft

CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels

Information published.

CVE-2025-71285
Sin clasificar Microsoft

CVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminated

Information published.

CVE-2026-43197
Sin clasificar Microsoft

CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay

Information published.

CVE-2026-43118
Sin clasificar Microsoft

CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock

Information published.

CVE-2026-43109
Sin clasificar Microsoft

CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM

Information published.

CVE-2026-43129
Sin clasificar Microsoft

CVE-2026-43258 alpha: fix user-space corruption during memory compaction

Information published.

CVE-2026-43258
Sin clasificar Microsoft

CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files

Information published.

CVE-2025-71289
Sin clasificar Microsoft

CVE-2026-43107 xfrm: account XFRMA_IF_ID in aevent size calculation

Information published.

CVE-2026-43107
Sin clasificar Microsoft

CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()

Information published.

CVE-2026-43250
Sin clasificar Microsoft

CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet

Information published.

CVE-2026-43219
Sin clasificar Microsoft

CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports

Information published.

CVE-2026-43088
Sin clasificar Microsoft

CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report

Information published.

CVE-2026-43213
Sin clasificar Microsoft

CVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp()

Information published.

CVE-2026-43216
Sin clasificar Microsoft

CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status

Information published.

CVE-2026-43119
Sin clasificar Microsoft

CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()

Information published.

CVE-2026-43101
Sin clasificar Microsoft

CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query

Information published.

CVE-2026-43199
Sin clasificar Microsoft

CVE-2026-43083 net: ioam6: fix OOB and missing lock

Information published.

CVE-2026-43083
Sin clasificar Microsoft

CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect

Information published.

CVE-2026-31717
Sin clasificar Microsoft

CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger

Information published.

CVE-2026-31718
Sin clasificar Microsoft

CVE-2026-43338 btrfs: reserve enough transaction items for qgroup ioctls

Information published.

CVE-2026-43338
Sin clasificar Microsoft

CVE-2026-43318 drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify

Information published.

CVE-2026-43318
Sin clasificar Microsoft

CVE-2026-43416 powerpc, perf: Check that current->mm is alive before getting user callchain

Information published.

CVE-2026-43416
Sin clasificar Microsoft

CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue

Information published.

CVE-2026-43352
Sin clasificar Microsoft

CVE-2026-43284 xfrm: esp: avoid in-place decrypt on shared skb frags

Information published.

CVE-2026-43284
Sin clasificar Microsoft

CVE-2025-71299 spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing

Information published.

CVE-2025-71299
Sin clasificar Microsoft

CVE-2026-43317 most: core: fix leak on early registration failure

Information published.

CVE-2026-43317
Sin clasificar Microsoft

CVE-2026-43321 bpf: Properly mark live registers for indirect jumps

Information published.

CVE-2026-43321
Sin clasificar Microsoft

CVE-2026-43456 bonding: fix type confusion in bond_setup_by_slave()

Information published.

CVE-2026-43456
Sin clasificar Microsoft

CVE-2026-43298 drm/amdgpu: Skip vcn poison irq release on VF

Information published.

CVE-2026-43298
Sin clasificar Microsoft

CVE-2026-43299 btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()

Information published.

CVE-2026-43299
Sin clasificar Microsoft

CVE-2026-43294 drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels

Information published.

CVE-2026-43294
Sin clasificar Microsoft

CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue

Information published.

CVE-2026-43353
Sin clasificar Microsoft

CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands

Information published.

CVE-2026-42257
Sin clasificar Microsoft

CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs

Information published.

CVE-2026-42258
Sin clasificar Microsoft

CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD

Information published.

CVE-2026-7258
Sin clasificar Microsoft

CVE-2026-6722 Use-After-Free in SOAP using Apache map

Information published.

CVE-2026-6722
Sin clasificar Microsoft

CVE-2026-6735 XSS within PHP-FPM status endpoint

Information published.

CVE-2026-6735
Sin clasificar Microsoft

CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing

Information published.

CVE-2026-7262
Sin clasificar Microsoft

CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings

Information published.

CVE-2025-14179
Sin clasificar Microsoft

CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()

Information published.

CVE-2026-7259
Sin clasificar Microsoft

CVE-2025-39779 btrfs: subpage: keep TOWRITE tag until folio is cleaned

Information published.

CVE-2025-39779
Sin clasificar Microsoft

CVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migration

Information published.

CVE-2025-39754
Sin clasificar Microsoft

CVE-2025-39762 drm/amd/display: add null check

Information published.

CVE-2025-39762
Sin clasificar Microsoft

CVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliable

Information published.

CVE-2025-39746
Sin clasificar Microsoft

CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup

Information published.

CVE-2025-39747
Sin clasificar Microsoft

CVE-2025-39789 crypto: x86/aegis - Add missing error checks

Information published.

CVE-2025-39789
Sin clasificar Microsoft

CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer

Information published.

CVE-2025-39833
Sin clasificar Microsoft

CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects

Information published.

CVE-2025-39850
Sin clasificar Microsoft

CVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog

Information published.

CVE-2025-39859
Sin clasificar Microsoft

CVE-2025-38705 drm/amd/pm: fix null pointer access

Information published.

CVE-2025-38705
Sin clasificar Microsoft

CVE-2025-38722 habanalabs: fix UAF in export_dmabuf()

Information published.

CVE-2025-38722
Sin clasificar Microsoft

CVE-2025-38717 net: kcm: Fix race condition in kcm_unattach()

Information published.

CVE-2025-38717
Sin clasificar Microsoft

CVE-2025-39705 drm/amd/display: fix a Null pointer dereference vulnerability

Information published.

CVE-2025-39705
Sin clasificar Microsoft

CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal

Information published.

CVE-2025-39677
Sin clasificar Microsoft

CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities

Information published.

CVE-2025-39707
Sin clasificar Microsoft

CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown

Information published.

CVE-2025-39810
Sin clasificar Microsoft

CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object

Information published.

CVE-2025-39851
Sin clasificar Microsoft

CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart

Information published.

CVE-2025-39862
Sin clasificar Microsoft

CVE-2024-58241 Bluetooth: hci_core: Disable works on hci_unregister_dev

Information published.

CVE-2024-58241
Sin clasificar Microsoft

CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'

Information published.

CVE-2024-26672
Sin clasificar Microsoft

CVE-2024-26757 md: Don't ignore read-only array in md_check_recovery()

Information published.

CVE-2024-26757
Sin clasificar Microsoft

CVE-2024-26758 md: Don't ignore suspended array in md_check_recovery()

Information published.

CVE-2024-26758
Sin clasificar Microsoft

CVE-2024-26756 md: Don't register sync_thread for reshape directly

Information published.

CVE-2024-26756
Sin clasificar Microsoft

CVE-2024-26914 drm/amd/display: fix incorrect mpc_combine array size

Information published.

CVE-2024-26914
Sin clasificar Microsoft

CVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi module

Information published.

CVE-2024-24856
Sin clasificar Microsoft

CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Information published.

CVE-2026-33814
Sin clasificar Microsoft

CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

Information published.

CVE-2026-39823
Sin clasificar Microsoft

CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals

Information published.

CVE-2026-41889
Baja Microsoft

CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing

Information published.

CVE-2026-6664
Baja Microsoft

CVE-2026-6665 PgBouncer buffer overflow in SCRAM

Information published.

CVE-2026-6665
Sin clasificar Microsoft

CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command

Information published.

CVE-2026-6667
Sin clasificar Microsoft

CVE-2026-6666 PgBouncer crash in kill_pool_logins_server_error

Information published.

CVE-2026-6666
Baja Microsoft

CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading

Information published.

CVE-2026-45130
Sin clasificar Microsoft

CVE-2026-44656 Vim: OS Command Injection via 'path' completion

Information published.

CVE-2026-44656
Sin clasificar Microsoft

CVE-2026-33811 Crash when handling long CNAME response in net

Information published.

CVE-2026-33811
Sin clasificar Microsoft

CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go

Information published.

CVE-2026-39817
Baja Microsoft

CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

Information published.

CVE-2026-39819
Sin clasificar Microsoft

CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail

Information published.

CVE-2026-39820
Sin clasificar Microsoft

CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil

Information published.

CVE-2026-39825
Sin clasificar Microsoft

CVE-2026-39826 Escaper bypass leads to XSS in html/template

Information published.

CVE-2026-39826
Sin clasificar Windows

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

Information published.

CVE-2026-39836
Sin clasificar Microsoft

CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail

Information published.

CVE-2026-42499
Sin clasificar Microsoft

CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go

Information published.

CVE-2026-42501
Baja Microsoft

CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles

Information published.

CVE-2026-33079
Sin clasificar Microsoft

CVE-2026-41526

Information published.

CVE-2026-41526
Baja Microsoft

CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response

Information published.

CVE-2026-3832
Sin clasificar Microsoft

CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization

Information published.

CVE-2026-4948
Sin clasificar Microsoft

CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions

Information published.

CVE-2026-6842
Sin clasificar Microsoft

CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives

Information published.

CVE-2026-3219
Sin clasificar Microsoft

CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service

Information published.

CVE-2026-6843
Sin clasificar Microsoft

CVE-2026-37457

Information published.

CVE-2026-37457
Sin clasificar Microsoft

CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa

Information published.

CVE-2026-43248
Sin clasificar Microsoft

CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode

Information published.

CVE-2026-43161
Sin clasificar Microsoft

CVE-2026-43245 ntfs: ->d_compare() must not block

Information published.

CVE-2026-43245
Sin clasificar Microsoft

CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()

Information published.

CVE-2025-71273
Sin clasificar Microsoft

CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname

Information published.

CVE-2026-43153
Sin clasificar Microsoft

CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack

Information published.

CVE-2026-43116
Sin clasificar Microsoft

CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization

Information published.

CVE-2026-41673
Sin clasificar Microsoft

CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree

Information published.

CVE-2026-43125
Sin clasificar Microsoft

CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()

Information published.

CVE-2026-43198
Sin clasificar Microsoft

CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing

Information published.

CVE-2026-43172
Sin clasificar Microsoft

CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()

Information published.

CVE-2026-43274
Sin clasificar Microsoft

CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files

Information published.

CVE-2025-71289
Sin clasificar Microsoft

CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()

Information published.

CVE-2026-43250
Sin clasificar Microsoft

CVE-2026-43195 drm/amdgpu: validate user queue size constraints

Information published.

CVE-2026-43195
Sin clasificar Microsoft

CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status

Information published.

CVE-2026-43119
Sin clasificar Microsoft

CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()

Information published.

CVE-2026-43101
Sin clasificar Microsoft

CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query

Information published.

CVE-2026-43199
Sin clasificar Microsoft

CVE-2026-43083 net: ioam6: fix OOB and missing lock

Information published.

CVE-2026-43083
Sin clasificar Microsoft

CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification

Information published.

CVE-2026-43869
Sin clasificar Microsoft

CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization

Information published.

CVE-2026-41672
Sin clasificar Microsoft

CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization

Information published.

CVE-2026-41674
Sin clasificar Microsoft

CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization

Information published.

CVE-2026-41675
Baja Microsoft

CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution

Information published.

CVE-2026-25243
Sin clasificar Microsoft

CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect

Information published.

CVE-2026-31717
Baja Microsoft

CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution

Information published.

CVE-2026-23631
Sin clasificar Microsoft

CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger

Information published.

CVE-2026-31718
Baja Microsoft

CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution

Information published.

CVE-2026-23479
Baja Microsoft

CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution

Information published.

CVE-2026-25588
Baja Microsoft

CVE-2026-25589 RedisBloom RESTORE invalid memory access may allow remote code execution

Information published.

