Baja
Windows
CVE-2026-59117 Windows Terminal Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code over a network.
CVE-2026-59117
Sin clasificar
Azure
CVE-2026-50652 Azure Active Directory Denial of Service Vulnerability
Updated product information in the Software Update table. This is an informational change only.
CVE-2026-50652
Sin clasificar
Azure
CVE-2026-50653 Azure Active Directory Denial of Service Vulnerability
Updated product information in the Software Update table. This is an informational change only.
CVE-2026-50653
Baja
Windows
CVE-2026-58643 Windows Admin Center Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58643
Baja
Windows
CVE-2026-58598 Windows Backup Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Backup Engine allows an authorized attacker to elevate privileges locally.
CVE-2026-58598
Sin clasificar
Windows
CVE-2026-50304 Windows Active Directory Federation Services Denial of Service Vulnerability
Updated product information in the Software Update table. This is an informational change only.
CVE-2026-50304
Sin clasificar
Windows
CVE-2026-50368 Windows Active Directory Federation Services Denial of Service Vulnerability
Updated product information in the Software Update table. This is an informational change only.
CVE-2026-50368
Sin clasificar
Windows
CVE-2026-50324 Windows Active Directory Federation Services Denial of Service Vulnerability
Updated product information in the Software Update table. This is an informational change only.
CVE-2026-50324
Sin clasificar
Windows
CVE-2026-50355 Windows Active Directory Federation Services Denial of Service Vulnerability
Updated product information in the Software Update table. This is an informational change only.
CVE-2026-50355
Sin clasificar
Windows
CVE-2026-50411 Windows Active Directory Federation Services Denial of Service Vulnerability
Updated product information in the Software Update table. This is an informational change only.
CVE-2026-50411
Sin clasificar
Microsoft
CVE-2026-50647 Active Directory Federation Server Denial of Service Vulnerability
Updated product information in the Software Update table. This is an informational change only.
CVE-2026-50647
Baja
Windows
CVE-2026-56171 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-56171
Baja
Microsoft
CVE-2026-59831 GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace
Information published.
CVE-2026-59831
Sin clasificar
SharePoint
CVE-2026-58644 Microsoft SharePoint Remote Code Execution Vulnerability
Corrected the Exploitability Index, Exploited flag and CVSS vector which was incorrect at the time of publication on 7/14/2026. This is an informational change only.
CVE-2026-58644
Sin clasificar
Windows
CVE-2026-50341 Windows NTFS Information Disclosure Vulnerability
Updated acknowledgment. This is an informational change only.
CVE-2026-50341
Sin clasificar
Microsoft
CVE-2026-50375 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Updated acknowledgment. This is an informational change only.
CVE-2026-50375
Sin clasificar
Windows
CVE-2026-56182 Windows NTFS Elevation of Privilege Vulnerability
Updated acknowledgment. This is an informational change only.
CVE-2026-56182
Sin clasificar
Microsoft
CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Updated acknowledgment. This is an informational change only.
CVE-2026-45637
Sin clasificar
Microsoft
CVE-2026-56288 NULL Pointer Dereference in GNU patch
Information published.
CVE-2026-56288
Baja
Microsoft
CVE-2026-58207 NATS Server: Remote crash via integer overflow in Connz pagination
Information published.
CVE-2026-58207
Sin clasificar
Microsoft
CVE-2026-58251 NATS Server: Queue Subscribe Authz Bypass
Information published.
CVE-2026-58251
Sin clasificar
Microsoft
CVE-2026-58208 NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled
Information published.
CVE-2026-58208
Sin clasificar
Microsoft
CVE-2026-58252 NATS Server: Subscribe Authz Bypass via Wildcard-Overlap
Information published.
CVE-2026-58252
Sin clasificar
Microsoft
CVE-2026-58209 NATS Server: MQTT retained and QoS replay bypass subscribe deny filters
Information published.
CVE-2026-58209
Sin clasificar
Microsoft
CVE-2026-58253 NATS Server: Route API Auth Bypass
Information published.
CVE-2026-58253
Baja
Microsoft
CVE-2026-57432 Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack
Information published.
CVE-2026-57432
Sin clasificar
Microsoft
CVE-2026-39822 Root escape via symlink plus trailing slash in os
Information published.
CVE-2026-39822
Sin clasificar
Microsoft
CVE-2026-42505 Invoking Encrypted Client Hello privacy leak in crypto/tls
Information published.
CVE-2026-42505
Baja
Microsoft
CVE-2026-15028 Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header
Information published.
CVE-2026-15028
Sin clasificar
Microsoft
CVE-2026-57219 RabbitMQ: Unauthenticated disclosure of OAuth client credentials via an HTTP API endpoint with certain less common OAuth 2 configurations
Information published.
CVE-2026-57219
Sin clasificar
Microsoft
CVE-2026-56289 Loop with Unreachable Exit Condition in GNU patch
Information published.
CVE-2026-56289
Sin clasificar
Microsoft
CVE-2026-58250 NATS Server: Pre-auth server crash via double INFO in leafnode handshake
Information published.
CVE-2026-58250
Baja
Microsoft
CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations
Information published.
CVE-2026-15308
Sin clasificar
Microsoft
CVE-2026-13221 Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk
Information published.
CVE-2026-13221
Sin clasificar
Microsoft
CVE-2026-59875 node-tar: Uncaught Exception DoS via NUL byte in PAX path/linkpath records
Information published.
CVE-2026-59875
Baja
Microsoft
CVE-2026-59831 GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace
Information published.
CVE-2026-59831
Sin clasificar
Microsoft
CVE-2026-57220 RabbitMQ: Stream listener does not enforce configured frame-size limit during authentication, permitting unauth'd mem-exhaust DoS
Information published.
CVE-2026-57220
Sin clasificar
Microsoft
CVE-2026-57217 RabbitMQ: Topic authorization can lead to cross-tenant routing-key bypass
Information published.
CVE-2026-57217
Sin clasificar
Microsoft
CVE-2026-57213 RabbitMQ: Stored XSS federation management plugin via unsanitized consumer_tag rendering
Information published.
CVE-2026-57213
Sin clasificar
Microsoft
CVE-2026-57216 RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks
Information published.
CVE-2026-57216
Sin clasificar
Windows
CVE-2026-57211 RabbitMQ: UNC SSRF affecting the management UI on Windows
Information published.
CVE-2026-57211
Sin clasificar
Microsoft
CVE-2026-57215 RabbitMQ: Direct-reply-to binding persistence can lead to unauthorized reply-channel injection and persistent phantom
Information published.
CVE-2026-57215
Baja
Microsoft
CVE-2025-44904 hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.
Information published.
CVE-2025-44904
Baja
Microsoft
CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI
Information published.
CVE-2026-44839
Sin clasificar
Microsoft
CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2
Information published.
CVE-2026-43966
Baja
Microsoft
CVE-2026-48561 Microsoft Copilot Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to execute code over a network.
CVE-2026-48561
Baja
Windows
CVE-2026-42982 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Improper validation of consistency within input in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
CVE-2026-42982
Baja
SQL Server
CVE-2026-47296 Microsoft SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-47296
Media
Windows
CVE-2026-34349 Windows Media Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.
CVE-2026-34349
Baja
Windows
CVE-2026-34346 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.
CVE-2026-34346
Baja
Windows
CVE-2026-42900 Microsoft Windows App Store Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows App Store allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-42900
Baja
Windows
CVE-2026-42975 Windows Bluetooth Port Driver Remote Code Execution
Heap-based buffer overflow in Windows Bluetooth Port Driver allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-42975
Baja
Microsoft
CVE-2026-47300 ASP.NET Core Elevation of Privilege Vulnerability
Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
CVE-2026-47300
Baja
Microsoft
CVE-2026-47302 .NET Denial of Service Vulnerability
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-47302
Baja
Microsoft
CVE-2026-47303 ASP.NET Core Elevation of Privilege Vulnerability
Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
CVE-2026-47303
Baja
SQL Server
CVE-2026-42990 SQL Server ODBC driver Elevation of Privilege Vulnerability
Heap-based buffer overflow in SQL Server ODBC driver allows an unauthorized attacker to execute code over a network.
CVE-2026-42990
Baja
Windows
CVE-2026-48572 Windows App Package Installer Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows App Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-48572
Baja
Windows
CVE-2026-48571 Windows App Package Installer Elevation of Privilege Vulnerability
Use after free in Windows App Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-48571
Baja
Microsoft
CVE-2026-49162 Microsoft Brokering File System Elevation of Privilege Vulnerability
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-49162
Baja
Windows
CVE-2026-49164 Windows Active Directory Domain Services Remote Code Execution Vulnerability
Heap-based buffer overflow in Active Directory Domain Services allows an unauthorized attacker to execute code over a network.