CVE-2026-25589
Baja Microsoft

CVE-2026-26164 M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-26164
Baja Microsoft

CVE-2026-26129 M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-26129
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8021 Script injection in UI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8021
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8022 Inappropriate implementation in MHTML

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8022
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8019 Insufficient policy enforcement in WebApp

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8019
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8018 Insufficient policy enforcement in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8018
Media Microsoft Edge

Chromium: CVE-2026-8017 Side-channel information leakage in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8017
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8014 Inappropriate implementation in Preload

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8014
Media Microsoft Edge

Chromium: CVE-2026-8015 Inappropriate implementation in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8015
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8016 Use after free in WebRTC

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8016
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8013 Insufficient validation of untrusted input in FedCM

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8013
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8012 Inappropriate implementation in MHTML

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8012
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8011 Insufficient policy enforcement in Search

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8011
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8010 Insufficient validation of untrusted input in SiteIsolation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8010
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8009 Inappropriate implementation in Cast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8009
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8008 Inappropriate implementation in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8008
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8007 Insufficient validation of untrusted input in Cast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8007
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8004 Insufficient policy enforcement in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8004
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8006 Insufficient policy enforcement in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8006
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8005 Insufficient validation of untrusted input in Cast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8005
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8002 Use after free in Audio

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8002
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8003 Insufficient validation of untrusted input in TabGroups

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8003
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8001 Use after free in Printing

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8001
Sin clasificar Microsoft Edge

Chromium: CVE-2026-8000 Insufficient validation of untrusted input in ChromeDriver

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-8000
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7999 Inappropriate implementation in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7999
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7994 Inappropriate implementation in Chromoting

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7994
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7997 Insufficient validation of untrusted input in Updater

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7997
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7998 Insufficient validation of untrusted input in Dialog

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7998
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7995 Out of bounds read in AdFilter

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7995
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7996 Insufficient validation of untrusted input in SSL

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7996
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7991 Use after free in UI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7991
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7988 Type Confusion in WebRTC

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7988
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7990 Insufficient validation of untrusted input in Updater

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7990
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7992 Insufficient validation of untrusted input in UI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7992
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7989 Insufficient data validation in DataTransfer

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7989
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7987 Use after free in WebRTC

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7987
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7982 Uninitialized Use in WebCodecs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7982
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7983 Out of bounds read in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7983
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7986 Insufficient policy enforcement in Autofill

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7986
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7984 Use after free in ReadingMode

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7984
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7985 Use after free in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7985
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7981 Out of bounds read in Codecs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7981
Media Microsoft Edge

Chromium: CVE-2026-7979 Inappropriate implementation in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7979
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7980 Use after free in WebAudio

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7980
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7978 Inappropriate implementation in Companion

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7978
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7977 Inappropriate implementation in Canvas

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7977
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7976 Use after free in Views

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7976
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7975 Use after free in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7975
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7974 Use after free in Blink

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7974
Baja Microsoft Edge

Chromium: CVE-2026-7973 Integer overflow in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7973
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7972 Uninitialized Use in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7972
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7971 Inappropriate implementation in ORB

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7971
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7970 Use after free in TopChrome

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7970
Baja Microsoft Edge

Chromium: CVE-2026-7969 Integer overflow in Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7969
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7968 Insufficient validation of untrusted input in CORS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7968
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7966 Insufficient validation of untrusted input in SiteIsolation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7966
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7967 Insufficient validation of untrusted input in Navigation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7967
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7965 Insufficient validation of untrusted input in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7965
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7964 Insufficient validation of untrusted input in FileSystem

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7964
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7963 Inappropriate implementation in ServiceWorker

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7963
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7962 Insufficient policy enforcement in DirectSockets

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7962
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7961 Insufficient validation of untrusted input in Permissions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7961
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7960 Race in Speech

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7960
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7959 Inappropriate implementation in Navigation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7959
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7958 Inappropriate implementation in ServiceWorker

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7958
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7956 Use after free in Navigation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7956
Media Microsoft Edge

Chromium: CVE-2026-7957 Out of bounds write in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7957
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7955 Uninitialized Use in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7955
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7954 Race in Shared Storage

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7954
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7953 Insufficient validation of untrusted input in Omnibox

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7953
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7952 Insufficient policy enforcement in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7952
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7951 Out of bounds write in WebRTC

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7951
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7950 Out of bounds read and write in GFX

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7950
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7949 Out of bounds read in Skia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7949
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7947 Insufficient validation of untrusted input in Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7947
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7946 Insufficient policy enforcement in WebUI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7946
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7948 Race in Chromoting

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7948
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7945 Insufficient validation of untrusted input in COOP

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7945
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cache

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7944
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7943 Insufficient validation of untrusted input in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7943
Baja Microsoft Edge

Chromium: CVE-2026-7942 Integer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7942
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7940 Use after free in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7940
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7938 Use after free in CSS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7938
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7939 Inappropriate implementation in SanitizerAPI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7939
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7937 Insufficient policy enforcement in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7937
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7934 Insufficient validation of untrusted input in Popup Blocker

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7934
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7935 Inappropriate implementation in Speech

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7935
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7936 Object lifecycle issue in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7936
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7933 Out of bounds read in WebCodecs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7933
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7932 Insufficient policy enforcement in Downloads

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7932
Media Microsoft Edge

Chromium: CVE-2026-7929 Use after free in MediaRecording

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7929
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7930 Insufficient validation of untrusted input in Cookies

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7930
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7928 Use after free in WebRTC

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7928
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7926 Use after free in PresentationAPI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7926
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7927 Type Confusion in Runtime

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7927
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7925 Use after free in Chromoting

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7925
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7922 Use after free in ServiceWorker

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7922
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7924 Uninitialized Use in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7924
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7921 Use after free in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7921
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7923 Out of bounds write in Skia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7923
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7920 Use after free in Skia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7920
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7919 Use after free in Aura

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7919
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7918 Use after free in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7918
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7916 Insufficient data validation in InterestGroups

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7916
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7917 Use after free in Fullscreen

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7917
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7914 Type Confusion in Accessibility

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7914
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7910 Use after free in Views

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7910
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7911 Use after free in Aura

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7911
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7909 Inappropriate implementation in ServiceWorker

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7909
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7908 Use after free in Fullscreen

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7908
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7907 Use after free in DOM

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7907
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7906 Use after free in SVG

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7906
Baja Microsoft Edge

Chromium: CVE-2026-7903 Integer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7903
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7904 Out of bounds read in Fonts

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7904
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7902 Out of bounds memory access in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7902
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7901 Use after free in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7901
Baja Microsoft Edge

Chromium: CVE-2026-7900 Heap buffer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7900
Baja Dynamics

CVE-2026-33821 Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

CVE-2026-33821
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7899 Out of bounds read and write in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7899
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7898 Use after free in Chromoting

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7898
Baja Microsoft Edge

Chromium: CVE-2026-7896 Integer overflow in Blink

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...

CVE-2026-7896
Baja Azure

CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.

CVE-2026-41105
Baja Microsoft Edge

CVE-2026-33111 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

CVE-2026-33111
Baja Azure

CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

CVE-2026-33109
Baja Azure

CVE-2026-40379 Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-40379
Baja Azure

CVE-2026-32207 Azure Machine Learning Notebook Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-32207
Baja Microsoft

CVE-2026-33823 Microsoft Team Events Portal Information Disclosure Vulnerability

Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.

CVE-2026-33823
Baja Azure

CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

CVE-2026-33844
Baja Microsoft

CVE-2026-34327 Microsoft Partner Center Spoofing Vulnerability

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-34327
Baja Azure

CVE-2026-35435 Azure AI Foundry Elevation of Privilege Vulnerability

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-35435
Baja Azure

CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-35428
Baja Azure

CVE-2026-42826 Azure DevOps Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.

CVE-2026-42826
Sin clasificar Microsoft

CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()

Information published.

CVE-2025-68768
Sin clasificar Microsoft

CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver

Information published.

CVE-2026-28810
Sin clasificar Microsoft

CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount

Information published.

CVE-2026-31455
Sin clasificar Microsoft

CVE-2026-34318

Information published.

CVE-2026-34318
Sin clasificar Microsoft

CVE-2026-34317

Information published.

CVE-2026-34317
Sin clasificar Microsoft

CVE-2026-34319

Information published.

CVE-2026-34319
Sin clasificar Microsoft

CVE-2026-33845 Gnutls: gnutls: denial of service via dtls zero-length fragment

Information published.

CVE-2026-33845
Sin clasificar Microsoft

CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison

Information published.

CVE-2026-3833
Baja Microsoft

CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response

Information published.

CVE-2026-3832
Sin clasificar Microsoft

CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation

Information published.

CVE-2026-6383
Sin clasificar Microsoft

CVE-2026-34875

Information published.

CVE-2026-34875
Sin clasificar Microsoft

CVE-2026-34874

Information published.

CVE-2026-34874
Sin clasificar Microsoft

CVE-2026-34876

Information published.

CVE-2026-34876
Sin clasificar Microsoft

CVE-2026-25835

Information published.

CVE-2026-25835
Sin clasificar Microsoft

CVE-2025-66442

Information published.

CVE-2025-66442
Sin clasificar Microsoft

CVE-2026-34873

Information published.

CVE-2026-34873
Sin clasificar Microsoft

CVE-2026-34871

Information published.

CVE-2026-34871
Sin clasificar Microsoft

CVE-2026-34872

Information published.

CVE-2026-34872
Sin clasificar Microsoft

CVE-2026-25834

Information published.

CVE-2026-25834
Sin clasificar Microsoft

CVE-2026-25833

Information published.

CVE-2026-25833
Sin clasificar Microsoft

CVE-2026-41082

Information published.

CVE-2026-41082
Sin clasificar Microsoft

CVE-2026-33190 CoreDNS TSIG authentication bypass on encrypted DNS transports

Information published.

CVE-2026-33190
Sin clasificar Microsoft

CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification

Information published.

CVE-2026-32936
Sin clasificar Microsoft

CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports

Information published.

CVE-2026-35579
Sin clasificar Azure

CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API

Information published.

CVE-2026-42151
Baja Microsoft

CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload

Information published.

CVE-2026-42154
Sin clasificar Microsoft

CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa

Information published.

CVE-2026-43248
Sin clasificar Microsoft

CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex

Information published.

CVE-2026-43127
Sin clasificar Microsoft

CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode

Information published.

CVE-2026-43161
Sin clasificar Microsoft

CVE-2026-43245 ntfs: ->d_compare() must not block

Information published.

CVE-2026-43245
Sin clasificar Microsoft

CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference

Information published.

CVE-2026-43137
Sin clasificar Microsoft

CVE-2026-43234 team: avoid NETDEV_CHANGEMTU event when unregistering slave

Information published.

CVE-2026-43234
Sin clasificar Microsoft

CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()

Information published.

CVE-2026-43185
Sin clasificar Microsoft

CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()

Information published.

CVE-2025-71273
Sin clasificar Microsoft

CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname

Information published.

CVE-2026-43153
Sin clasificar Microsoft

CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack

Information published.

CVE-2026-43116
Sin clasificar Microsoft

CVE-2026-43244 kcm: fix zero-frag skb in frag_list on partial sendmsg error

Information published.

CVE-2026-43244
Sin clasificar Microsoft

CVE-2026-43191 drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35

Information published.

CVE-2026-43191
Sin clasificar Microsoft

CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths

Information published.

CVE-2025-71272
Sin clasificar Microsoft

CVE-2026-43964

Information published.

CVE-2026-43964
Sin clasificar Microsoft

CVE-2026-33489 CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison

Information published.

CVE-2026-33489
Sin clasificar Microsoft

CVE-2026-32934 CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service

Information published.

CVE-2026-32934
Sin clasificar Microsoft

CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function

Information published.

CVE-2026-43073
Sin clasificar Microsoft

CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree

Information published.

CVE-2026-43125
Sin clasificar Microsoft

CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE

Information published.

CVE-2026-43176
Sin clasificar Microsoft

CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams

Information published.

CVE-2026-43204
Sin clasificar Microsoft

CVE-2026-43131 drm/amd/pm: Fix null pointer dereference issue

Information published.

CVE-2026-43131
Sin clasificar Microsoft

CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints

Information published.

CVE-2026-43126
Sin clasificar Microsoft

CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()

Information published.

CVE-2026-43198
Sin clasificar Microsoft

CVE-2025-71290 misc: ti_fpc202: fix a potential memory leak in probe function

Information published.

CVE-2025-71290
Sin clasificar Microsoft

CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU

Information published.

CVE-2026-43115
Sin clasificar Microsoft

CVE-2025-71293 drm/amdgpu/ras: Move ras data alloc before bad page check

Information published.

CVE-2025-71293
Sin clasificar Microsoft

CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing

Information published.

CVE-2026-43172
Sin clasificar Microsoft

CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels

Information published.

CVE-2025-71285
Sin clasificar Microsoft

CVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminated

Information published.

CVE-2026-43197
Sin clasificar Microsoft

CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay

Information published.

CVE-2026-43118
Sin clasificar Microsoft

CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock

Information published.

CVE-2026-43109
Sin clasificar Microsoft

CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM

Information published.

CVE-2026-43129
Sin clasificar Microsoft

CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()

Information published.

CVE-2026-43274
Sin clasificar Microsoft

CVE-2026-43258 alpha: fix user-space corruption during memory compaction

Information published.

CVE-2026-43258
Sin clasificar Microsoft

CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files

Information published.

CVE-2025-71289
Sin clasificar Microsoft

CVE-2026-43107 xfrm: account XFRMA_IF_ID in aevent size calculation

Information published.

CVE-2026-43107
Sin clasificar Microsoft

CVE-2026-43243 drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src

Information published.

CVE-2026-43243
Sin clasificar Microsoft

CVE-2025-71294 drm/amdgpu: fix NULL pointer issue buffer funcs

Information published.

CVE-2025-71294
Sin clasificar Microsoft

CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()

Information published.

CVE-2026-43250
Sin clasificar Microsoft

CVE-2026-43237 drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4

Information published.

CVE-2026-43237
Sin clasificar Microsoft

CVE-2026-43201 APEI/GHES: ARM processor Error: don't go past allocated memory

Information published.

CVE-2026-43201
Sin clasificar Microsoft

CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet

Information published.

CVE-2026-43219
Sin clasificar Microsoft

CVE-2026-43165 hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin

Information published.

CVE-2026-43165
Sin clasificar Microsoft

CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports

Information published.

CVE-2026-43088
Sin clasificar Microsoft

CVE-2026-43195 drm/amdgpu: validate user queue size constraints

Information published.

CVE-2026-43195
Sin clasificar Microsoft

CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report

Information published.

CVE-2026-43213
Sin clasificar Microsoft

CVE-2026-43228 hfs: Replace BUG_ON with error handling for CNID count checks

Information published.

CVE-2026-43228
Sin clasificar Microsoft

CVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp()

Information published.

CVE-2026-43216
Sin clasificar Microsoft

CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status

Information published.

CVE-2026-43119
Sin clasificar Microsoft

CVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon tracking

Information published.

CVE-2026-43267
Sin clasificar Microsoft

CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()

Information published.

CVE-2026-43101
Sin clasificar Microsoft

CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query

Information published.

CVE-2026-43199
Sin clasificar Microsoft

CVE-2026-43083 net: ioam6: fix OOB and missing lock

Information published.

CVE-2026-43083
Sin clasificar Microsoft

CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability

Information published.

CVE-2026-43870
Sin clasificar Microsoft

CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern

Information published.

CVE-2026-43868 CVE-2020-13949
Sin clasificar Microsoft

CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

Information published.

CVE-2026-33523
Sin clasificar Microsoft

CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset

Information published.

CVE-2026-23918
Sin clasificar Microsoft

CVE-2026-34059 Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()

Information published.

CVE-2026-34059
Sin clasificar Microsoft

CVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)

Information published.

CVE-2026-34032
Sin clasificar Microsoft

CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

Information published.

CVE-2026-24072
Sin clasificar Microsoft

CVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack

Information published.

CVE-2026-33006
Sin clasificar Microsoft

CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash

Information published.

CVE-2026-33007
Sin clasificar Microsoft

CVE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crash

Information published.

CVE-2026-29169
Sin clasificar Microsoft

CVE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP response

Information published.

CVE-2026-29168
Sin clasificar Microsoft

CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

Information published.

CVE-2026-33857
Baja Microsoft

CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files

Information published.

CVE-2026-41066
Baja Microsoft

CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling

Information published.

CVE-2026-33999
Sin clasificar Microsoft

CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup

Information published.

CVE-2026-41205
Sin clasificar Microsoft

CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption

Information published.

CVE-2026-34001
Sin clasificar Microsoft

CVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access

Information published.

CVE-2026-34003
Sin clasificar Microsoft

CVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

Information published.

CVE-2026-43037
Baja Microsoft

CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow

Information published.

CVE-2026-7598
Sin clasificar Microsoft

CVE-2026-43964

Information published.

CVE-2026-43964
Sin clasificar Microsoft

CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

Information published.

CVE-2026-27141
Sin clasificar Microsoft

CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference

Information published.

CVE-2025-8224
Sin clasificar Microsoft

CVE-2026-35469 SpdyStream: DOS on CRI

Information published.

CVE-2026-35469
Baja Microsoft

CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions

Information published.

CVE-2026-28532
Sin clasificar Microsoft

CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions

Information published.

CVE-2026-6842
Sin clasificar Microsoft

CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place

Information published.

CVE-2026-31431
Sin clasificar Microsoft

CVE-2026-42798

Information published.

CVE-2026-42798
Baja Microsoft

CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow

Information published.

CVE-2026-40170
Sin clasificar Microsoft

CVE-2026-37457

Information published.

CVE-2026-37457
Baja Microsoft

CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow

Information published.

CVE-2026-7598
Baja Microsoft

CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow

Information published.

CVE-2025-11083
Sin clasificar Microsoft

CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion

Information published.

CVE-2025-9403
Sin clasificar Microsoft

CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference

Information published.

CVE-2025-8224
Sin clasificar Microsoft

CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure

Information published.

CVE-2026-34757
Sin clasificar Microsoft

CVE-2026-37555

Information published.

CVE-2026-37555
Sin clasificar Microsoft

CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions

Information published.

CVE-2026-6842
Sin clasificar Microsoft

CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place

Information published.

CVE-2026-31431
Sin clasificar Microsoft

CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file

Information published.

CVE-2026-6845
Sin clasificar Microsoft

CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing

Information published.

CVE-2026-6846
Sin clasificar Microsoft

CVE-2026-30656

Information published.

CVE-2026-30656
Sin clasificar Microsoft

CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service

Information published.

CVE-2026-6843
Baja Microsoft

CVE-2017-20230 Storable versions before 3.05 for Perl has a stack overflow

Information published.

CVE-2017-20230
Baja Microsoft

CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass

Information published.

CVE-2026-32148
Baja Microsoft

CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow

Information published.

CVE-2025-11083
Baja Microsoft

CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow

Information published.

CVE-2026-7598
Media Microsoft

CVE-2026-43058 media: vidtv: fix pass-by-value structs causing MSAN warnings

Information published.

CVE-2026-43058
Sin clasificar Microsoft

CVE-2026-41080

Information published.

CVE-2026-41080
Sin clasificar Microsoft

CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page

Information published.

CVE-2026-31602
Sin clasificar Microsoft

CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write

Information published.

CVE-2026-31598
Sin clasificar Microsoft

CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()

Information published.

CVE-2026-31608
Baja Microsoft

CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions

Information published.

CVE-2026-28532
Sin clasificar Microsoft

CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization

Information published.

CVE-2026-4948
Sin clasificar Microsoft

CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup

Information published.

CVE-2026-27456
Sin clasificar Microsoft

CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization

Information published.

CVE-2026-3184
Sin clasificar Microsoft

CVE-2026-41080

Information published.

CVE-2026-41080
Sin clasificar Microsoft

CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use

Information published.

CVE-2026-31606
Sin clasificar Microsoft

CVE-2026-31605 fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO

Information published.

CVE-2026-31605
Media Microsoft

CVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections

Information published.

CVE-2026-31599
Sin clasificar Microsoft

CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page

Information published.

CVE-2026-31602
Sin clasificar Microsoft

CVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc

Information published.

CVE-2026-31610
Sin clasificar Microsoft

CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write

Information published.

CVE-2026-31598
Sin clasificar Microsoft

CVE-2026-31603 staging: sm750fb: fix division by zero in ps_to_hz()

Information published.

CVE-2026-31603
Sin clasificar Microsoft

CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()

Information published.

CVE-2026-31608
Sin clasificar Microsoft

CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]

Information published.

CVE-2026-31611
Sin clasificar Microsoft

CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()

Information published.

CVE-2026-31612
Sin clasificar Microsoft

CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY

Information published.

CVE-2026-31597
Sin clasificar Microsoft

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

Information published.

CVE-2026-6357
Sin clasificar Microsoft

CVE-2026-41607 Apache Thrift: C++ JSON OOB read

Information published.

CVE-2026-41607
Sin clasificar Microsoft

CVE-2026-41636 Apache Thrift: Node.js skip() recursion

Information published.

CVE-2026-41636
Sin clasificar Microsoft

CVE-2026-31533 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption

Information published.

CVE-2026-31533
Sin clasificar Microsoft

CVE-2026-41526

Information published.

CVE-2026-41526
Sin clasificar Microsoft

CVE-2026-40356

Information published.

CVE-2026-40356
Sin clasificar Windows

CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs

Information published.

CVE-2026-3087
Sin clasificar Microsoft

CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()

Information published.

CVE-2026-31478
Sin clasificar Microsoft

CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()

Information published.

CVE-2026-31532
Sin clasificar Microsoft

CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend

Information published.

CVE-2026-31596
Sin clasificar Microsoft

CVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()

Information published.

CVE-2026-31609
Sin clasificar Microsoft

CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field

Information published.

CVE-2026-6238
Sin clasificar Microsoft

CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.

Information published.

CVE-2025-48431
Baja Microsoft

CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow

Information published.

CVE-2026-41602
Sin clasificar Microsoft

CVE-2026-41604 Apache Thrift: Swift Range crash in skip()

Information published.

CVE-2026-41604
Baja Microsoft

CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow

Information published.

CVE-2026-41605
Baja Microsoft

CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow

Information published.

CVE-2026-41606
Sin clasificar Microsoft

CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns

Information published.

CVE-2026-31692
Sin clasificar Microsoft

CVE-2026-40355

Information published.

CVE-2026-40355
Sin clasificar Microsoft

CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds

Information published.

CVE-2026-3731
Sin clasificar Microsoft

CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling

Information published.

CVE-2026-0965
Sin clasificar Microsoft

CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Information published.

CVE-2026-25645
Sin clasificar Microsoft

CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing

Information published.

CVE-2026-0967
Baja Microsoft

CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input

Information published.

CVE-2026-0966
Sin clasificar Microsoft

CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers

Information published.

CVE-2026-0964
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7343 Use after free in Views

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7343
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7363 Use after free in Canvas

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7363
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7359 Use after free in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7359
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7333 Use after free in GPU

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7333
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7360 Insufficient validation of untrusted input in Compositing

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7360
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7344 Use after free in Accessibility

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7344
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7358 Use after free in Animation

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7358
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7334 Use after free in Views

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7334
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7357 Use after free in GPU

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7357
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7356 Use after free in Navigation

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7356
Baja Microsoft Edge

Chromium: CVE-2026-7353 Heap buffer overflow in Skia

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7353
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7351 Race in MHTML

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7351
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7354 Out of bounds read and write in Angle

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7354
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7349 Use after free in Cast

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7349
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7348 Use after free in Codecs

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7348
Media Microsoft Edge

Chromium: CVE-2026-7335 Use after free in media

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7335
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7336 Use after free in WebRTC

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7336
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7350 Use after free in WebMIDI

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7350
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7345 Insufficient validation of untrusted input in Feedback

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7345
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7347 Use after free in Chromoting

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7347
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7346 Inappropriate implementation in Tint

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7346
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7337 Type Confusion in V8

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7337
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7338 Use after free in Cast

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7338
Sin clasificar Microsoft Edge

Chromium: CVE-2026-7341 Use after free in WebRTC

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7341
Baja Microsoft Edge

Chromium: CVE-2026-7340 Integer overflow in ANGLE

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7340
Baja Microsoft Edge

Chromium: CVE-2026-7339 Heap buffer overflow in WebRTC

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7339
Media Microsoft Edge

Chromium: CVE-2026-7355 Use after free in Media

This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...

CVE-2026-7355
Sin clasificar Defender

CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability

Added FAQ information. This is an informational change only.

CVE-2026-33825
Baja Microsoft

CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP

Information published.

CVE-2025-21892
Sin clasificar Microsoft

CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers

Information published.

CVE-2025-21870
Sin clasificar Microsoft

CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking

Information published.

CVE-2026-24051
Sin clasificar Microsoft

CVE-2026-21620 TFTP Path Traversal

Information published.

CVE-2026-21620
Baja Microsoft

CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve

Information published.

CVE-2026-25541
Sin clasificar Microsoft

CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference

Information published.

CVE-2025-15504
Baja Microsoft

CVE-2022-2068 The c_rehash script allows command injection

Information published.

CVE-2022-2068
Sin clasificar Microsoft

CVE-2019-1543 ChaCha20-Poly1305 with long nonces

Information published.

CVE-2019-1543
Baja Microsoft

CVE-2019-1551 rsaz_512_sqr overflow bug on x86_64

Information published.

CVE-2019-1551
Sin clasificar Microsoft

CVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_free

Information published.

CVE-2024-41045
Sin clasificar Microsoft

CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly

Information published.

CVE-2024-41067
Sin clasificar Microsoft

CVE-2017-3736

Information published.

CVE-2017-3736
Sin clasificar Microsoft

CVE-2018-0734 Timing attack against DSA

Information published.

CVE-2018-0734
Sin clasificar Microsoft

CVE-2018-0735 Timing attack against ECDSA signature generation

Information published.

CVE-2018-0735
Sin clasificar Microsoft

CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash

Information published.

CVE-2024-57974
Sin clasificar Microsoft

CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed

Information published.

CVE-2024-57976
Sin clasificar Microsoft

CVE-2019-1547 ECDSA remote timing attack

Information published.

CVE-2019-1547
Sin clasificar Microsoft

CVE-2019-1549 Fork Protection

Information published.

CVE-2019-1549
Sin clasificar Microsoft

CVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey

Information published.

CVE-2019-1563
Sin clasificar Microsoft

CVE-2024-41932 sched: fix warning in sched_setaffinity

Information published.

CVE-2024-41932
Sin clasificar Microsoft

CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)

Information published.

CVE-2026-34978
Sin clasificar Microsoft

CVE-2026-31410 ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION

Information published.

CVE-2026-31410
Baja Microsoft

CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion

Information published.

CVE-2026-31789
Sin clasificar Microsoft

CVE-2026-28387 Potential Use-after-free in DANE Client Code

Information published.

CVE-2026-28387
Sin clasificar Microsoft

CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL

Information published.

CVE-2026-28388
Sin clasificar Microsoft

CVE-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment

Information published.

CVE-2026-35206
Baja Microsoft

CVE-2026-5448 1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore

Information published.

CVE-2026-5448
Baja Microsoft

CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.

Information published.

CVE-2026-5778
Sin clasificar Microsoft

CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3

Information published.

CVE-2026-5460
Sin clasificar Microsoft

CVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse

Information published.

CVE-2026-5446
Sin clasificar Microsoft

CVE-2026-31476 ksmbd: do not expire session on binding failure

Information published.

CVE-2026-31476
Sin clasificar Microsoft

CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()

Information published.

CVE-2026-31464
Sin clasificar Microsoft

CVE-2026-31432 ksmbd: fix OOB write in QUERY_INFO for compound requests

Information published.

CVE-2026-31432
Sin clasificar Microsoft

CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports

Information published.

CVE-2026-31502
Sin clasificar Microsoft

CVE-2026-31495 netfilter: ctnetlink: use netlink policy range checks

Information published.

CVE-2026-31495
Sin clasificar Microsoft

CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()

Information published.

CVE-2026-31477
Sin clasificar Microsoft

CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()

Information published.

CVE-2026-31530
Sin clasificar Microsoft

CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise

Information published.

CVE-2026-31480
Sin clasificar Microsoft

CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()

Information published.

CVE-2026-31512
Sin clasificar Microsoft

CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free

Information published.