CVE-2026-49164
Baja
Windows
CVE-2026-49165 Microsoft Windows App Store Information Disclosure Vulnerability
Use of uninitialized resource in Microsoft Windows App Store allows an authorized attacker to disclose information locally.
CVE-2026-49165
Baja
Windows
CVE-2026-49166 Windows Print Configuration Elevation of Privilege Vulnerability
Use after free in Microsoft Printer Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-49166
Baja
Windows
CVE-2026-49167 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-49167
Baja
Windows
CVE-2026-49168 Storage Spaces Direct Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-49168
Baja
Windows
CVE-2026-49169 Windows DNS Server Remote Code Execution Vulnerability
Use after free in DNS Server allows an authorized attacker to execute code over a network.
CVE-2026-49169
Baja
Windows
CVE-2026-49170 Windows StateRepository API Server file Elevation of Privilege Vulnerability
Insufficient granularity of access control in Windows StateRepository API allows an authorized attacker to elevate privileges locally.
CVE-2026-49170
Baja
Windows
CVE-2026-49171 Windows Speech Runtime Elevation of Privilege Vulnerability
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2026-49171
Baja
Windows
CVE-2026-49176 Windows WalletService Elevation of Privilege Vulnerability
Improper privilege management in Windows WalletService allows an authorized attacker to elevate privileges locally.
CVE-2026-49176
Baja
Windows
CVE-2026-49175 Windows DNS Client Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows DNS allows an authorized attacker to elevate privileges locally.
CVE-2026-49175
Baja
Windows
CVE-2026-49172 Windows FTP Service Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows FTP Service allows an unauthorized attacker to execute code over a network.
CVE-2026-49172
Baja
Windows
CVE-2026-49173 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-49173
Crítica
Windows
CVE-2026-49174 DNS Client Tampering Vulnerability
Missing authentication for critical function in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.
CVE-2026-49174
Baja
Windows
CVE-2026-49177 Windows TCP/IP Information Disclosure Vulnerability
Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.
CVE-2026-49177
Baja
Windows
CVE-2026-49784 Microsoft Windows App Store Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally.
CVE-2026-49784
Baja
Microsoft
CVE-2026-50506 OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-50506
Baja
Visual Studio
CVE-2026-47282 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
Insufficiently protected credentials in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.
CVE-2026-47282
Baja
Visual Studio
CVE-2026-45496 Visual Studio Code Security Feature Bypass Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-45496
Baja
Microsoft
CVE-2026-50663 Game: Age of Empires II: Definitive Edition Remote Code Execution Vulnerability
Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network.
CVE-2026-50663
Baja
Windows
CVE-2026-54983 Windows Active Directory Federation Services Denial of Service Vulnerability
Stack-based buffer overflow in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.
CVE-2026-54983
Baja
Windows
CVE-2026-50695 Windows Active Directory Federation Services Denial of Service Vulnerability
Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.
CVE-2026-50695
Baja
Windows
CVE-2026-54129 Windows Hyper-V Elevation of Privilege Vulnerability
Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2026-54129
Baja
Windows
CVE-2026-54989 Quality Windows Audio/Video Experience (QWAVE) Elevation of Privilege Vulnerability
Use after free in Quality Windows Audio/Video Experience (QWAVE) service allows an authorized attacker to elevate privileges locally.
CVE-2026-54989
Baja
Windows
CVE-2026-54987 Windows Overlay Filter Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Overlay Filter allows an authorized attacker to elevate privileges locally.
CVE-2026-54987
Baja
Windows
CVE-2026-50696 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
Heap-based buffer overflow in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-50696
Baja
Microsoft
CVE-2026-54990 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-54990
Baja
Windows
CVE-2026-50697 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-50697
Baja
Windows
CVE-2026-55000 Windows USB Print Driver Elevation of Privilege Vulnerability
Use after free in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-55000
Baja
Windows
CVE-2026-54111 Universal Print Management Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-54111
Baja
Windows
CVE-2026-54991 Windows USB Print Driver Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-54991
Baja
Windows
CVE-2026-54132 Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-54132
Baja
Windows
CVE-2026-54107 Windows Win32k Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-54107
Baja
Windows
CVE-2026-54986 Windows Win32k Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-54986
Media
Windows
CVE-2026-54993 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.
CVE-2026-54993
Baja
Windows
CVE-2026-55001 Active Directory Domain Services Elevation of Privilege Vulnerability
Improper certificate validation in Windows Active Directory allows an authorized attacker to elevate privileges locally.
CVE-2026-55001
Baja
Windows
CVE-2026-54112 Windows Win32k Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-54112
Baja
Windows
CVE-2026-55004 Windows Print Configuration Elevation of Privilege Vulnerability
Double free in Microsoft Printer Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-55004
Baja
Windows
CVE-2026-54992 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Message Queuing Queue Manager allows an unauthorized attacker to execute code locally.
CVE-2026-54992
Baja
Windows
CVE-2026-54109 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.
CVE-2026-54109
Baja
Windows
CVE-2026-54982 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-54982
Baja
Windows
CVE-2026-54114 Windows Win32k Elevation of Privilege Vulnerability
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-54114
Baja
Windows
CVE-2026-54996 Windows USB Print Driver Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-54996
Baja
Windows
CVE-2026-54119 Windows Active Directory Denial of Service Vulnerability
Loop with unreachable exit condition ('infinite loop') in Windows Active Directory allows an unauthorized attacker to deny service over a network.
CVE-2026-54119
Baja
Windows
CVE-2026-54997 Windows SMB Information Disclosure Vulnerability
Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.
CVE-2026-54997
Baja
Windows
CVE-2026-54999 Windows TCP/IP Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-54999
Baja
Windows
CVE-2026-55003 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-55003
Baja
Windows
CVE-2026-54995 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
Use after free in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over a network.
CVE-2026-54995
Baja
Windows
CVE-2026-54122 Windows GDI+ Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally.
CVE-2026-54122
Baja
Exchange Server
CVE-2026-55005 Microsoft Exchange Server Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network.
CVE-2026-55005
Baja
Exchange Server
CVE-2026-55006 Microsoft Exchange Server Elevation of Privilege Vulnerability
Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
CVE-2026-55006
Baja
Exchange Server
CVE-2026-55009 Microsoft Exchange Server Elevation of Privilege Vulnerability
Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
CVE-2026-55009
Baja
Azure
CVE-2026-50338 Azure Spring Apps Elevation of Privilege Vulnerability
Improper authentication in Azure Spring Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-50338
Baja
Defender
CVE-2026-55011 Microsoft Defender Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Microsoft Defender allows an unauthorized attacker to execute code locally.
CVE-2026-55011
Baja
Defender
CVE-2026-55012 Microsoft Defender Remote Code Execution Vulnerability
Integer overflow or wraparound in Microsoft Defender allows an unauthorized attacker to execute code locally.
CVE-2026-55012
Baja
Microsoft
CVE-2026-50524 .NET Framework Denial of Service Vulnerability
Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50524
Baja
SQL Server
CVE-2026-54117 Microsoft SQL Server Remote Code Execution Vulnerability
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-54117
Baja
SQL Server
CVE-2026-54118 Microsoft SQL Server Remote Code Execution Vulnerability
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-54118
Baja
SQL Server
CVE-2026-55002 Microsoft SQL Server Elevation of Privilege Vulnerability
External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-55002
Baja
Windows
CVE-2026-55144 Windows Cryptography API: Next Generation (CNG) Tampering Vulnerability
Missing cryptographic step in Windows CryptoAPI allows an authorized attacker to perform tampering locally.
CVE-2026-55144
Baja
Visual Studio
CVE-2026-50520 Visual Studio Code Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code allows an unauthorized attacker to execute code locally.
CVE-2026-50520
Baja
Microsoft Office
CVE-2026-54108 Microsoft SharePoint Server Spoofing Vulnerability
External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-54108
Baja
Microsoft Office
CVE-2026-50675 Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-50675
Baja
Microsoft Office
CVE-2026-50678 Microsoft Excel Information Disclosure Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-50678
Baja
Microsoft Office
CVE-2026-54988 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-54988
Baja
Microsoft Office
CVE-2026-55899 Microsoft Excel Remote Code Execution Vulnerability
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55899
Baja
Microsoft Office
CVE-2026-55948 Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55948
Baja
Microsoft
CVE-2026-56155 Active Directory Federation Services Elevation of Privilege Vulnerability
Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.