CVE-2026-31493
Sin clasificar Microsoft

CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds

Information published.

CVE-2026-31521
Baja Microsoft

CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()

Information published.

CVE-2026-41445
Sin clasificar Microsoft

CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()

Information published.

CVE-2026-31531
Sin clasificar Microsoft

CVE-2026-41988

Information published.

CVE-2026-41988
Sin clasificar Microsoft

CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup

Information published.

CVE-2026-31619
Sin clasificar Microsoft

CVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION

Information published.

CVE-2026-31590
Sin clasificar Microsoft

CVE-2026-31618 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO

Information published.

CVE-2026-31618
Sin clasificar Microsoft

CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()

Information published.

CVE-2026-31617
Sin clasificar Microsoft

CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift

Information published.

CVE-2026-31624
Sin clasificar Microsoft

CVE-2026-23422 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler

Information published.

CVE-2026-23422
Sin clasificar Microsoft

CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()

Information published.

CVE-2026-31626
Sin clasificar Microsoft

CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers

Information published.

CVE-2026-31615
Sin clasificar Microsoft

CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits

Information published.

CVE-2026-31537
Baja Microsoft

CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

Information published.

CVE-2026-41676
Sin clasificar Microsoft

CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap

Information published.

CVE-2026-41678
Sin clasificar Microsoft

CVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crash

Information published.

CVE-2026-31580
Sin clasificar Microsoft

CVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check

Information published.

CVE-2026-41681
Sin clasificar Microsoft

CVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checks

Information published.

CVE-2026-31629
Sin clasificar Microsoft

CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established

Information published.

CVE-2026-31669
Media Microsoft

CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()

Information published.

CVE-2026-31576
Sin clasificar Microsoft

CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()

Information published.

CVE-2026-31586
Sin clasificar Microsoft

CVE-2026-31622 NFC: digital: Bounds check NFC-A cascade depth in SDD response handler

Information published.

CVE-2026-31622
Sin clasificar Microsoft

CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock

Information published.

CVE-2026-31592
Sin clasificar Microsoft

CVE-2026-31686 mm/kasan: fix double free for kasan pXds

Information published.

CVE-2026-31686
Sin clasificar Microsoft

CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer

Information published.

CVE-2026-41898
Baja Microsoft

CVE-2026-31545 NFC: nxp-nci: allow GPIOs to sleep

Information published.

CVE-2026-31545
Sin clasificar Microsoft

CVE-2026-31546 net: bonding: fix NULL deref in bond_debug_rlb_hash_show

Information published.

CVE-2026-31546
Sin clasificar Microsoft

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

Information published.

CVE-2026-6357
Sin clasificar Microsoft

CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification

Information published.

CVE-2026-41603
Sin clasificar Microsoft

CVE-2026-41607 Apache Thrift: C++ JSON OOB read

Information published.

CVE-2026-41607
Sin clasificar Microsoft

CVE-2026-41636 Apache Thrift: Node.js skip() recursion

Information published.

CVE-2026-41636
Sin clasificar Microsoft

CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo

Information published.

CVE-2026-28389
Sin clasificar Microsoft

CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo

Information published.

CVE-2026-28390
Sin clasificar Microsoft

CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar

Information published.

CVE-2026-32288
Sin clasificar Microsoft

CVE-2026-32281 Inefficient policy validation in crypto/x509

Information published.

CVE-2026-32281
Sin clasificar Microsoft

CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template

Information published.

CVE-2026-32289
Sin clasificar Microsoft

CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls

Information published.

CVE-2026-32283
Baja Microsoft

CVE-2026-34477 Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass

Information published.

CVE-2026-34477
Sin clasificar Microsoft

CVE-2026-31420 bridge: mrp: reject zero test interval to avoid OOM panic

Information published.

CVE-2026-31420
Sin clasificar Microsoft

CVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS

Information published.

CVE-2026-5393
Sin clasificar Microsoft

CVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext Recovery

Information published.

CVE-2026-5504
Sin clasificar Microsoft

CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer

Information published.

CVE-2026-5507
Sin clasificar Microsoft

CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName

Information published.

CVE-2026-5503
Baja Microsoft

CVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OID

Information published.

CVE-2026-5295
Baja Microsoft

CVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSL

Information published.

CVE-2026-5188
Baja Microsoft

CVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier

Information published.

CVE-2026-5447
Sin clasificar Microsoft

CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation

Information published.

CVE-2026-5772
Sin clasificar Microsoft

CVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streaming

Information published.

CVE-2026-5392
Sin clasificar Microsoft

CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

Information published.

CVE-2026-1502
Sin clasificar Microsoft

CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

Information published.

CVE-2026-34481
Sin clasificar Microsoft

CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters

Information published.

CVE-2026-34479
Sin clasificar Microsoft

CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Information published.

CVE-2026-34480
Sin clasificar Microsoft

CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head

Information published.

CVE-2026-31429
Sin clasificar Microsoft

CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives

Information published.

CVE-2026-3219
Sin clasificar Microsoft

CVE-2026-31524 HID: asus: avoid memory leak in asus_report_fixup()

Information published.

CVE-2026-31524
Sin clasificar Microsoft

CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex

Information published.

CVE-2026-31486
Sin clasificar Microsoft

CVE-2026-31487 spi: use generic driver_override infrastructure

Information published.

CVE-2026-31487
Sin clasificar Microsoft

CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc

Information published.

CVE-2026-31496
Sin clasificar Microsoft

CVE-2026-31515 af_key: validate families in pfkey_send_migrate()

Information published.

CVE-2026-31515
Sin clasificar Microsoft

CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown

Information published.

CVE-2026-31516
Sin clasificar Microsoft

CVE-2026-31527 driver core: platform: use generic driver_override infrastructure

Information published.

CVE-2026-31527
Sin clasificar Microsoft

CVE-2026-31504 net: fix fanout UAF in packet_release() via NETDEV_UP race

Information published.

CVE-2026-31504
Sin clasificar Microsoft

CVE-2026-31523 nvme-pci: ensure we're polling a polled queue

Information published.

CVE-2026-31523
Sin clasificar Microsoft

CVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indices

Information published.

CVE-2026-31497
Sin clasificar Microsoft

CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path

Information published.

CVE-2026-31489
Sin clasificar Microsoft

CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb

Information published.

CVE-2026-31510
Sin clasificar Microsoft

CVE-2026-31482 s390/entry: Scrub r12 register on kernel entry

Information published.

CVE-2026-31482
Sin clasificar Microsoft

CVE-2026-31518 esp: fix skb leak with espintcp and async crypto

Information published.

CVE-2026-31518
Sin clasificar Microsoft

CVE-2026-31519 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create

Information published.

CVE-2026-31519
Sin clasificar Microsoft

CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests

Information published.

CVE-2026-31433
Sin clasificar Microsoft

CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)

Information published.

CVE-2026-31485
Sin clasificar Microsoft

CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table

Information published.

CVE-2026-31483
Sin clasificar Microsoft

CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer

Information published.

CVE-2026-31507
Sin clasificar Microsoft

CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock

Information published.

CVE-2026-31500
Sin clasificar Microsoft

CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()

Information published.

CVE-2026-31522
Sin clasificar Microsoft

CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()

Information published.

CVE-2026-31478
Sin clasificar Microsoft

CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device

Information published.

CVE-2026-31509
Sin clasificar Microsoft

CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2

Information published.

CVE-2026-31503
Sin clasificar Microsoft

CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop

Information published.

CVE-2026-31498
Sin clasificar Microsoft

CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it

Information published.

CVE-2026-31492
Sin clasificar Microsoft

CVE-2026-31494 net: macb: use the current queue number for stats

Information published.

CVE-2026-31494
Sin clasificar Microsoft

CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input

Information published.

CVE-2026-6409
Sin clasificar Microsoft

CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL

Information published.

CVE-2026-5187
Sin clasificar Microsoft

CVE-2026-23428 ksmbd: fix use-after-free of share_conf in compound request

Information published.

CVE-2026-23428
Sin clasificar Microsoft

CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable

Information published.

CVE-2025-13763
Sin clasificar Microsoft

CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()

Information published.

CVE-2026-31607
Sin clasificar Microsoft

CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED

Information published.

CVE-2026-31536
Media Microsoft

CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()

Information published.

CVE-2026-31583
Sin clasificar Microsoft

CVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnect

Information published.

CVE-2026-31581
Media Microsoft

CVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failure

Information published.

CVE-2026-31585
Baja Microsoft

CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()

Information published.

CVE-2026-31623
Sin clasificar Microsoft

CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length

Information published.

CVE-2026-41677
Baja Microsoft

CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()

Information published.

CVE-2026-31616
Sin clasificar Microsoft

CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect

Information published.

CVE-2026-31582
Sin clasificar Microsoft

CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values

Information published.

CVE-2026-31588
Sin clasificar Microsoft

CVE-2026-41305 PostCSS has XSS via Unescaped in its CSS Stringify Output

Information published.

CVE-2026-41305
Sin clasificar Windows

CVE-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes

Information published.

CVE-2026-3298
Media Microsoft

CVE-2026-31584 media: mediatek: vcodec: fix use-after-free in encoder release path

Information published.

CVE-2026-31584
Baja Microsoft

CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path

Information published.

CVE-2026-5435
Sin clasificar Microsoft

CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers

Information published.

CVE-2026-2708
Sin clasificar Microsoft

CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document

Information published.

CVE-2026-6732
Sin clasificar Microsoft

CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters

Information published.

CVE-2026-6019
Sin clasificar Microsoft

CVE-2026-31508 net: openvswitch: Avoid releasing netdev before teardown completes

Information published.

CVE-2026-31508
Sin clasificar Microsoft

CVE-2026-31540 drm/i915/gt: Check set_default_submission() before deferencing

Information published.

CVE-2026-31540
Sin clasificar Microsoft

CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field

Information published.

CVE-2026-6238
Sin clasificar Microsoft

CVE-2026-31499 Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()

Information published.

CVE-2026-31499
Sin clasificar Microsoft

CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.

Information published.

CVE-2025-48431
Baja Microsoft

CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow

Information published.

CVE-2026-41602
Sin clasificar Microsoft

CVE-2026-41604 Apache Thrift: Swift Range crash in skip()

Information published.

CVE-2026-41604
Baja Microsoft

CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow

Information published.

CVE-2026-41605
Baja Microsoft

CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow

Information published.

CVE-2026-41606
Sin clasificar Microsoft

CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly

Information published.

CVE-2024-35808
Sin clasificar Microsoft

CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio

Information published.

CVE-2025-37834
Baja Microsoft

CVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path

Information published.

CVE-2026-4395
Baja Microsoft

CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path

Information published.

CVE-2026-1005
Sin clasificar Microsoft

CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior

Information published.

CVE-2026-23378
Sin clasificar Microsoft

CVE-2025-66037 OpenSC: Out of Bounds vulnerability

Information published.

CVE-2025-66037
Sin clasificar Microsoft

CVE-2025-69648

Information published.

CVE-2025-69648
Sin clasificar Microsoft

CVE-2026-32776

Information published.

CVE-2026-32776
Sin clasificar Microsoft

CVE-2026-32778

Information published.

CVE-2026-32778
Sin clasificar Microsoft

CVE-2026-32777

Information published.

CVE-2026-32777
Sin clasificar Microsoft

CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read

Information published.

CVE-2026-4159
Sin clasificar Microsoft

CVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V

Information published.

CVE-2026-3580
Baja Microsoft

CVE-2026-3229 Integer Overflow in Certificate Chain Allocation

Information published.

CVE-2026-3229
Sin clasificar Microsoft

CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown

Information published.

CVE-2026-23372
Sin clasificar Microsoft

CVE-2026-23364 ksmbd: Compare MACs in constant time

Information published.

CVE-2026-23364
Sin clasificar Microsoft

CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion

Information published.

CVE-2026-23393
Sin clasificar Microsoft

CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers

Information published.

CVE-2026-33542
Sin clasificar Microsoft

CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection

Information published.

CVE-2026-33916
Baja Microsoft

CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE

Information published.

CVE-2025-49010
Baja Microsoft

CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur

Information published.

CVE-2025-66215
Sin clasificar Microsoft

CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers

Information published.

CVE-2025-66038
Sin clasificar Microsoft

CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects

Information published.

CVE-2026-34043
Sin clasificar Microsoft

CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters

Information published.

CVE-2026-2100
Sin clasificar Microsoft

CVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer names

Information published.

CVE-2026-34073
Sin clasificar Microsoft

CVE-2017-3731 Truncated packet could crash via OOB read

Information published.

CVE-2017-3731
Sin clasificar Windows

CVE-2026-21246 Windows Graphics Component Elevation of Privilege Vulnerability

Acknowledgement added. This is an informational change only.

CVE-2026-21246
Sin clasificar Microsoft

CVE-2026-22701 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

Information published.

CVE-2026-22701
Sin clasificar Microsoft

CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

Information published.

CVE-2026-27141
Sin clasificar Microsoft

CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking

Information published.

CVE-2026-24051
Sin clasificar Microsoft

CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure

Information published.

CVE-2026-2443
Baja Microsoft

CVE-2022-2068 The c_rehash script allows command injection

Information published.

CVE-2022-2068
Baja Microsoft

CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation

Information published.

CVE-2025-68146
Sin clasificar Microsoft

CVE-2017-3735

Information published.

CVE-2017-3735
Sin clasificar Microsoft

CVE-2017-3736

Information published.