CVE-2026-56155
Crítica
Microsoft Office
CVE-2026-56164 Microsoft SharePoint Server Elevation of Privilege Vulnerability
Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-56164
Baja
Windows
CVE-2026-56169 Windows Admin Center Elevation of Privilege Vulnerability
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-56169
Baja
Microsoft
CVE-2026-56170 ASP.NET Core Denial of Service Vulnerability
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-56170
Baja
Windows
CVE-2026-50694 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Use after free in Windows Secure Socket Tunneling Protocol (SSTP) allows an unauthorized attacker to execute code over a network.
CVE-2026-50694
Baja
Windows
CVE-2026-54127 Windows Hyper-V Elevation of Privilege Vulnerability
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
CVE-2026-54127
Baja
Microsoft Office
CVE-2026-56193 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-56193
Baja
Windows
CVE-2026-56185 Windows Admin Center Information Disclosure Vulnerability
Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network.
CVE-2026-56185
Baja
Microsoft
CVE-2026-57097 Microsoft XML Security Feature Bypass Vulnerability
Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-57097
Baja
Windows
CVE-2026-57107 Windows Admin Center Elevation of Privilege Vulnerability
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-57107
Crítica
Azure
CVE-2026-57969 Azure CycleCloud Elevation of Privilege Vulnerability
Missing authentication for critical function in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.
CVE-2026-57969
Sin clasificar
Windows
CVE-2026-57976 Windows Active Directory Domain Services Denial of Service Vulnerability
Information published.
CVE-2026-57976
Baja
Windows
CVE-2026-57979 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-57979
Baja
Windows
CVE-2026-55014 Windows Remote Help Defense Elevation of Privilege Vulnerability
Improper access control in Windows Remote Help Defense allows an authorized attacker to elevate privileges locally.
CVE-2026-55014
Baja
Azure
CVE-2026-58279 Azure CycleCloud Elevation of Privilege Vulnerability
Missing authorization in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.
CVE-2026-58279
Baja
Windows
CVE-2026-58526 Windows Storage Elevation of Privilege Vulnerability
Use after free in Windows Storage allows an authorized attacker to elevate privileges locally.
CVE-2026-58526
Baja
Microsoft
CVE-2026-58595 Microsoft Bing App for IOS Spoofing Vulnerability
Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58595
Baja
Microsoft Office
CVE-2026-50522 Microsoft SharePoint Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
CVE-2026-50522
Baja
Microsoft
CVE-2026-58601 Virtual Hard Disk (VHD) Miniport Driver Elevation of Privilege Vulernability
Heap-based buffer overflow in Virtual Hard Disk (VHD) Miniport Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-58601
Baja
Windows
CVE-2026-58602 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Use after free in Windows Kernel Mode Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-58602
Baja
Windows
CVE-2026-58608 Windows Print Spooler Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to execute code over a network.
CVE-2026-58608
Baja
Windows
CVE-2026-58609 Windows Graphics Component Remote Code Execution Vulnerability
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
CVE-2026-58609
Media
Windows
CVE-2026-58610 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.
CVE-2026-58610
Baja
Windows
CVE-2026-58614 Windows Kernel Security Feature Bypass Vulnerability
Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally.
CVE-2026-58614
Baja
Microsoft
CVE-2026-47301 Configuration Manager Elevation of Privilege Vulnerability
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over a network.
CVE-2026-47301
Baja
Microsoft Office
CVE-2026-58618 Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-58618
Baja
Windows
CVE-2026-58631 Windows Admin Center (WAC) Remote Code Execution Vulnerability
Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally.
CVE-2026-58631
Baja
Windows
CVE-2026-58635 Windows Narrator Braille Elevation of Privilege Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
CVE-2026-58635
Baja
Microsoft
CVE-2026-58636 Microsoft PC Manager Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Window PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-58636
Baja
Windows
CVE-2026-58640 Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-58640
Sin clasificar
SharePoint
CVE-2026-58644 Microsoft SharePoint Remote Code Execution Vulnerability
The Patch for this issue was released but the CVE was inadvertently left out of the Patch Tuesday June 2026 release
CVE-2026-58644
Baja
Microsoft
CVE-2026-58647 Microsoft PowerBI Report Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Power BI allows an authorized attacker to perform spoofing over a network.
CVE-2026-58647
Baja
Azure
CVE-2026-50652 Azure Active Directory Denial of Service Vulnerability
Deserialization of untrusted data in Azure Active Directory allows an unauthorized attacker to deny service over a network.
CVE-2026-50652
Baja
Azure
CVE-2026-50653 Azure Active Directory Denial of Service Vulnerability
Loop with unreachable exit condition ('infinite loop') in Azure Active Directory allows an unauthorized attacker to deny service over a network.
CVE-2026-50653
Baja
Windows
CVE-2026-33842 Windows File Explorer Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-33842
Baja
Windows
CVE-2026-34328 Windows Audio Service Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Audio Service allows an authorized attacker to disclose information locally.
CVE-2026-34328
Baja
Windows
CVE-2026-40422 Windows File Explorer Information Disclosure Vulnerability
Use of uninitialized resource in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-40422
Baja
Windows
CVE-2026-41087 Windows File Explorer Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-41087
Baja
Windows
CVE-2026-40400 Windows PowerShell Remote Code Execution Vulnerability
Relative path traversal in Windows PowerShell allows an authorized attacker to execute code over a network.
CVE-2026-40400
Baja
Windows
CVE-2026-34348 Windows Event Logging Service Information Disclosure Vulnerability
Protection mechanism failure in Windows Event Logging Service allows an authorized attacker to disclose information over a network.
CVE-2026-34348
Baja
Windows
CVE-2026-44806 Windows Secure Channel Denial of Service Vulnerability
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.
CVE-2026-44806
Baja
Windows
CVE-2026-40378 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
Memory allocation with excessive size value in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2026-40378
Baja
Microsoft
CVE-2026-47304 .NET Security Feature Bypass Vulnerability
Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-47304
Baja
Windows
CVE-2026-44800 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-44800
Baja
Azure
CVE-2026-47632 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability
Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-47632
Baja
Windows
CVE-2026-48564 DHCP Server Service Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to execute code over a network.
CVE-2026-48564
Baja
Microsoft
CVE-2026-48581 Surface Broker SDMA Elevation of Privilege Vulnerability
Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally.
CVE-2026-48581
Baja
Microsoft
CVE-2026-45646 OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-45646
Baja
Windows
CVE-2026-49178 Windows Active Directory Domain Services Remote Code Execution Vulnerability
Heap-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
CVE-2026-49178
Baja
Microsoft
CVE-2026-49180 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVE-2026-49180
Baja
Windows
CVE-2026-49181 Windows DHCP Client Elevation of Privilege Vulnerability
Integer underflow (wrap or wraparound) in Windows DHCP Client allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-49181
Baja
Windows
CVE-2026-49184 Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-49184
Baja
Windows
CVE-2026-49183 Windows Clipboard Server Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clipboard Server allows an authorized attacker to elevate privileges locally.
CVE-2026-49183
Baja
Windows
CVE-2026-49783 Secure Boot Security Feature Bypass Vulnerability
Improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-49783
Baja
Windows
CVE-2026-49787 HTTP.sys Denial of Service Vulnerability
Allocation of resources without limits or throttling in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
CVE-2026-49787
Baja
Microsoft
CVE-2026-49788 HTTP/2 Denial of Service Vulnerability
Allocation of resources without limits or throttling in HTTP/2 allows an unauthorized attacker to deny service over a network.
CVE-2026-49788
Baja
Windows
CVE-2026-49789 Windows NTFS Elevation of Privilege Vulnerability
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-49789
Sin clasificar
Windows
CVE-2026-49790 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
Information published.
CVE-2026-49790
Baja
Windows
CVE-2026-49791 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
CVE-2026-49791
Baja
Windows
CVE-2026-49792 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Numeric truncation error in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.
CVE-2026-49792
Baja
Windows
CVE-2026-49793 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.
CVE-2026-49793
Baja
Windows
CVE-2026-49794 Windows USB Audio Class Driver Information Disclosure Vulnerability
Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.
CVE-2026-49794
Baja
Windows
CVE-2026-49796 Windows GDI+ Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally.
CVE-2026-49796
Baja
Windows
CVE-2026-49795 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-49795
Baja
Windows
CVE-2026-49797 Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-49797
Baja
Windows
CVE-2026-49798 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
CVE-2026-49798
Baja
Windows
CVE-2026-50299 Windows Storage Spaces Direct Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to execute code with a physical attack.
CVE-2026-50299
Baja
Windows
CVE-2026-49800 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate privileges locally.
CVE-2026-49800
Baja
Windows
CVE-2026-49799 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.
CVE-2026-49799
Baja
Windows
CVE-2026-50308 Windows NTFS Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50308
Baja
Windows Server
CVE-2026-50311 Windows Server Elevation of Privilege Vulnerability
Improper access control in Windows Server allows an authorized attacker to elevate privileges locally.
CVE-2026-50311
Baja
Windows
CVE-2026-49804 Windows USB Video Driver Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows USB Video Driver allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-49804
Baja
Windows
CVE-2026-50294 Windows Kernel Information Disclosure Vulnerability
Exposure of sensitive system information to an unauthorized control sphere in Windows Kernel allows an unauthorized attacker to disclose information locally.
CVE-2026-50294
Crítica
Windows
CVE-2026-50333 Windows Spaceport.sys Elevation of Privilege Vulnerability
Missing authentication for critical function in Windows Spaceport.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-50333
Baja
Windows
CVE-2026-49801 Windows SMB Information Disclosure Vulnerability
Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.
CVE-2026-49801
Baja
Windows
CVE-2026-49802 Windows USB Print Driver Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-49802
Baja
Windows
CVE-2026-49806 Windows USB Print Driver Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-49806
Baja
Windows
CVE-2026-49805 Win32k Elevation of Privilege Vulnerability
Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-49805
Baja
Windows
CVE-2026-49803 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.
CVE-2026-49803
Baja
Windows
CVE-2026-50323 Windows Runtime Elevation of Privilege Vulnerability
Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50323
Baja
Windows
CVE-2026-50318 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Stack-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-50318
Baja
Windows
CVE-2026-50351 Windows Audio Compression Manager (ACM) Elevation of Privilege Vulnerability
Improper access control in Windows Audio Compression Manager (ACM) allows an authorized attacker to elevate privileges locally.
CVE-2026-50351
Baja
Windows
CVE-2026-49807 Windows DirectX Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows DirectX allows an unauthorized attacker to disclose information locally.
CVE-2026-49807
Baja
Windows
CVE-2026-50342 Windows MIDI Service Module Elevation of Privileges Vulnerability
Improper access control in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally.
CVE-2026-50342
Baja
Windows
CVE-2026-50298 Windows Spaceport.sys Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Spaceport.sys allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-50298
Baja
Windows
CVE-2026-49808 Windows Kernel Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-49808
Baja
Windows
CVE-2026-50293 Windows Internal Task Bar Elevation of Privilege Vulnerability
Use after free in Windows Internal Task Bar allows an authorized attacker to elevate privileges locally.
CVE-2026-50293
Baja
Windows
CVE-2026-50316 Windows Kernel Information Disclosure Vulnerability
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-50316
Baja
Windows
CVE-2026-50354 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50354
Baja
Microsoft
CVE-2026-50296 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Use after free in Graphics Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50296
Baja
Windows
CVE-2026-50297 Win32k Elevation of Privilege Vulnerability
Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-50297
Baja
Windows
CVE-2026-50325 Win32k Elevation of Privilege Vulnerability
Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-50325
Baja
Windows
CVE-2026-50356 Microsoft Windows App Store Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally.
CVE-2026-50356
Baja
Windows
CVE-2026-50384 Windows Clip Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clip Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50384
Baja
Windows
CVE-2026-50295 Windows Zero Trust DNS Security Feature Bypass Vulnerability
Improper privilege management in Microsoft Windows DNS allows an authorized attacker to bypass a security feature locally.
CVE-2026-50295
Baja
Windows
CVE-2026-50350 Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
CVE-2026-50350
Baja
Microsoft
CVE-2026-50381 Composite Image File System driver (cimfs.sys) Information Disclosure Vulnerability
Access of resource using incompatible type ('type confusion') in Composite Image File System Driver allows an authorized attacker to disclose information locally.
CVE-2026-50381
Baja
Windows
CVE-2026-50300 Windows DWM Core Library Information Disclosure Vulnerability
Integer underflow (wrap or wraparound) in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-50300
Baja
Windows
CVE-2026-50303 Windows Key Guard Security Feature Bypass Vulnerability
Use of a cryptographic primitive with a risky implementation in Windows Key Guard allows an authorized attacker to bypass a security feature locally.
CVE-2026-50303
Baja
Windows Server
CVE-2026-50364 Windows Backup Service Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Windows Server Backup allows an authorized attacker to elevate privileges locally.
CVE-2026-50364
Baja
Windows
CVE-2026-50302 Windows Cryptographic Services Security Feature Bypass Vulnerability
Improper certificate validation in Windows Cryptographic Services allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-50302
Baja
Windows
CVE-2026-50332 Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50332
Baja
Windows
CVE-2026-50372 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
Buffer over-read in Windows Redirected Drive Buffering allows an authorized attacker to elevate privileges locally.
CVE-2026-50372
Baja
Microsoft
CVE-2026-50305 Microsoft Brokering File System Elevation of Privilege Vulnerability
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-50305
Baja
Windows
CVE-2026-50329 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50329
Baja
Windows
CVE-2026-50363 Windows Push Notifications Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-50363
Baja
Windows
CVE-2026-50392 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Use after free in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
CVE-2026-50392
Baja
Windows
CVE-2026-50304 Windows Active Directory Federation Services Denial of Service Vulnerability
Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.
CVE-2026-50304
Baja
Windows Server
CVE-2026-50328 Windows Server Update Service (WSUS) Tampering Vulnerability
Uncaught exception in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
CVE-2026-50328
Baja
Windows
CVE-2026-50306 Windows TCP/IP Elevation of Privilege Vulnerability
Use after free in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-50306
Baja
Windows
CVE-2026-50360 Windows SMB Server Elevation of Privilege Vulnerability
Incorrect implementation of authentication algorithm in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-50360
Baja
Windows
CVE-2026-50393 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-50393
Baja
Windows
CVE-2026-50412 Windows NTFS Elevation of Privilege Vulnerability
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-50412
Baja
Windows
CVE-2026-50337 Windows Notification Elevation of Privilege Vulnerability
Incorrect type conversion or cast in Windows Notification allows an authorized attacker to elevate privileges locally.
CVE-2026-50337
Baja
Windows
CVE-2026-50386 Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50386
Baja
Windows
CVE-2026-50400 Windows App Package Installer Elevation of Privilege Vulnerability
Stack-based buffer overflow in Windows App Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-50400
Baja
Windows
CVE-2026-50309 Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-50309
Baja
Windows
CVE-2026-50419 Windows Kernel Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-50419
Baja
Windows
CVE-2026-50368 Windows Active Directory Federation Services Denial of Service Vulnerability
Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.
CVE-2026-50368
Baja
Windows
CVE-2026-50307 Windows TCP/IP Elevation of Privilege Vulnerability
Use after free in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-50307
Baja
Windows
CVE-2026-50326 Windows Unified Consent System Elevation of Privilege Vulnerability
Use after free in Windows Unified Consent System allows an authorized attacker to elevate privileges locally.
CVE-2026-50326
Baja
Windows
CVE-2026-50313 Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50313
Baja
Windows
CVE-2026-50440 Windows Audio Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Audio Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50440
Baja
Windows
CVE-2026-50380 Windows GDI+ Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
CVE-2026-50380
Media
Windows
CVE-2026-50327 Windows Media Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
CVE-2026-50327
Baja
Windows
CVE-2026-50341 Windows NTFS Information Disclosure Vulnerability
Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally.
CVE-2026-50341
Baja
Windows
CVE-2026-50407 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-50407
Baja
Windows
CVE-2026-50331 Windows Application Model Core API Elevation of Privilege Vulnerability
Use after free in Windows Application Model allows an authorized attacker to elevate privileges locally.
CVE-2026-50331
Baja
Microsoft
CVE-2026-50343 Microsoft Install Service Elevation of Privilege Vulnerability
Improper privilege management in Microsoft Install Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50343
Baja
Windows
CVE-2026-50396 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-50396
Baja
Windows
CVE-2026-50370 DHCP Server Service Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-50370
Baja
Windows
CVE-2026-50347 Windows Data.dll Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Data dll allows an unauthorized attacker to execute code locally.
CVE-2026-50347
Baja
Windows
CVE-2026-50321 Windows USB Driver Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-50321
Baja
Windows
CVE-2026-50425 Windows Internal System User Profile Elevation of Privilege Vulnerability
Use after free in Windows Internal System User Profile allows an authorized attacker to elevate privileges locally.
CVE-2026-50425
Sin clasificar
Windows
CVE-2026-50315 Windows Image Acquisition Elevation of Privilege Vulnerability
Information published.
CVE-2026-50315
Baja
Windows
CVE-2026-50434 Windows Push Notification Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-50434
Baja
Windows
CVE-2026-50339 Windows Push Notification Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-50339
Baja
Windows
CVE-2026-50430 Windows Push Notification Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-50430
Baja
Windows
CVE-2026-50310 Windows Human Interface Device Information Disclosure Vulnerability
Integer overflow or wraparound in Windows Devices Human Interface allows an authorized attacker to disclose information locally.