CVE-2017-3736
Sin clasificar Microsoft

CVE-2018-0734 Timing attack against DSA

Information published.

CVE-2018-0734
Sin clasificar Microsoft

CVE-2018-0735 Timing attack against ECDSA signature generation

Information published.

CVE-2018-0735
Sin clasificar Microsoft

CVE-2019-1547 ECDSA remote timing attack

Information published.

CVE-2019-1547
Sin clasificar Microsoft

CVE-2019-1549 Fork Protection

Information published.

CVE-2019-1549
Sin clasificar Microsoft

CVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey

Information published.

CVE-2019-1563
Sin clasificar Microsoft

CVE-2026-34591 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write

Information published.

CVE-2026-34591
Sin clasificar Microsoft

CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

Information published.

CVE-2026-29181
Sin clasificar Microsoft

CVE-2026-31476 ksmbd: do not expire session on binding failure

Information published.

CVE-2026-31476
Sin clasificar Microsoft

CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()

Information published.

CVE-2026-31477
Sin clasificar Microsoft

CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise

Information published.

CVE-2026-31480
Sin clasificar Microsoft

CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup

Information published.

CVE-2026-31619
Sin clasificar Microsoft

CVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users

Information published.

CVE-2026-41079
Sin clasificar Microsoft

CVE-2026-31557 nvmet: move async event work off nvmet-wq

Information published.

CVE-2026-31557
Sin clasificar Microsoft

CVE-2026-31667 Input: uinput - fix circular locking dependency with ff-core

Information published.

CVE-2026-31667
Sin clasificar Microsoft

CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()

Information published.

CVE-2026-31617
Sin clasificar Microsoft

CVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytes

Information published.

CVE-2026-31660
Sin clasificar Microsoft

CVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib

Information published.

CVE-2026-31566
Sin clasificar Microsoft

CVE-2026-31637 rxrpc: reject undecryptable rxkad response tickets

Information published.

CVE-2026-31637
Sin clasificar Microsoft

CVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()

Information published.

CVE-2026-31570
Sin clasificar Microsoft

CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift

Information published.

CVE-2026-31624
Sin clasificar Microsoft

CVE-2026-31651 mmc: vub300: fix NULL-deref on disconnect

Information published.

CVE-2026-31651
Sin clasificar Microsoft

CVE-2026-31672 wifi: rt2x00usb: fix devres lifetime

Information published.

CVE-2026-31672
Sin clasificar Microsoft

CVE-2026-31565 RDMA/irdma: Fix deadlock during netdev reset with active connections

Information published.

CVE-2026-31565
Sin clasificar Microsoft

CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()

Information published.

CVE-2026-31626
Sin clasificar Microsoft

CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK

Information published.

CVE-2026-31663
Baja Microsoft

CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files

Information published.

CVE-2026-41066
Sin clasificar Microsoft

CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames

Information published.

CVE-2026-41411
Sin clasificar Microsoft

CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits

Information published.

CVE-2026-31537
Sin clasificar Microsoft

CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]

Information published.

CVE-2026-31611
Sin clasificar Microsoft

CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT

Information published.

CVE-2026-32147
Sin clasificar Microsoft

CVE-2026-31627 i2c: s3c24xx: check the size of the SMBUS message before using it

Information published.

CVE-2026-31627
Sin clasificar Microsoft

CVE-2026-31671 xfrm_user: fix info leak in build_report()

Information published.

CVE-2026-31671
Sin clasificar Microsoft

CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction

Information published.

CVE-2026-31560
Sin clasificar Microsoft

CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()

Information published.

CVE-2026-31612
Sin clasificar Microsoft

CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory

Information published.

CVE-2026-31568
Sin clasificar Microsoft

CVE-2026-31587 ASoC: qcom: q6apm: move component registration to unmanaged version

Information published.

CVE-2026-31587
Sin clasificar Microsoft

CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation

Information published.

CVE-2026-31575
Baja Microsoft

CVE-2026-31662 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG

Information published.

CVE-2026-31662
Sin clasificar Microsoft

CVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crash

Information published.

CVE-2026-31580
Sin clasificar Microsoft

CVE-2026-31657 batman-adv: hold claim backbone gateways by reference

Information published.

CVE-2026-31657
Sin clasificar Microsoft

CVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checks

Information published.

CVE-2026-31629
Sin clasificar Microsoft

CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit

Information published.

CVE-2026-31579
Sin clasificar Microsoft

CVE-2026-31628 x86/CPU: Fix FPDSS on Zen1

Information published.

CVE-2026-31628
Sin clasificar Microsoft

CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output

Information published.

CVE-2026-31630
Baja Microsoft

CVE-2026-31649 net: stmmac: fix integer underflow in chain mode

Information published.

CVE-2026-31649
Sin clasificar Microsoft

CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established

Information published.

CVE-2026-31669
Media Microsoft

CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()

Information published.

CVE-2026-31576
Sin clasificar Microsoft

CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()

Information published.

CVE-2026-31586
Media Microsoft

CVE-2026-31578 media: as102: fix to not free memory after the device is registered in as102_usb_probe()

Information published.

CVE-2026-31578
Sin clasificar Microsoft

CVE-2026-31682 bridge: br_nd_send: linearize skb before parsing ND options

Information published.

CVE-2026-31682
Sin clasificar Microsoft

CVE-2026-31659 batman-adv: reject oversized global TT response buffers

Information published.

CVE-2026-31659
Sin clasificar Microsoft

CVE-2026-31625 HID: alps: fix NULL pointer dereference in alps_raw_event()

Information published.

CVE-2026-31625
Sin clasificar Microsoft

CVE-2026-31679 openvswitch: validate MPLS set/set_masked payload length

Information published.

CVE-2026-31679
Sin clasificar Microsoft

CVE-2026-31674 netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()

Information published.

CVE-2026-31674
Sin clasificar Microsoft

CVE-2026-31664 xfrm: clear trailing padding in build_polexpire()

Information published.

CVE-2026-31664
Sin clasificar Microsoft

CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY

Information published.

CVE-2026-31597
Sin clasificar Microsoft

CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock

Information published.

CVE-2026-31592
Baja Microsoft

CVE-2026-31656 drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat

Information published.

CVE-2026-31656
Sin clasificar Microsoft

CVE-2026-31686 mm/kasan: fix double free for kasan pXds

Information published.

CVE-2026-31686
Sin clasificar Microsoft

CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer

Information published.

CVE-2026-41898
Baja Microsoft

CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling

Information published.

CVE-2026-33999
Sin clasificar Microsoft

CVE-2026-23406 apparmor: fix side-effect bug in match_char() macro usage

Information published.

CVE-2026-23406
Sin clasificar Microsoft

CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo

Information published.

CVE-2026-28389
Sin clasificar Microsoft

CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo

Information published.

CVE-2026-28390
Sin clasificar Microsoft

CVE-2026-41254

Information published.

CVE-2026-41254
Sin clasificar Microsoft

CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()

Information published.

CVE-2026-31478
Media Microsoft

CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex

Information published.

CVE-2026-31473
Sin clasificar Microsoft

CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable

Information published.

CVE-2025-13763
Sin clasificar Microsoft

CVE-2026-31555 futex: Clear stale exiting pointer in futex_lock_pi() retry path

Information published.

CVE-2026-31555
Sin clasificar Microsoft

CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()

Information published.

CVE-2026-31607
Sin clasificar Microsoft

CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED

Information published.

CVE-2026-31536
Media Microsoft

CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()

Information published.

CVE-2026-31583
Sin clasificar Microsoft

CVE-2026-31638 rxrpc: Only put the call ref if one was acquired

Information published.

CVE-2026-31638
Sin clasificar Microsoft

CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag

Information published.

CVE-2026-31574
Sin clasificar Microsoft

CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend

Information published.

CVE-2026-31596
Sin clasificar Microsoft

CVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnect

Information published.

CVE-2026-31581
Sin clasificar Microsoft

CVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map

Information published.

CVE-2026-31577
Sin clasificar Microsoft

CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4

Information published.

CVE-2026-41140
Sin clasificar Microsoft

CVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroy

Information published.

CVE-2026-31665
Sin clasificar Microsoft

CVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being created

Information published.

CVE-2026-31670
Sin clasificar Microsoft

CVE-2026-31642 rxrpc: Fix call removal to use RCU safe deletion

Information published.

CVE-2026-31642
Sin clasificar Microsoft

CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response

Information published.

CVE-2026-31613
Baja Microsoft

CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()

Information published.

CVE-2026-31623
Sin clasificar Microsoft

CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length

Information published.

CVE-2026-41677
Baja Microsoft

CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()

Information published.

CVE-2026-31616
Sin clasificar Microsoft

CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel

Information published.

CVE-2026-31668
Sin clasificar Microsoft

CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect

Information published.

CVE-2026-31582
Sin clasificar Microsoft

CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values

Information published.

CVE-2026-31588
Sin clasificar Microsoft

CVE-2026-31675 net/sched: sch_netem: fix out-of-bounds access in packet corruption

Information published.

CVE-2026-31675
Sin clasificar Microsoft

CVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring()

Information published.

CVE-2026-31634
Sin clasificar Microsoft

CVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()

Information published.

CVE-2026-31658
Sin clasificar Microsoft

CVE-2026-31689 EDAC/mc: Fix error path ordering in edac_mc_alloc()

Information published.

CVE-2026-31689
Sin clasificar Microsoft

CVE-2026-31688 driver core: enforce device_lock for driver_match_device()

Information published.

CVE-2026-31688
Sin clasificar Microsoft

CVE-2026-31548 wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down

Information published.

CVE-2026-31548
Sin clasificar Microsoft

CVE-2026-31549 i2c: cp2615: fix serial string NULL-deref at probe

Information published.

CVE-2026-31549
Sin clasificar Microsoft

CVE-2026-31550 pmdomain: bcm: bcm2835-power: Increase ASB control timeout

Information published.

CVE-2026-31550
Baja Microsoft

CVE-2026-31551 wifi: mac80211: Fix static_branch_dec() underflow for aql_disable.

Information published.

CVE-2026-31551
Sin clasificar Microsoft

CVE-2026-31552 wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom

Information published.

CVE-2026-31552
Media Microsoft

CVE-2026-31584 media: mediatek: vcodec: fix use-after-free in encoder release path

Information published.

CVE-2026-31584
Sin clasificar Microsoft

CVE-2026-31661 wifi: brcmsmac: Fix dma_free_coherent() size

Information published.

CVE-2026-31661
Sin clasificar Microsoft

CVE-2026-31563 net: macb: Use dev_consume_skb_any() to free TX SKBs

Information published.

CVE-2026-31563
Baja Microsoft

CVE-2026-31648 mm: filemap: fix nr_pages calculation overflow in filemap_map_pages()

Information published.

CVE-2026-31648
Sin clasificar Microsoft

CVE-2026-40225

Information published.

CVE-2026-40225
Baja Microsoft

CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path

Information published.

CVE-2026-5435
Sin clasificar Microsoft

CVE-2026-40556 Insecure Directory Permissions in GNU nano Leading to Privilege Abuse

Information published.

CVE-2026-40556
Sin clasificar Microsoft

CVE-2026-6861 Emacs: emacs: memory corruption vulnerability when processing svg css

Information published.

CVE-2026-6861
Sin clasificar Microsoft

CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers

Information published.

CVE-2026-2708
Sin clasificar Microsoft

CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document

Information published.

CVE-2026-6732
Sin clasificar Microsoft

CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters

Information published.

CVE-2026-6019
Sin clasificar Microsoft

CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption

Information published.

CVE-2026-34001
Sin clasificar Microsoft

CVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access

Information published.

CVE-2026-34003
Sin clasificar Microsoft

CVE-2026-3783 token leak with redirect and netrc

Information published.

CVE-2026-3783
Sin clasificar Microsoft

CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal

Information published.

CVE-2026-23391
Sin clasificar Microsoft

CVE-2026-1965 bad reuse of HTTP Negotiate connection

Information published.

CVE-2026-1965
Sin clasificar Microsoft

CVE-2026-3784 wrong proxy connection reuse with credentials

Information published.

CVE-2026-3784
Baja Microsoft

CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks

Information published.

CVE-2026-33056
Sin clasificar Microsoft

CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero

Information published.

CVE-2026-33055
Baja Microsoft

CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources

Information published.

CVE-2026-2369
Sin clasificar Microsoft

CVE-2026-23388 Squashfs: check metadata block offset is within range

Information published.

CVE-2026-23388
Sin clasificar Microsoft

CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ

Information published.

CVE-2026-23395
Sin clasificar Microsoft

CVE-2026-31788 xen/privcmd: restrict usage in unprivileged domU

Information published.

CVE-2026-31788
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6920 Out of bounds read in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6920
Sin clasificar Dynamics

CVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Added acknowledgements. This is an informational change only.

CVE-2026-33103
Sin clasificar Microsoft

Chromium: CVE-2026-6919 Use after free in DevTools

Added a second Security Only package to Edge security update. This is an informational change only.

CVE-2026-6919
Sin clasificar Visual Studio

CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability

This CVE has been updated to include the Visual Studios 2026 18.5 as an Affected Software

CVE-2026-40372
Sin clasificar Microsoft

CVE-2026-26149 Microsoft Power Apps Desktop Client Spoofing Vulnerability

Boletin publicado por Microsoft Security Response Center.