CVE-2026-50310
Baja
Windows
CVE-2026-50324 Windows Active Directory Federation Services Denial of Service Vulnerability
Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.
CVE-2026-50324
Baja
Windows
CVE-2026-50312 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-50312
Baja
Windows
CVE-2026-50330 Windows Remote Desktop Client Elevation of Privilege Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-50330
Baja
Windows
CVE-2026-50357 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Numeric truncation error in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.
CVE-2026-50357
Baja
Windows
CVE-2026-50377 Windows Kernel Elevation of Privilege Vulnerability
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50377
Baja
Windows
CVE-2026-50390 Windows Kernel Elevation of Privilege Vulnerability
Access of resource using incompatible type ('type confusion') in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50390
Baja
Windows
CVE-2026-50452 Windows Runtime Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-50452
Baja
Windows
CVE-2026-50348 Windows Runtime Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-50348
Baja
Windows
CVE-2026-50345 Windows Runtime Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50345
Baja
Windows
CVE-2026-50322 Windows Runtime Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50322
Baja
Windows
CVE-2026-50335 Windows Operating Systems Elevation of Privilege Vulnerability
Improper access control in Windows Operating Systems allows an authorized attacker to elevate privileges locally.
CVE-2026-50335
Baja
Windows
CVE-2026-50375 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2026-50375
Baja
Microsoft
CVE-2026-50361 Microsoft Brokering File System Elevation of Privilege Vulnerability
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-50361
Baja
Windows
CVE-2026-50317 Windows Operating Systems Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Operating Systems allows an authorized attacker to elevate privileges locally.
CVE-2026-50317
Baja
Windows
CVE-2026-50340 Windows Runtime Elevation of Privilege Vulnerability
Use after free in Windows Runtime allows an authorized attacker to elevate privileges over a network.
CVE-2026-50340
Media
Windows
CVE-2026-50404 Windows Media Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2026-50404
Sin clasificar
Windows
CVE-2026-50366 Windows Active Directory Domain Services Denial of Service Vulnerability
Information published.
CVE-2026-50366
Baja
Windows
CVE-2026-50416 Win32k Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.
CVE-2026-50416
Media
Windows
CVE-2026-50358 Windows Media Elevation of Privilege Vulnerability
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2026-50358
Baja
Windows
CVE-2026-50355 Windows Active Directory Federation Services Denial of Service Vulnerability
Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.
CVE-2026-50355
Baja
Windows
CVE-2026-50428 Windows Container Isolation FS Filter Driver (unionfs.sys) Information Disclosure Vulnerability
Out-of-bounds read in Windows Container Isolation FS Filter Driver (unionfs.sys) allows an authorized attacker to disclose information locally.
CVE-2026-50428
Baja
Windows
CVE-2026-50373 Windows Search Service Elevation of Privilege Vulnerability
Improper access control in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2026-50373
Baja
Windows
CVE-2026-50353 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2026-50353
Baja
Windows
CVE-2026-50388 Windows NTFS Remote Code Execution Vulnerability
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50388
Baja
Windows
CVE-2026-50410 Windows Runtime Elevation of Privilege Vulnerability
Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50410
Baja
Windows
CVE-2026-50449 Windows Runtime Elevation of Privilege Vulnerability
Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50449
Baja
Windows
CVE-2026-50371 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows LUAFV allows an authorized attacker to elevate privileges locally.
CVE-2026-50371
Media
Windows
CVE-2026-50336 Windows Media Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2026-50336
Media
Windows
CVE-2026-50398 Windows Media Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network.
CVE-2026-50398
Media
Windows
CVE-2026-50414 Windows Media Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network.
CVE-2026-50414
Media
Windows
CVE-2026-50379 Windows Media Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network.
CVE-2026-50379
Baja
Windows
CVE-2026-50463 Windows Kernel Information Disclosure Vulnerability
Out-of-bounds read in Windows Kernel allows an unauthorized attacker to disclose information over a network.
CVE-2026-50463
Baja
Windows
CVE-2026-50460 Windows Runtime Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-50460
Baja
Windows
CVE-2026-50403 Windows Runtime Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50403
Media
Windows
CVE-2026-50433 Windows Media Elevation of Privilege Vulnerability
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2026-50433
Baja
Windows
CVE-2026-50391 Windows Group Policy Elevation of Privilege Vulnerability
Improper privilege management in Windows Group Policy allows an authorized attacker to elevate privileges locally.
CVE-2026-50391
Baja
Windows
CVE-2026-50418 Windows System Secure Feature Bypass Vulnerability
Improper access control in Windows System allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-50418
Baja
Windows
CVE-2026-50423 Windows Kernel Elevation of Privilege Vulnerability
Improper access control in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50423
Baja
Windows
CVE-2026-50378 Windows Key Guard Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Key Guard allows an authorized attacker to elevate privileges locally.
CVE-2026-50378
Baja
Windows
CVE-2026-50401 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.
CVE-2026-50401
Baja
Microsoft
CVE-2026-50346 Netlogon RPC Elevation of Privilege Vulnerability
Improper authorization in RPC Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50346
Baja
Windows
CVE-2026-50376 Windows Remote Desktop Client Information Disclosure Vulnerability
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-50376
Baja
Windows
CVE-2026-50397 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50397
Baja
Windows
CVE-2026-50405 Windows Filtering Platform Elevation of Privilege Vulnerability
Insufficient granularity of access control in Windows Filtering Platform (WFP) allows an authorized attacker to elevate privileges locally.
CVE-2026-50405
Baja
Windows
CVE-2026-50448 Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50448
Baja
Windows
CVE-2026-50387 Windows GDI Elevation of Privilege Vulnerability
Stack-based buffer overflow in Windows GDI allows an authorized attacker to elevate privileges locally.
CVE-2026-50387
Baja
Windows
CVE-2026-50334 Windows Push Notification Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Notification allows an authorized attacker to disclose information locally.
CVE-2026-50334
Baja
Windows
CVE-2026-50445 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-50445
Baja
Windows
CVE-2026-50344 Windows OLE Elevation of Privilege Vulnerability
Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally.
CVE-2026-50344
Baja
Windows
CVE-2026-50352 Windows Cryptographic Services Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVE-2026-50352
Baja
Windows
CVE-2026-50382 DirectX Graphics Kernel Remote Code Execution Vulnerability
Untrusted pointer dereference in Windows DirectX allows an authorized attacker to execute code locally.
CVE-2026-50382
Baja
Windows
CVE-2026-50436 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50436
Baja
Windows
CVE-2026-50437 Windows DWM Core Library Information Disclosure Vulnerability
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-50437
Baja
Windows
CVE-2026-50471 Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50471
Baja
Windows
CVE-2026-50369 Windows Remote Desktop Services Elevation of Privilege Vulnerability
Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges over a network.
CVE-2026-50369
Baja
Windows
CVE-2026-50469 Windows Projected File System Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-50469
Baja
Windows
CVE-2026-50454 Windows User Interface Core Elevation of Privilege Vulnerability
Relative path traversal in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-50454
Baja
Windows
CVE-2026-50365 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability
Improper authentication in Windows RPC API allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-50365
Baja
Windows
CVE-2026-50426 Windows DNS Server Remote Code Execution Vulnerability
Relative path traversal in DNS Server allows an authorized attacker to execute code over an adjacent network.
CVE-2026-50426
Baja
Windows
CVE-2026-50385 Windows Runtime Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50385
Baja
Windows
CVE-2026-50413 Windows Runtime Elevation of Privilege Vulnerability
Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50413
Baja
Microsoft
CVE-2026-50427 Content Delivery Manager Elevation of Privilege Vulnerability
Use after free in Content Delivery Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-50427
Baja
Windows
CVE-2026-50422 Windows NTFS Elevation of Privilege Vulnerability
Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-50422
Baja
Windows
CVE-2026-50421 Windows Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
Access of resource using incompatible type ('type confusion') in Windows Connected User Experiences and Telemetry allows an authorized attacker to elevate privileges locally.
CVE-2026-50421
Baja
Windows
CVE-2026-50374 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges with a physical attack.
CVE-2026-50374
Baja
Windows
CVE-2026-50367 Windows Sensor Data Service Elevation of Privilege Vulnerability
Incorrect access of indexable resource ('range error') in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50367
Baja
Windows
CVE-2026-50383 Windows Print Spooler Information Disclosure Vulnerability
Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.
CVE-2026-50383
Crítica
Windows
CVE-2026-50451 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
Missing authentication for critical function in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
CVE-2026-50451
Baja
Microsoft
CVE-2026-50455 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
Use of uninitialized resource in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVE-2026-50455
Baja
Windows
CVE-2026-50466 Microsoft Brokering File System Elevation of Privilege Vulnerability
Use after free in Windows Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-50466
Baja
Windows
CVE-2026-50402 NTFS Elevation of Privilege Vulnerability
Incorrect conversion between numeric types in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-50402
Baja
Windows
CVE-2026-50435 Windows Overlay Filter Elevation of Privilege Vulnerability
Buffer over-read in Windows Overlay Filter allows an authorized attacker to elevate privileges locally.
CVE-2026-50435
Baja
Windows
CVE-2026-50409 Windows Overlay Filter Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Overlay Filter allows an authorized attacker to disclose information locally.
CVE-2026-50409
Baja
Windows
CVE-2026-50441 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-50441
Baja
Windows
CVE-2026-50465 Windows DNS Client Tampering Vulnerability
Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.
CVE-2026-50465
Baja
Microsoft
CVE-2026-50439 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability
Use after free in Microsoft Message Queuing Queue Manager allows an unauthorized attacker to execute code over a network.
CVE-2026-50439
Baja
Windows
CVE-2026-50462 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-50462
Baja
Windows
CVE-2026-50457 Windows Runtime Elevation of Privilege Vulnerability
Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50457
Baja
Windows
CVE-2026-50473 Windows File Explorer Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-50473
Baja
Windows
CVE-2026-50442 Windows File Explorer Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-50442
Baja
Windows
CVE-2026-50389 Windows File Explorer Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-50389
Baja
Windows
CVE-2026-50456 Windows File Explorer Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-50456
Baja
Windows
CVE-2026-50432 Window Virtual Filtering Platform (VFP) Denial of Service Vulnerability
Use after free in Windows Virtual Filtering Platform (VFP) allows an authorized attacker to deny service over a network.
CVE-2026-50432
Baja
Windows
CVE-2026-50399 Windows Kernel Elevation of Privilege Vulnerability
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50399
Baja
Windows
CVE-2026-50461 Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50461
Sin clasificar
Windows
CVE-2026-50431 Windows Quality of Service (QoS) Packet Scheduler Information Disclosure Vulnerability
Information published.
CVE-2026-50431
Baja
Windows
CVE-2026-50453 Windows USB Audio Class Driver Information Disclosure Vulnerability
Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.
CVE-2026-50453
Baja
Windows
CVE-2026-50417 Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-50417
Baja
Windows
CVE-2026-50447 Windows Message Queuing Service (MSMQ) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over a network.
CVE-2026-50447
Baja
Microsoft
CVE-2026-50438 Microsoft PC Manager Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-50438
Baja
Windows
CVE-2026-50420 HTTP.sys Information Disclosure Vulnerability
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to disclose information locally.
CVE-2026-50420
Baja
Windows
CVE-2026-50362 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally.
CVE-2026-50362
Baja
Microsoft
CVE-2026-50474 Remote Desktop Client Remote Code Execution Vulnerability
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-50474
Baja
Windows
CVE-2026-50411 Windows Active Directory Federation Services Denial of Service Vulnerability
Stack-based buffer overflow in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.
CVE-2026-50411
Crítica
Windows Server
CVE-2026-50444 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
Missing authentication for critical function in Windows Server Update Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-50444
Media
Windows
CVE-2026-50394 Windows Media Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.
CVE-2026-50394
Media
Windows
CVE-2026-50415 Windows Media Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Media allows an unauthorized attacker to disclose information over a network.
CVE-2026-50415
Baja
Microsoft
CVE-2026-50458 Microsoft Brokering File System Elevation of Privilege Vulnerability
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-50458
Baja
Windows
CVE-2026-50475 Windows Kernel Information Disclosure Vulnerability
Buffer over-read in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-50475
Baja
Windows
CVE-2026-50476 Windows Network Connections Service Elevation of Privilege Vulnerability
Use after free in Microsoft Windows allows an authorized attacker to elevate privileges locally.
CVE-2026-50476
Baja
Windows
CVE-2026-50429 Windows Kernel Information Disclosure Vulnerability
Out-of-bounds read in Windows Kernel allows an unauthorized attacker to disclose information over a network.
CVE-2026-50429
Baja
Windows
CVE-2026-50450 Windows Network Connections Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Wide Area Network Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50450
Baja
Windows
CVE-2026-50424 Windows Domain Controller Denial of Service Vulnerability
Untrusted pointer dereference in Windows Domain Controller allows an unauthorized attacker to deny service over a network.
CVE-2026-50424
Baja
Windows
CVE-2026-50406 Windows Backup Engine Elevation of Privilege Vulnerability
Use after free in Windows Backup Engine allows an authorized attacker to elevate privileges locally.
CVE-2026-50406
Baja
Windows
CVE-2026-50470 Windows Network Policy Server SNMP Information Disclosure Vulnerability
Out-of-bounds read in Windows Network Policy Server SNMP allows an unauthorized attacker to disclose information over a network.
CVE-2026-50470
Baja
Windows
CVE-2026-50459 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
CVE-2026-50459
Baja
Windows
CVE-2026-50477 Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50477
Baja
Windows
CVE-2026-50478 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50478
Baja
Windows
CVE-2026-50479 Windows USB Hub Driver Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows USB Hub Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-50479
Baja
Windows
CVE-2026-50480 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate privileges locally.
CVE-2026-50480
Baja
Windows
CVE-2026-50482 Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-50482
Baja
Windows
CVE-2026-50495 DNS Client Tampering Vulnerability
Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.
CVE-2026-50495
Baja
Windows
CVE-2026-50483 Windows Graphics Component Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information locally.
CVE-2026-50483
Baja
Windows
CVE-2026-50484 Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50484
Baja
Windows
CVE-2026-50493 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Use after free in Windows Graphics Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50493
Baja
Windows
CVE-2026-50502 Windows Event Logging Service Remote Code Execution Vulnerability
Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network.
CVE-2026-50502
Baja
Windows
CVE-2026-50485 Windows Hyper-V Denial of Service Vulnerability
Buffer over-read in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
CVE-2026-50485
Baja
Windows
CVE-2026-50486 Windows Runtime Elevation of Privilege Vulnerability
Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50486
Baja
Windows
CVE-2026-50487 Windows DNS Client Elevation of Privilege Vulnerability
Use after free in Microsoft Windows DNS allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-50487
Baja
Windows
CVE-2026-50488 Clipboard User Service Elevation of Privilege Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Windows Clipboard User Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50488
Baja
Windows
CVE-2026-50500 Windows Netlogon Elevation of Privilege Vulnerability
Use after free in Windows Netlogon allows an authorized attacker to elevate privileges over a network.
CVE-2026-50500
Baja
Windows
CVE-2026-50499 Windows Print Spooler Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-50499
Baja
Windows
CVE-2026-50489 Win32k Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-50489
Baja
Windows
CVE-2026-50494 Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-50494
Baja
Windows
CVE-2026-50490 Windows Installer Elevation of Privilege Vulnerability
Use after free in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-50490
Sin clasificar
Windows
CVE-2026-50498 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
Information published.
CVE-2026-50498
Baja
Windows
CVE-2026-50505 Windows Message Queuing Service (MSMQ) Remote Code Execution Vulnerability
Use after free in Windows Message Queuing allows an authorized attacker to execute code over a network.
CVE-2026-50505
Baja
Microsoft
CVE-2026-50491 Code Integrity DLL (ci.dll) Elevation of Privilege Vulnerability
Out-of-bounds read in Code Integrity DLL (ci.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-50491
Baja
Windows
CVE-2026-50492 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code with a physical attack.
CVE-2026-50492
Baja
Windows
CVE-2026-50501 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Stack-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally.
CVE-2026-50501
Baja
Windows
CVE-2026-50503 Windows Runtime Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50503
Baja
Windows
CVE-2026-50497 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Off-by-one error in Windows Remote Desktop Protocol allows an unauthorized attacker to disclose information over a network.
CVE-2026-50497
Baja
Windows
CVE-2026-50496 Windows Network Policy Server SNMP Information Disclosure Vulnerability
Out-of-bounds read in Windows Network Policy Server SNMP allows an unauthorized attacker to disclose information over a network.
CVE-2026-50496
Baja
Windows
CVE-2026-50504 Windows Remote Desktop Client Information Disclosure Vulnerability
Buffer over-read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
CVE-2026-50504
Baja
SQL Server
CVE-2026-47295 Microsoft SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-47295
Baja
Windows
CVE-2026-50509 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
Deserialization of untrusted data in Windows Wireless Wide Area Network Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50509
Baja
Microsoft
CVE-2026-50510 GitHub Copilot Remote Code Execution Vulnerability
Improper restriction of names for files and other resources in Github Copilot allows an unauthorized attacker to execute code locally.
CVE-2026-50510
Baja
Windows
CVE-2026-50518 Windows DHCP Server Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network.