CVE-2026-26149
Sin clasificar Windows

CVE-2026-32202 Windows Shell Spoofing Vulnerability

Corrected the Exploitability Index, Exploited flag and CVSS vector which was incorrect at the time of publication on 4/14/2026. This is an informational change only.

CVE-2026-32202
Sin clasificar Microsoft

CVE-2018-0734 Timing attack against DSA

Information published.

CVE-2018-0734
Sin clasificar Microsoft

CVE-2018-0735 Timing attack against ECDSA signature generation

Information published.

CVE-2018-0735
Baja Microsoft

CVE-2022-2068 The c_rehash script allows command injection

Information published.

CVE-2022-2068
Sin clasificar Microsoft

CVE-2026-23405 apparmor: fix: limit the number of levels of policy namespaces

Information published.

CVE-2026-23405
Sin clasificar Microsoft

CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup

Information published.

CVE-2026-31619
Sin clasificar Microsoft

CVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users

Information published.

CVE-2026-41079
Sin clasificar Microsoft

CVE-2026-31557 nvmet: move async event work off nvmet-wq

Information published.

CVE-2026-31557
Sin clasificar Microsoft

CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use

Information published.

CVE-2026-31606
Sin clasificar Microsoft

CVE-2026-31646 net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()

Information published.

CVE-2026-31646
Sin clasificar Microsoft

CVE-2026-31620 ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0

Information published.

CVE-2026-31620
Sin clasificar Microsoft

CVE-2026-31593 KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU

Information published.

CVE-2026-31593
Sin clasificar Microsoft

CVE-2026-31667 Input: uinput - fix circular locking dependency with ff-core

Information published.

CVE-2026-31667
Sin clasificar Microsoft

CVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION

Information published.

CVE-2026-31590
Sin clasificar Microsoft

CVE-2026-31618 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO

Information published.

CVE-2026-31618
Sin clasificar Microsoft

CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()

Information published.

CVE-2026-31617
Sin clasificar Microsoft

CVE-2026-31589 mm: call ->free_folio() directly in folio_unmap_invalidate()

Information published.

CVE-2026-31589
Sin clasificar Microsoft

CVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytes

Information published.

CVE-2026-31660
Sin clasificar Microsoft

CVE-2026-31605 fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO

Information published.

CVE-2026-31605
Sin clasificar Microsoft

CVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib

Information published.

CVE-2026-31566
Media Microsoft

CVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections

Information published.

CVE-2026-31599
Sin clasificar Microsoft

CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page

Information published.

CVE-2026-31602
Sin clasificar Microsoft

CVE-2026-31637 rxrpc: reject undecryptable rxkad response tickets

Information published.

CVE-2026-31637
Sin clasificar Microsoft

CVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()

Information published.

CVE-2026-31570
Sin clasificar Microsoft

CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift

Information published.

CVE-2026-31624
Sin clasificar Microsoft

CVE-2026-31651 mmc: vub300: fix NULL-deref on disconnect

Information published.

CVE-2026-31651
Sin clasificar Microsoft

CVE-2026-23420 wifi: wlcore: Fix a locking bug

Information published.

CVE-2026-23420
Sin clasificar Microsoft

CVE-2026-31672 wifi: rt2x00usb: fix devres lifetime

Information published.

CVE-2026-31672
Sin clasificar Microsoft

CVE-2026-23422 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler

Information published.

CVE-2026-23422
Sin clasificar Microsoft

CVE-2026-31565 RDMA/irdma: Fix deadlock during netdev reset with active connections

Information published.

CVE-2026-31565
Sin clasificar Microsoft

CVE-2026-31621 bnge: return after auxiliary_device_uninit() in error path

Information published.

CVE-2026-31621
Sin clasificar Microsoft

CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()

Information published.

CVE-2026-31626
Sin clasificar Microsoft

CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK

Information published.

CVE-2026-31663
Sin clasificar Microsoft

CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers

Information published.

CVE-2026-31615
Sin clasificar Microsoft

CVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc

Information published.

CVE-2026-31610
Baja Microsoft

CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files

Information published.

CVE-2026-41066
Sin clasificar Microsoft

CVE-2026-31645 net: lan966x: fix page pool leak in error paths

Information published.

CVE-2026-31645
Sin clasificar Microsoft

CVE-2026-41907 uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided

Information published.

CVE-2026-41907
Sin clasificar Microsoft

CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames

Information published.

CVE-2026-41411
Sin clasificar Microsoft

CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write

Information published.

CVE-2026-31598
Sin clasificar Microsoft

CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits

Information published.

CVE-2026-31537
Sin clasificar Microsoft

CVE-2026-23414 tls: Purge async_hold in tls_decrypt_async_wait()

Information published.

CVE-2026-23414
Sin clasificar Microsoft

CVE-2026-31603 staging: sm750fb: fix division by zero in ps_to_hz()

Information published.

CVE-2026-31603
Sin clasificar Microsoft

CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()

Information published.

CVE-2026-31608
Sin clasificar Microsoft

CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]

Information published.

CVE-2026-31611
Sin clasificar Microsoft

CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT

Information published.

CVE-2026-32147
Sin clasificar Microsoft

CVE-2026-31600 arm64: mm: Handle invalid large leaf mappings correctly

Information published.

CVE-2026-31600
Baja Microsoft

CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

Information published.

CVE-2026-41676
Sin clasificar Microsoft

CVE-2026-31627 i2c: s3c24xx: check the size of the SMBUS message before using it

Information published.

CVE-2026-31627
Sin clasificar Microsoft

CVE-2026-31671 xfrm_user: fix info leak in build_report()

Information published.

CVE-2026-31671
Sin clasificar Microsoft

CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction

Information published.

CVE-2026-31560
Sin clasificar Microsoft

CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap

Information published.

CVE-2026-41678
Sin clasificar Microsoft

CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()

Information published.

CVE-2026-31612
Sin clasificar Microsoft

CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory

Information published.

CVE-2026-31568
Sin clasificar Microsoft

CVE-2026-31587 ASoC: qcom: q6apm: move component registration to unmanaged version

Information published.

CVE-2026-31587
Sin clasificar Microsoft

CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation

Information published.

CVE-2026-31575
Baja Microsoft

CVE-2026-31662 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG

Information published.

CVE-2026-31662
Sin clasificar Microsoft

CVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crash

Information published.

CVE-2026-31580
Sin clasificar Microsoft

CVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check

Information published.

CVE-2026-41681
Sin clasificar Microsoft

CVE-2026-31639 rxrpc: Fix key reference count leak from call->key

Information published.

CVE-2026-31639
Sin clasificar Microsoft

CVE-2026-31657 batman-adv: hold claim backbone gateways by reference

Information published.

CVE-2026-31657
Sin clasificar Microsoft

CVE-2026-31591 KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish

Information published.

CVE-2026-31591
Sin clasificar Microsoft

CVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checks

Information published.

CVE-2026-31629
Sin clasificar Microsoft

CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit

Information published.

CVE-2026-31579
Sin clasificar Microsoft

CVE-2026-31628 x86/CPU: Fix FPDSS on Zen1

Information published.

CVE-2026-31628
Sin clasificar Microsoft

CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output

Information published.

CVE-2026-31630
Sin clasificar Microsoft

CVE-2026-31655 pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled

Information published.

CVE-2026-31655
Sin clasificar Microsoft

CVE-2026-31685 netfilter: ip6t_eui64: reject invalid MAC header for all packets

Information published.

CVE-2026-31685
Baja Microsoft

CVE-2026-31649 net: stmmac: fix integer underflow in chain mode

Information published.

CVE-2026-31649
Sin clasificar Microsoft

CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established

Information published.

CVE-2026-31669
Baja Microsoft

CVE-2026-31680 net: ipv6: flowlabel: defer exclusive option free until RCU teardown

Information published.

CVE-2026-31680
Media Microsoft

CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()

Information published.

CVE-2026-31576
Sin clasificar Microsoft

CVE-2026-31678 openvswitch: defer tunnel netdev_put to RCU release

Information published.

CVE-2026-31678
Sin clasificar Microsoft

CVE-2026-31595 PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup

Information published.

CVE-2026-31595
Sin clasificar Microsoft

CVE-2026-31681 netfilter: xt_multiport: validate range encoding in checkentry

Information published.

CVE-2026-31681
Sin clasificar Microsoft

CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()

Information published.

CVE-2026-31586
Media Microsoft

CVE-2026-31578 media: as102: fix to not free memory after the device is registered in as102_usb_probe()

Information published.

CVE-2026-31578
Sin clasificar Microsoft

CVE-2026-31682 bridge: br_nd_send: linearize skb before parsing ND options

Information published.

CVE-2026-31682
Sin clasificar Microsoft

CVE-2026-31659 batman-adv: reject oversized global TT response buffers

Information published.

CVE-2026-31659
Sin clasificar Microsoft

CVE-2026-31625 HID: alps: fix NULL pointer dereference in alps_raw_event()

Information published.

CVE-2026-31625
Sin clasificar Microsoft

CVE-2026-31679 openvswitch: validate MPLS set/set_masked payload length

Information published.

CVE-2026-31679
Sin clasificar Microsoft

CVE-2026-31674 netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()

Information published.

CVE-2026-31674
Sin clasificar Microsoft

CVE-2026-31673 af_unix: read UNIX_DIAG_VFS data under unix_state_lock

Information published.

CVE-2026-31673
Sin clasificar Microsoft

CVE-2026-31664 xfrm: clear trailing padding in build_polexpire()

Information published.

CVE-2026-31664
Sin clasificar Microsoft

CVE-2026-31622 NFC: digital: Bounds check NFC-A cascade depth in SDD response handler

Information published.

CVE-2026-31622
Sin clasificar Microsoft

CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY

Information published.

CVE-2026-31597
Sin clasificar Microsoft

CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock

Information published.

CVE-2026-31592
Baja Microsoft

CVE-2026-31656 drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat

Information published.

CVE-2026-31656
Sin clasificar Microsoft

CVE-2026-23401 KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE

Information published.

CVE-2026-23401
Sin clasificar Microsoft

CVE-2026-23403 apparmor: fix memory leak in verify_header

Information published.

CVE-2026-23403
Sin clasificar Microsoft

CVE-2026-23404 apparmor: replace recursive profile removal with iterative approach

Information published.

CVE-2026-23404
Sin clasificar Microsoft

CVE-2026-23406 apparmor: fix side-effect bug in match_char() macro usage

Information published.

CVE-2026-23406
Sin clasificar Microsoft

CVE-2026-23407 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()

Information published.

CVE-2026-23407
Sin clasificar Microsoft

CVE-2026-23408 apparmor: Fix double free of ns_name in aa_replace_profiles()

Information published.

CVE-2026-23408
Sin clasificar Microsoft

CVE-2026-23409 apparmor: fix differential encoding verification

Information published.

CVE-2026-23409
Sin clasificar Microsoft

CVE-2026-23410 apparmor: fix race on rawdata dereference

Information published.

CVE-2026-23410
Sin clasificar Microsoft

CVE-2026-23411 apparmor: fix race between freeing data and fs accessing it

Information published.

CVE-2026-23411
Sin clasificar Microsoft

CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup

Information published.

CVE-2026-41205
Sin clasificar Microsoft

CVE-2026-31555 futex: Clear stale exiting pointer in futex_lock_pi() retry path

Information published.

CVE-2026-31555
Sin clasificar Microsoft

CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()

Information published.

CVE-2026-31607
Sin clasificar Microsoft

CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED

Information published.

CVE-2026-31536
Media Microsoft

CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()

Information published.

CVE-2026-31583
Sin clasificar Microsoft

CVE-2026-31638 rxrpc: Only put the call ref if one was acquired

Information published.

CVE-2026-31638
Sin clasificar Microsoft

CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag

Information published.

CVE-2026-31574
Sin clasificar Microsoft

CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend

Information published.

CVE-2026-31596
Sin clasificar Microsoft

CVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnect

Information published.

CVE-2026-31581
Sin clasificar Microsoft

CVE-2026-31604 wifi: rtw88: fix device leak on probe failure

Information published.

CVE-2026-31604
Media Microsoft

CVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failure

Information published.

CVE-2026-31585
Sin clasificar Microsoft

CVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map

Information published.

CVE-2026-31577
Sin clasificar Microsoft

CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4

Information published.

CVE-2026-41140
Sin clasificar Microsoft

CVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroy

Information published.

CVE-2026-31665
Sin clasificar Microsoft

CVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being created

Information published.

CVE-2026-31670
Sin clasificar Microsoft

CVE-2026-31642 rxrpc: Fix call removal to use RCU safe deletion

Information published.

CVE-2026-31642
Sin clasificar Microsoft

CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response

Information published.

CVE-2026-31613
Baja Microsoft

CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()

Information published.

CVE-2026-31623
Sin clasificar Microsoft

CVE-2026-31594 PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown

Information published.

CVE-2026-31594
Sin clasificar Microsoft

CVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()

Information published.

CVE-2026-31609
Sin clasificar Microsoft

CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length

Information published.

CVE-2026-41677
Baja Microsoft

CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()

Information published.

CVE-2026-31616
Sin clasificar Microsoft

CVE-2026-31601 vfio/xe: Reorganize the init to decouple migration from reset

Information published.

CVE-2026-31601
Sin clasificar Microsoft

CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel

Information published.

CVE-2026-31668
Sin clasificar Microsoft

CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect

Information published.

CVE-2026-31582
Sin clasificar Microsoft

CVE-2026-31676 rxrpc: only handle RESPONSE during service challenge

Information published.