CVE-2026-50518
Baja
Microsoft
CVE-2026-50525 .NET Denial of Service Vulnerability
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-50525
Baja
Microsoft
CVE-2026-50526 .NET Tampering Vulnerability
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.
CVE-2026-50526
Baja
Microsoft
CVE-2026-50527 .NET Framework Denial of Service Vulnerability
Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50527
Baja
Microsoft
CVE-2026-50528 .NET Security Feature Bypass Vulnerability
Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-50528
Baja
Microsoft
CVE-2026-50646 .NET Framework Remote Code Execution Vulnerability
Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.
CVE-2026-50646
Baja
Microsoft
CVE-2026-50647 Active Directory Federation Server Denial of Service Vulnerability
Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.
CVE-2026-50647
Baja
Microsoft
CVE-2026-50648 .NET Framework Denial of Service Vulnerability
Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50648
Baja
Microsoft
CVE-2026-50649 .NET Remote Code Execution Vulnerability
Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
CVE-2026-50649
Baja
Microsoft
CVE-2026-50650 .NET Framework Elevation of Privilege Vulnerability
Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.
CVE-2026-50650
Baja
Microsoft
CVE-2026-50651 .NET Denial of Service Vulnerability
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-50651
Media
Windows
CVE-2026-50655 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-50655
Baja
Defender
CVE-2026-50657 Microsoft Defender for Endpoint for Mac Information Disclosure Vulnerability
Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to disclose information locally.
CVE-2026-50657
Baja
Defender
CVE-2026-50658 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
Time-of-check time-of-use (toctou) race condition in Microsoft Defender allows an authorized attacker to elevate privileges locally.
CVE-2026-50658
Baja
Microsoft
CVE-2026-50659 .NET Spoofing Vulnerability
Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.
CVE-2026-50659
Baja
Windows
CVE-2026-50661 Windows BitLocker Security Feature Bypass Vulnerability
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-50661
Baja
Windows
CVE-2026-50666 Windows Remote Access Elevation of Privilege Vulnerability
Use after free in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges over a network.
CVE-2026-50666
Baja
Windows
CVE-2026-50667 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-50667
Baja
Windows
CVE-2026-50668 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-50668
Baja
Windows
CVE-2026-50669 Windows Telephony Server Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-50669
Baja
Windows
CVE-2026-50670 Windows Win32k Elevation of Privilege Vulnerability
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50670
Baja
Windows
CVE-2026-50672 Windows NTFS Elevation of Privilege Vulnerability
Use after free in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-50672
Sin clasificar
Windows
CVE-2026-50673 Windows Kernel Elevation of Privilege Vulnerability
Information published.
CVE-2026-50673
Baja
Windows
CVE-2026-50674 Windows USB Print Driver Elevation of Privilege Vulnerability
Use after free in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-50674
Media
Windows
CVE-2026-50676 Windows Media Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2026-50676
Media
Windows
CVE-2026-50677 Windows Media Elevation of Privilege Vulnerability
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2026-50677
Baja
Windows
CVE-2026-54115 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Active Directory allows an authorized attacker to elevate privileges locally.
CVE-2026-54115
Baja
Microsoft
CVE-2026-50684 Active Directory Federation Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Active Directory Federation Services (AD FS) allows an authorized attacker to perform spoofing over a network.
CVE-2026-50684
Baja
Windows
CVE-2026-50679 Windows Search Service Elevation of Privilege Vulnerability
Heap-based buffer overflow in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2026-50679
Baja
Windows
CVE-2026-50688 Windows Win32k Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50688
Baja
Windows
CVE-2026-50680 Windows Hyper-V Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2026-50680
Baja
Windows
CVE-2026-50681 Windows Secure Channel Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVE-2026-50681
Baja
Microsoft
CVE-2026-54121 Active Directory Certificate Services Elevation of Privilege Vulnerability
Improper authorization in Active Directory Certificate Services (AD CS) allows an authorized attacker to elevate privileges over a network.
CVE-2026-54121
Baja
Windows
CVE-2026-50682 Active Directory Denial of Service Vulnerability
Out-of-bounds read in Windows Active Directory allows an authorized attacker to deny service over a network.
CVE-2026-50682
Baja
Windows
CVE-2026-50685 Windows DHCP Server Remote Code Execution Vulnerability
Double free in Windows DHCP Server allows an authorized attacker to execute code over a network.
CVE-2026-50685
Baja
Windows
CVE-2026-50683 Windows DHCP Client Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-50683
Baja
Windows
CVE-2026-50687 Windows Win32k Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50687
Baja
Windows
CVE-2026-50686 Windows OLE Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Windows OLE allows an unauthorized attacker to execute code over a network.
CVE-2026-50686
Baja
Windows
CVE-2026-50689 Windows Clipboard Server Elevation of Privilege Vulnerability
Use after free in Windows Clipboard Server allows an authorized attacker to elevate privileges locally.
CVE-2026-50689
Baja
Windows
CVE-2026-54125 Windows Runtime Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-54125
Baja
Windows
CVE-2026-50690 Windows SMB Information Disclosure Vulnerability
Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.
CVE-2026-50690
Baja
Microsoft
CVE-2026-50692 Desktop Window Manager Elevation of Privilege Vulnerability
Heap-based buffer overflow in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-50692
Baja
Windows
CVE-2026-54128 Windows DHCP Client Remote Code Execution Vulnerability
Use after free in Windows DHCP Client allows an unauthorized attacker to execute code locally.
CVE-2026-54128
Baja
Windows
CVE-2026-54126 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-54126
Baja
Microsoft
CVE-2026-55010 Minecraft Bedrock Dedicated Server Remote Code Execution Vulnerability
Heap-based buffer overflow in Minecraft Bedrock Dedicated Server allows an unauthorized attacker to execute code over a network.
CVE-2026-55010
Baja
Microsoft Office
CVE-2026-47290 Microsoft Office Remote Code Execution Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-47290
Baja
Microsoft Office
CVE-2026-47642 Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-47642
Baja
Microsoft Office
CVE-2026-48580 Microsoft Excel Information Disclosure Vulnerability
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-48580
Baja
Microsoft Office
CVE-2026-50301 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-50301
Baja
Microsoft Office
CVE-2026-50314 Microsoft Office Remote Code Execution Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-50314
Baja
Microsoft Office
CVE-2026-50467 Microsoft Office Remote Code Execution Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-50467
Baja
Microsoft Office
CVE-2026-55017 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55017
Baja
Microsoft Office
CVE-2026-55016 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55016
Baja
Microsoft Office
CVE-2026-55024 Microsoft Excel Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55024
Baja
Microsoft Office
CVE-2026-50408 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-50408
Baja
Microsoft Office
CVE-2026-55019 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55019
Baja
Microsoft Office
CVE-2026-55018 Microsoft Office Remote Code Execution Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55018
Baja
Microsoft Office
CVE-2026-55046 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-55046
Baja
Microsoft Office
CVE-2026-55020 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55020
Baja
Microsoft Office
CVE-2026-55021 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55021
Baja
Microsoft Office
CVE-2026-55022 Microsoft Office Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55022
Baja
Microsoft Office
CVE-2026-55023 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55023
Baja
Microsoft Office
CVE-2026-55025 Microsoft Excel Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55025
Baja
Microsoft Office
CVE-2026-55030 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55030
Baja
Microsoft Office
CVE-2026-55125 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55125
Baja
Microsoft Office
CVE-2026-55031 Microsoft Excel Remote Code Execution Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55031
Baja
Microsoft Office
CVE-2026-55026 Microsoft Office Information Disclosure Vulnerability
Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55026
Baja
Microsoft Office
CVE-2026-55048 Microsoft Excel Remote Code Execution Vulnerability
Integer overflow or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55048
Baja
Microsoft Office
CVE-2026-55034 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55034
Baja
Microsoft Office
CVE-2026-55027 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55027
Baja
Microsoft Office
CVE-2026-55029 Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55029
Baja
Microsoft Office
CVE-2026-55028 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55028
Baja
Microsoft Office
CVE-2026-55047 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55047
Baja
Microsoft Office
CVE-2026-55039 Microsoft Excel Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55039
Baja
Microsoft Office
CVE-2026-55045 Microsoft Office Remote Code Execution Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55045
Baja
Microsoft Office
CVE-2026-55050 Microsoft Word Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-55050
Baja
Microsoft Office
CVE-2026-55049 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55049
Baja
Microsoft Office
CVE-2026-55032 Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55032
Baja
Microsoft Office
CVE-2026-55033 Microsoft Word Remote Code Execution Vulnerability
Integer overflow or wraparound in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55033
Baja
Microsoft Office
CVE-2026-55041 Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55041
Baja
Microsoft Office
CVE-2026-55138 Microsoft Excel Information Disclosure Vulnerability