CVE-2026-31676
Sin clasificar Microsoft

CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values

Information published.

CVE-2026-31588
Sin clasificar Microsoft

CVE-2026-31677 crypto: af_alg - limit RX SG extraction by receive buffer budget

Information published.

CVE-2026-31677
Sin clasificar Microsoft

CVE-2026-31675 net/sched: sch_netem: fix out-of-bounds access in packet corruption

Information published.

CVE-2026-31675
Sin clasificar Microsoft

CVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring()

Information published.

CVE-2026-31634
Sin clasificar Microsoft

CVE-2026-31684 net: sched: act_csum: validate nested VLAN headers

Information published.

CVE-2026-31684
Sin clasificar Microsoft

CVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()

Information published.

CVE-2026-31658
Sin clasificar Microsoft

CVE-2026-23382 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them

Information published.

CVE-2026-23382
Sin clasificar Microsoft

CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal

Information published.

CVE-2026-23391
Sin clasificar Microsoft

CVE-2026-23359 bpf: Fix stack-out-of-bounds write in devmap

Information published.

CVE-2026-23359
Sin clasificar Microsoft

CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects

Information published.

CVE-2026-23348
Sin clasificar Microsoft

CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior

Information published.

CVE-2026-23378
Sin clasificar Microsoft

CVE-2026-23352 x86/efi: defer freeing of boot services memory

Information published.

CVE-2026-23352
Sin clasificar Microsoft

CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting

Information published.

CVE-2026-23371
Sin clasificar Microsoft

CVE-2026-23351 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase

Information published.

CVE-2026-23351
Sin clasificar Microsoft

CVE-2026-23389 ice: Fix memory leak in ice_set_ringparam()

Information published.

CVE-2026-23389
Sin clasificar Microsoft

CVE-2026-23365 net: usb: kalmia: validate USB endpoints

Information published.

CVE-2026-23365
Sin clasificar Microsoft

CVE-2026-23398 icmp: fix NULL pointer dereference in icmp_tag_validation()

Information published.

CVE-2026-23398
Sin clasificar Microsoft

CVE-2026-23396 wifi: mac80211: fix NULL deref in mesh_matches_local()

Information published.

CVE-2026-23396
Sin clasificar Microsoft

CVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error path

Information published.

CVE-2026-23399
Sin clasificar Microsoft

CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.

Information published.

CVE-2026-23394
Sin clasificar Microsoft

CVE-2026-23362 can: bcm: fix locking for bcm_op runtime updates

Information published.

CVE-2026-23362
Sin clasificar Microsoft

CVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data

Information published.

CVE-2026-23370
Sin clasificar Microsoft

CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown

Information published.

CVE-2026-23372
Sin clasificar Microsoft

CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry

Information published.

CVE-2026-23361
Baja Microsoft

CVE-2026-23392 netfilter: nf_tables: release flowtable after rcu grace period on error

Information published.

CVE-2026-23392
Sin clasificar Microsoft

CVE-2026-23388 Squashfs: check metadata block offset is within range

Information published.

CVE-2026-23388
Sin clasificar Microsoft

CVE-2026-23368 net: phy: register phy led_triggers during probe to avoid AB-BA deadlock

Information published.

CVE-2026-23368
Sin clasificar Microsoft

CVE-2026-23364 ksmbd: Compare MACs in constant time

Information published.

CVE-2026-23364
Sin clasificar Microsoft

CVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_open

Information published.

CVE-2026-23357
Sin clasificar Microsoft

CVE-2026-23381 net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled

Information published.

CVE-2026-23381
Sin clasificar Microsoft

CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ

Information published.

CVE-2026-23395
Sin clasificar Microsoft

CVE-2026-23374 blktrace: fix __this_cpu_read/write in preemptible context

Information published.

CVE-2026-23374
Sin clasificar Microsoft

CVE-2026-23356 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()

Information published.

CVE-2026-23356
Sin clasificar Microsoft

CVE-2026-23367 wifi: radiotap: reject radiotap with unknown bits

Information published.

CVE-2026-23367
Sin clasificar Microsoft

CVE-2026-23379 net/sched: ets: fix divide by zero in the offload path

Information published.

CVE-2026-23379
Sin clasificar Microsoft

CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion

Information published.

CVE-2026-23393
Sin clasificar Microsoft

CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints

Information published.

CVE-2026-23397
Sin clasificar Microsoft

CVE-2026-31788 xen/privcmd: restrict usage in unprivileged domU

Information published.

CVE-2026-31788
Sin clasificar Microsoft

CVE-2026-23360 nvme: fix admin queue leak on controller reset

Information published.

CVE-2026-23360
Sin clasificar Microsoft

CVE-2026-23442 ipv6: add NULL checks for idev in SRv6 paths

Information published.

CVE-2026-23442
Sin clasificar Microsoft

CVE-2026-41080

Information published.

CVE-2026-41080
Sin clasificar Microsoft

CVE-2026-41989

Information published.

CVE-2026-41989
Baja Microsoft

CVE-2026-23438 net: mvpp2: guard flow control update with global_tx_fc in buffer switching

Information published.

CVE-2026-23438
Sin clasificar Microsoft

CVE-2026-23439 udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n

Information published.

CVE-2026-23439
Sin clasificar Microsoft

CVE-2026-23446 net: usb: aqc111: Do not perform PM inside suspend callback

Information published.

CVE-2026-23446
Sin clasificar Microsoft

CVE-2026-23447 net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check

Information published.

CVE-2026-23447
Sin clasificar Microsoft

CVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure

Information published.

CVE-2026-23444
Baja Microsoft

CVE-2026-5450 scanf %mc off-by-one heap buffer overflow

Information published.

CVE-2026-5450
Sin clasificar Microsoft

CVE-2026-23428 ksmbd: fix use-after-free of share_conf in compound request

Information published.

CVE-2026-23428
Sin clasificar Microsoft

CVE-2026-23434 mtd: rawnand: serialize lock/unlock against other NAND operations

Information published.

CVE-2026-23434
Sin clasificar Microsoft

CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup

Information published.

CVE-2026-41205
Sin clasificar Microsoft

CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable

Information published.

CVE-2025-13763
Sin clasificar Microsoft

CVE-2026-23340 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs

Information published.

CVE-2026-23340
Sin clasificar Microsoft

CVE-2026-23324 can: usb: etas_es58x: correctly anchor the urb in the read bulk callback

Information published.

CVE-2026-23324
Sin clasificar Microsoft

CVE-2026-23315 wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()

Information published.

CVE-2026-23315
Sin clasificar Microsoft

CVE-2026-23330 nfc: nci: complete pending data exchange on device close

Information published.

CVE-2026-23330
Sin clasificar Microsoft

CVE-2026-23318 ALSA: usb-audio: Use correct version for UAC3 header validation

Information published.

CVE-2026-23318
Sin clasificar Microsoft

CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths

Information published.

CVE-2026-23339
Sin clasificar Microsoft

CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()

Information published.

CVE-2026-23335
Sin clasificar Microsoft

CVE-2026-23336 wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()

Information published.

CVE-2026-23336
Sin clasificar Microsoft

CVE-2026-5958 Race Condition in GNU Sed

Information published.

CVE-2026-5958
Sin clasificar Microsoft

CVE-2026-35239

Information published.

CVE-2026-35239
Sin clasificar Microsoft

CVE-2026-34271

Information published.

CVE-2026-34271
Sin clasificar Microsoft

CVE-2026-35238

Information published.

CVE-2026-35238
Sin clasificar Microsoft

CVE-2026-34267

Information published.

CVE-2026-34267
Sin clasificar Microsoft

CVE-2026-22005

Information published.

CVE-2026-22005
Sin clasificar Microsoft

CVE-2026-22015

Information published.

CVE-2026-22015
Sin clasificar Microsoft

CVE-2026-31448 ext4: avoid infinite loops caused by residual data

Information published.

CVE-2026-31448
Sin clasificar Microsoft

CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()

Information published.

CVE-2026-31530
Sin clasificar Microsoft

CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise

Information published.

CVE-2026-31480
Sin clasificar Microsoft

CVE-2026-31450 ext4: publish jinode after initialization

Information published.

CVE-2026-31450
Sin clasificar Microsoft

CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free

Information published.

CVE-2026-31493
Sin clasificar Microsoft

CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds

Information published.

CVE-2026-31521
Sin clasificar Microsoft

CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()

Information published.

CVE-2026-31531
Sin clasificar Microsoft

CVE-2026-41989

Information published.

CVE-2026-41989
Sin clasificar Microsoft

CVE-2026-41988

Information published.

CVE-2026-41988
Sin clasificar Microsoft

CVE-2026-34278

Information published.

CVE-2026-34278
Sin clasificar Microsoft

CVE-2026-21998

Information published.

CVE-2026-21998
Sin clasificar Microsoft

CVE-2026-35237

Information published.

CVE-2026-35237
Sin clasificar Microsoft

CVE-2026-22009

Information published.

CVE-2026-22009
Sin clasificar Microsoft

CVE-2026-34270

Information published.

CVE-2026-34270
Sin clasificar Microsoft

CVE-2026-34293

Information published.

CVE-2026-34293
Sin clasificar Microsoft

CVE-2026-22002

Information published.

CVE-2026-22002
Sin clasificar Microsoft

CVE-2026-22017

Information published.

CVE-2026-22017
Sin clasificar Microsoft

CVE-2026-34303

Information published.

CVE-2026-34303
Sin clasificar Microsoft

CVE-2026-34308

Information published.

CVE-2026-34308
Sin clasificar Microsoft

CVE-2026-34304

Information published.

CVE-2026-34304
Sin clasificar Microsoft

CVE-2026-34276

Information published.

CVE-2026-34276
Sin clasificar Microsoft

CVE-2026-22004

Information published.

CVE-2026-22004
Sin clasificar Microsoft

CVE-2026-22001

Information published.

CVE-2026-22001
Sin clasificar Microsoft

CVE-2026-35240

Information published.

CVE-2026-35240
Sin clasificar Microsoft

CVE-2026-35236

Information published.

CVE-2026-35236
Sin clasificar Microsoft

CVE-2026-40706

Information published.

CVE-2026-40706
Sin clasificar Microsoft

CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table

Information published.

CVE-2026-31483
Sin clasificar Microsoft

CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer

Information published.

CVE-2026-31507
Sin clasificar Microsoft

CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock

Information published.

CVE-2026-31500
Sin clasificar Microsoft

CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()

Information published.

CVE-2026-31478
Sin clasificar Microsoft

CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups

Information published.

CVE-2026-31528
Sin clasificar Microsoft

CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks

Information published.

CVE-2026-31453
Sin clasificar Microsoft

CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN

Information published.

CVE-2026-31525
Sin clasificar Microsoft

CVE-2026-31494 net: macb: use the current queue number for stats

Information published.

CVE-2026-31494
Media Microsoft

CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex

Information published.

CVE-2026-31473
Sin clasificar Microsoft

CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL

Information published.

CVE-2026-5187
Sin clasificar Microsoft

CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()

Information published.

CVE-2026-31532
Baja Dynamics

CVE-2026-32210 Microsoft Dynamics 365 (online) Spoofing Vulnerability

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-32210
Baja Microsoft 365

CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-33102
Baja Microsoft

CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

CVE-2026-33819
Baja Microsoft

CVE-2026-26150 Microsoft Purview eDiscovery Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-26150
Baja Microsoft

CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability

Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

CVE-2026-24303
Baja Microsoft

CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability

Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-35431
Baja Microsoft

CVE-2026-32172 Microsoft Power Apps Remote Code Execution Vulnerability

Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.

CVE-2026-32172
Baja Azure

CVE-2026-21515 Azure IoT Central Elevation of Privilege Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

CVE-2026-21515
Sin clasificar Microsoft

CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion

Information published.

CVE-2026-33750
Baja Microsoft

CVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption

Information published.

CVE-2026-27820
Baja Microsoft

CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal

Information published.

CVE-2026-5928
Sin clasificar Microsoft

CVE-2026-35239

Information published.

CVE-2026-35239
Sin clasificar Microsoft

CVE-2026-34271

Information published.

CVE-2026-34271
Sin clasificar Microsoft

CVE-2026-35238

Information published.

CVE-2026-35238
Sin clasificar Microsoft

CVE-2026-34267

Information published.

CVE-2026-34267
Sin clasificar Microsoft

CVE-2026-22005

Information published.

CVE-2026-22005
Sin clasificar Microsoft

CVE-2026-22015

Information published.

CVE-2026-22015
Sin clasificar Microsoft

CVE-2026-31452 ext4: convert inline data to extents when truncate exceeds inline size

Information published.

CVE-2026-31452
Sin clasificar Microsoft

CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount

Information published.

CVE-2026-31455
Sin clasificar Microsoft

CVE-2026-31476 ksmbd: do not expire session on binding failure

Information published.

CVE-2026-31476
Sin clasificar Microsoft

CVE-2026-31474 can: isotp: fix tx.buf use-after-free in isotp_sendmsg()

Information published.

CVE-2026-31474
Sin clasificar Microsoft

CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()

Information published.

CVE-2026-31464
Sin clasificar Microsoft

CVE-2026-31461 drm/amd/display: Fix drm_edid leak in amdgpu_dm

Information published.

CVE-2026-31461
Sin clasificar Microsoft

CVE-2026-31441 dmaengine: idxd: Fix memory leak when a wq is reset

Information published.

CVE-2026-31441
Sin clasificar Microsoft

CVE-2026-31454 xfs: save ailp before dropping the AIL lock in push callbacks

Information published.

CVE-2026-31454
Sin clasificar Microsoft

CVE-2026-31432 ksmbd: fix OOB write in QUERY_INFO for compound requests

Information published.

CVE-2026-31432
Sin clasificar Microsoft

CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports

Information published.

CVE-2026-31502
Sin clasificar Microsoft

CVE-2026-31495 netfilter: ctnetlink: use netlink policy range checks

Information published.

CVE-2026-31495
Sin clasificar Microsoft

CVE-2026-31448 ext4: avoid infinite loops caused by residual data

Information published.

CVE-2026-31448
Sin clasificar Microsoft

CVE-2026-31439 dmaengine: xilinx: xdma: Fix regmap init error handling

Information published.

CVE-2026-31439
Sin clasificar Microsoft

CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()

Information published.

CVE-2026-31477
Sin clasificar Microsoft

CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()

Information published.

CVE-2026-31530
Sin clasificar Microsoft

CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise

Information published.

CVE-2026-31480
Sin clasificar Microsoft

CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()

Information published.

CVE-2026-31512
Sin clasificar Microsoft

CVE-2026-31450 ext4: publish jinode after initialization

Information published.

CVE-2026-31450
Sin clasificar Microsoft

CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free

Information published.

CVE-2026-31493
Sin clasificar Microsoft

CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds

Information published.

CVE-2026-31521
Baja Microsoft

CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()

Information published.

CVE-2026-41445
Sin clasificar Microsoft

CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies

Information published.

CVE-2026-39882
Sin clasificar Microsoft

CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar

Information published.

CVE-2026-32288
Sin clasificar Microsoft

CVE-2026-5160

Information published.

CVE-2026-5160
Baja Microsoft

CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal

Information published.

CVE-2026-5358
Sin clasificar Microsoft

CVE-2026-34278

Information published.

CVE-2026-34278
Sin clasificar Microsoft

CVE-2026-21998

Information published.

CVE-2026-21998
Sin clasificar Microsoft

CVE-2026-35237

Information published.

CVE-2026-35237
Sin clasificar Microsoft

CVE-2026-22009

Information published.

CVE-2026-22009
Sin clasificar Microsoft

CVE-2026-34270

Information published.

CVE-2026-34270
Sin clasificar Microsoft

CVE-2026-34293

Information published.

CVE-2026-34293
Sin clasificar Microsoft

CVE-2026-22002

Information published.

CVE-2026-22002
Sin clasificar Microsoft

CVE-2026-22017

Information published.

CVE-2026-22017
Sin clasificar Microsoft

CVE-2026-34303

Information published.

CVE-2026-34303
Sin clasificar Microsoft

CVE-2026-34308

Information published.

CVE-2026-34308
Sin clasificar Microsoft

CVE-2026-34304

Information published.

CVE-2026-34304
Sin clasificar Microsoft

CVE-2026-34276

Information published.

CVE-2026-34276
Sin clasificar Microsoft

CVE-2026-22004

Information published.

CVE-2026-22004
Sin clasificar Microsoft

CVE-2026-22001

Information published.

CVE-2026-22001
Sin clasificar Microsoft

CVE-2026-35240

Information published.

CVE-2026-35240
Sin clasificar Microsoft

CVE-2026-35236

Information published.

CVE-2026-35236
Sin clasificar Microsoft

CVE-2026-40706

Information published.

CVE-2026-40706
Sin clasificar Microsoft

CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives

Information published.

CVE-2026-3219
Sin clasificar Microsoft

CVE-2026-40890 github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer

Information published.

CVE-2026-40890
Sin clasificar Microsoft

CVE-2026-31524 HID: asus: avoid memory leak in asus_report_fixup()

Information published.

CVE-2026-31524
Sin clasificar Microsoft

CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex

Information published.

CVE-2026-31486
Sin clasificar Microsoft

CVE-2026-31487 spi: use generic driver_override infrastructure

Information published.

CVE-2026-31487
Sin clasificar Microsoft

CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc

Information published.

CVE-2026-31496
Sin clasificar Microsoft

CVE-2026-31515 af_key: validate families in pfkey_send_migrate()

Information published.

CVE-2026-31515
Sin clasificar Microsoft

CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown

Information published.

CVE-2026-31516
Sin clasificar Microsoft

CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation

Information published.

CVE-2026-31488
Sin clasificar Microsoft

CVE-2026-31527 driver core: platform: use generic driver_override infrastructure

Information published.

CVE-2026-31527
Sin clasificar Microsoft

CVE-2026-31506 net: bcmasp: fix double free of WoL irq

Information published.

CVE-2026-31506
Sin clasificar Microsoft

CVE-2026-31458 mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]

Information published.

CVE-2026-31458
Sin clasificar Microsoft

CVE-2026-31504 net: fix fanout UAF in packet_release() via NETDEV_UP race

Information published.

CVE-2026-31504
Media Microsoft

CVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse case

Information published.

CVE-2026-31462
Sin clasificar Microsoft

CVE-2026-31523 nvme-pci: ensure we're polling a polled queue

Information published.

CVE-2026-31523
Sin clasificar Microsoft

CVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indices

Information published.

CVE-2026-31497
Sin clasificar Microsoft

CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory

Information published.

CVE-2026-31440
Sin clasificar Microsoft

CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()

Information published.

CVE-2026-31505
Sin clasificar Microsoft

CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place

Information published.

CVE-2026-31431
Sin clasificar Microsoft

CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path

Information published.

CVE-2026-31489
Sin clasificar Microsoft

CVE-2026-31469 virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false

Information published.

CVE-2026-31469
Sin clasificar Microsoft

CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb

Information published.

CVE-2026-31510
Sin clasificar Microsoft

CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes

Information published.

CVE-2026-31449
Sin clasificar Microsoft

CVE-2026-31482 s390/entry: Scrub r12 register on kernel entry

Information published.

CVE-2026-31482
Sin clasificar Microsoft

CVE-2026-31518 esp: fix skb leak with espintcp and async crypto

Information published.

CVE-2026-31518
Sin clasificar Microsoft

CVE-2026-31446 ext4: fix use-after-free in update_super_work when racing with umount

Information published.

CVE-2026-31446
Sin clasificar Microsoft

CVE-2026-31520 HID: apple: avoid memory leak in apple_report_fixup()

Information published.

CVE-2026-31520
Sin clasificar Microsoft

CVE-2026-31519 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create

Information published.

CVE-2026-31519
Sin clasificar Microsoft

CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests

Information published.

CVE-2026-31433
Sin clasificar Microsoft

CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)

Information published.

CVE-2026-31485
Sin clasificar Microsoft

CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table

Information published.

CVE-2026-31483
Sin clasificar Microsoft

CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer

Information published.

CVE-2026-31507
Sin clasificar Microsoft

CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock

Information published.

CVE-2026-31500
Sin clasificar Microsoft

CVE-2026-31447 ext4: reject mount if bigalloc with s_first_data_block != 0

Information published.

CVE-2026-31447
Sin clasificar Microsoft

CVE-2026-31444 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()

Information published.

CVE-2026-31444
Sin clasificar Microsoft

CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()

Information published.

CVE-2026-31522
Sin clasificar Microsoft

CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()

Information published.

CVE-2026-31478
Sin clasificar Microsoft

CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device

Information published.

CVE-2026-31509
Sin clasificar Microsoft

CVE-2026-31451 ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio

Information published.

CVE-2026-31451
Sin clasificar Microsoft

CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups

Information published.

CVE-2026-31528
Sin clasificar Microsoft

CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2

Information published.

CVE-2026-31503
Sin clasificar Microsoft

CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop

Information published.

CVE-2026-31498
Sin clasificar Microsoft

CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks

Information published.

CVE-2026-31453
Sin clasificar Microsoft

CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN

Information published.

CVE-2026-31525
Sin clasificar Microsoft

CVE-2026-31467 erofs: add GFP_NOIO in the bio completion if needed

Information published.

CVE-2026-31467
Sin clasificar Microsoft

CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it

Information published.

CVE-2026-31492
Sin clasificar Microsoft

CVE-2026-31494 net: macb: use the current queue number for stats

Information published.

CVE-2026-31494
Media Microsoft

CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex

Information published.

CVE-2026-31473
Sin clasificar Microsoft

CVE-2026-6507 Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing

Information published.

CVE-2026-6507
Sin clasificar Microsoft

CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)

Information published.

CVE-2026-28808
Sin clasificar Microsoft

CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input

Information published.

CVE-2026-6409
Sin clasificar Microsoft

CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL

Information published.

CVE-2026-5187
Sin clasificar Microsoft

CVE-2026-26171 .NET Denial of Service Vulnerability

The CVE was updated to include Powershell 7.6 and 7.5

CVE-2026-26171
Baja Microsoft

CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal

Information published.

CVE-2026-5928
Sin clasificar Microsoft

CVE-2026-5958 Race Condition in GNU Sed

Information published.

CVE-2026-5958
Sin clasificar Windows

CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows

Information published.

CVE-2025-14821
Sin clasificar Microsoft

CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Information published.

CVE-2026-4786 CVE-2026-4519
Baja Microsoft

CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal

Information published.

CVE-2026-5358
Baja Microsoft

CVE-2026-5450 scanf %mc off-by-one heap buffer overflow

Information published.

CVE-2026-5450
Sin clasificar Microsoft

CVE-2026-31430 X.509: Fix out-of-bounds access when parsing extensions

Information published.

CVE-2026-31430
Sin clasificar Microsoft

CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head

Information published.

CVE-2026-31429
Sin clasificar Windows

CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability

Acknowledgement added. This is an informational change only.

CVE-2026-32223
Sin clasificar Windows

CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Acknowledgement added. This is an informational change only.

CVE-2026-26168
Baja Microsoft

CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-40372
Sin clasificar Microsoft

CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar

Information published.

CVE-2026-32288
Sin clasificar Microsoft

CVE-2026-41254

Information published.

CVE-2026-41254
Sin clasificar Visual Studio

CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability

Added acknowledgements. This is an informational change only.

CVE-2026-21523
Sin clasificar Windows Server

CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability

Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.

CVE-2026-32077
Sin clasificar Microsoft

CVE-2026-26149 Microsoft Power Apps Spoofing Vulnerability

Boletin publicado por Microsoft Security Response Center.

CVE-2026-26149
Sin clasificar Microsoft

CVE-2026-5160

Information published.

CVE-2026-5160
Sin clasificar Microsoft

CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Information published.

CVE-2026-6100
Sin clasificar Microsoft

CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Information published.

CVE-2026-4786 CVE-2026-4519
Baja Microsoft

CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks

Information published.

CVE-2026-33056
Sin clasificar Microsoft

CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero

Information published.

CVE-2026-33055
Baja Microsoft Edge

Chromium: CVE-2026-6296 Heap buffer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6296
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6363 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6363
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6359 Use after free in Video

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6359
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6364 Out of bounds read in Skia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6364
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6362 Use after free in Codecs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6362
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6313
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6314 Out of bounds write in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6314
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6318 Use after free in Codecs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6318
Baja Microsoft Edge

Chromium: CVE-2026-6361 Heap buffer overflow in PDFium

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6361
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6310 Use after free in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6310
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6360 Use after free in FileSystem

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6360
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6316 Use after free in Forms

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6316
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6309 Use after free in Viz

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6309
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6311 Uninitialized Use in Accessibility

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6311
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6307 Type Confusion in Turbofan

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6307
Baja Microsoft Edge

Chromium: CVE-2026-6306 Heap buffer overflow in PDFium

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6306
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6303 Use after free in Codecs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6303
Media Microsoft Edge

Chromium: CVE-2026-6308 Out of bounds read in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6308
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6302 Use after free in Video

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6302
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6300 Use after free in CSS

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6300
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6304 Use after free in Graphite

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6304
Baja Microsoft Edge

Chromium: CVE-2026-6305 Heap buffer overflow in PDFium

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6305
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6301 Type Confusion in Turbofan

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6301
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6317 Use after free in Cast

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6317
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6312
Baja Microsoft Edge

Chromium: CVE-2026-6298 Heap buffer overflow in Skia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6298
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6297 Use after free in Proxy

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6297
Sin clasificar Microsoft Edge

Chromium: CVE-2026-6299 Use after free in Prerender

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...

CVE-2026-6299
Sin clasificar Microsoft

CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input

Information published.

CVE-2026-33948
Sin clasificar Microsoft

CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed

Information published.

CVE-2026-40164
Sin clasificar Microsoft

CVE-2026-35469 SpdyStream: DOS on CRI

Information published.

CVE-2026-35469
Sin clasificar Microsoft

CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure

Information published.

CVE-2026-39956
Sin clasificar Microsoft

CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount

Information published.

CVE-2026-35201
Baja Microsoft

CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow

Information published.

CVE-2026-32316
Sin clasificar Microsoft

CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()

Information published.

CVE-2026-33947
Sin clasificar Microsoft

CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers

Information published.

CVE-2026-39979
Sin clasificar Microsoft

CVE-2026-41035

Information published.

CVE-2026-41035
Baja Microsoft

CVE-2026-35199 SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation

Information published.

CVE-2026-35199
Sin clasificar Windows

CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows

Information published.

CVE-2025-14821
Sin clasificar Microsoft

CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer

Information published.

CVE-2026-40179
Sin clasificar Microsoft

CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group

Information published.

CVE-2026-2673