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-55138
Baja
Microsoft Office
CVE-2026-55124 Microsoft Word Information Disclosure Vulnerability
Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-55124
Baja
Microsoft Office
CVE-2026-55127 Microsoft Word Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55127
Baja
Microsoft Office
CVE-2026-55136 Microsoft Excel Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55136
Baja
Microsoft Office
CVE-2026-55141 Microsoft Excel Remote Code Execution Vulnerability
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55141
Baja
Microsoft Office
CVE-2026-55129 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55129
Baja
Microsoft Office
CVE-2026-55035 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55035
Baja
Microsoft Office
CVE-2026-55036 Microsoft Excel Remote Code Execution Vulnerability
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55036
Baja
Microsoft Office
CVE-2026-55044 Microsoft Excel Remote Code Execution Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55044
Baja
Microsoft Office
CVE-2026-55055 Microsoft Word Remote Code Execution Vulnerability
Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55055
Baja
Microsoft Office
CVE-2026-55054 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-55054
Baja
Microsoft Office
CVE-2026-55037 Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55037
Baja
Microsoft Office
CVE-2026-55058 Microsoft Excel Remote Code Execution Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55058
Baja
Microsoft Office
CVE-2026-55038 Microsoft Word Remote Code Execution Vulnerability
Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55038
Baja
Microsoft Office
CVE-2026-55132 Microsoft Word Remote Code Execution Vulnerability
Double free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55132
Baja
Microsoft Office
CVE-2026-55137 Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55137
Baja
Microsoft Office
CVE-2026-55053 Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55053
Baja
Microsoft Office
CVE-2026-55122 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-55122
Baja
Microsoft Office
CVE-2026-55057 Microsoft Office Information Disclosure Vulnerability
Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55057
Baja
Microsoft Office
CVE-2026-55131 Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55131
Baja
Microsoft Office
CVE-2026-55126 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55126
Baja
Microsoft Office
CVE-2026-55051 Microsoft SharePoint Server Information Disclosure Vulnerability
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
CVE-2026-55051
Baja
Microsoft Office
CVE-2026-55134 Microsoft Word Remote Code Execution Vulnerability
Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55134
Baja
Microsoft Office
CVE-2026-55056 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55056
Baja
Microsoft Office
CVE-2026-55040 Microsoft SharePoint Server Security Feature Bypass Vulnerability
Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-55040
Baja
Microsoft Office
CVE-2026-55142 Microsoft Word Information Disclosure Vulnerability
Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-55142
Baja
Microsoft Office
CVE-2026-55140 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55140
Baja
Microsoft Office
CVE-2026-55128 Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55128
Baja
Microsoft Office
CVE-2026-55130 Microsoft Word Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55130
Baja
Microsoft Office
CVE-2026-55042 Microsoft Office Information Disclosure Vulnerability
Use of uninitialized resource in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55042
Baja
Microsoft Office
CVE-2026-55139 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55139
Baja
Microsoft Office
CVE-2026-55043 Microsoft PowerPoint Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-55043
Baja
Microsoft Office
CVE-2026-55133 Microsoft OneNote Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office OneNote allows an unauthorized attacker to execute code locally.
CVE-2026-55133
Baja
Microsoft Office
CVE-2026-55123 Microsoft PowerPoint Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-55123
Baja
Microsoft Office
CVE-2026-55120 Microsoft PowerPoint Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-55120
Baja
Microsoft Office
CVE-2026-55052 Microsoft SharePoint Elevation of Privilege Vulnerability
Missing authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2026-55052
Baja
Microsoft Office
CVE-2026-55135 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-55135
Baja
SQL Server
CVE-2026-50468 Microsoft SQL Server Information Disclosure Vulnerability
Buffer over-read in SQL Server allows an authorized attacker to disclose information over a network.
CVE-2026-50468
Baja
SQL Server
CVE-2026-54116 Microsoft SQL Server Information Disclosure Vulnerability
Access of resource using incompatible type ('type confusion') in SQL Server allows an authorized attacker to disclose information over a network.
CVE-2026-54116
Baja
Microsoft
CVE-2026-55145 Outlook Copilot Tampering Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Outlook Copilot allows an authorized attacker to perform tampering over a network.
CVE-2026-55145
Baja
Microsoft Office
CVE-2026-54131 Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-54131
Baja
Microsoft Office
CVE-2026-55898 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-55898
Baja
Dynamics
CVE-2026-55944 Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Dynamics NAV allows an unauthorized attacker to execute code over a network.
CVE-2026-55944
Baja
Microsoft Office
CVE-2026-55947 Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55947
Baja
Microsoft Office
CVE-2026-55949 Microsoft Excel Remote Code Execution Vulnerability
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55949
Baja
Microsoft Office
CVE-2026-56156 Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-56156
Baja
Microsoft Office
CVE-2026-56157 Microsoft SharePoint Server Spoofing Vulnerability
Improper access control in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-56157
Baja
Visual Studio
CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-41109
Baja
Windows
CVE-2026-56159 DHCP Server Service Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network.
CVE-2026-56159
Baja
Microsoft
CVE-2026-50359 Microsoft XML Core Services Elevation of Privilege Vulnerability
Use after free in Microsoft XML Core Services allows an authorized attacker to elevate privileges locally.
CVE-2026-50359
Sin clasificar
Windows
CVE-2026-56168 Windows SMB Server Denial of Service Vulnerability
Information published.
CVE-2026-56168
Baja
Windows
CVE-2026-56173 Windows WebView Elevation of Privilege Vulnerability
Use after free in Windows WebView allows an authorized attacker to elevate privileges locally.
CVE-2026-56173
Baja
Windows
CVE-2026-56176 Windows Win32k Elevation of Privilege Vulnerability
Out-of-bounds read in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-56176
Baja
Windows
CVE-2026-56175 Windows NTFS Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-56175
Baja
Windows
CVE-2026-56182 Windows NTFS Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-56182
Baja
Windows
CVE-2026-56183 Windows MIDI Service Module Elevation of Privileges Vulnerability
Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally.
CVE-2026-56183
Baja
Windows
CVE-2026-56190 Remote Desktop Protocol Remote Code Execution Vulnerability
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to execute code over a network.
CVE-2026-56190
Baja
Windows
CVE-2026-56184 Win32k Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.
CVE-2026-56184
Baja
Windows
CVE-2026-56187 Windows MIDI Service Module Elevation of Privileges Vulnerability
Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally.
CVE-2026-56187
Baja
Windows
CVE-2026-56186 Windows Secure Channel Information Disclosure Vulnerability
Out-of-bounds read in Windows Schannel allows an authorized attacker to disclose information over a network.
CVE-2026-56186
Baja
Windows Server
CVE-2026-56188 Windows Server Network driver Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Network driver allows an unauthorized attacker to execute code over a network.
CVE-2026-56188
Media
Windows
CVE-2026-56189 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.
CVE-2026-56189
Baja
Microsoft Office
CVE-2026-50665 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-50665
Baja
Microsoft Office
CVE-2026-56192 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-56192
Baja
Microsoft Office
CVE-2026-56195 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-56195
Baja
Windows
CVE-2026-56196 Windows Admin Center (WAC) Remote Code Execution Vulnerability
Relative path traversal in Windows Admin Center allows an authorized attacker to execute code over a network.
CVE-2026-56196
Baja
Windows
CVE-2026-56197 Windows Admin Center (WAC) Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Windows Admin Center allows an authorized attacker to execute code over a network.
CVE-2026-56197
Baja
Defender
CVE-2026-56178 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2026-56178
Baja
Microsoft
CVE-2026-56642 Microsoft Fabric Data Warehouse Remote Code Execution Vulnerability
Stack-based buffer overflow in Microsoft Fabric Data Warehouse allows an authorized attacker to execute code over a network.
CVE-2026-56642
Baja
Windows
CVE-2026-56643 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-56643
Baja
Windows
CVE-2026-56644 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-56644
Baja
Windows
CVE-2026-54124 Windows Terminal Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code locally.
CVE-2026-54124
Baja
Windows
CVE-2026-56194 Windows NFS Server Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges over a network.
CVE-2026-56194
Baja
Windows
CVE-2026-56647 Windows Remote Access Service Infrastructure Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Remote Access Service Infrastructure allows an authorized attacker to elevate privileges over a network.
CVE-2026-56647
Baja
Windows
CVE-2026-56648 Windows NFS Server Elevation of Privilege Vulnerability
Time-of-check time-of-use (toctou) race condition in Windows Network File System allows an authorized attacker to elevate privileges over a network.
CVE-2026-56648
Baja
Windows
CVE-2026-56649 Windows Network File System Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.
CVE-2026-56649
Media
Windows
CVE-2026-57083 Windows Media Photo Codec Information Disclosure Vulnerability
Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.
CVE-2026-57083
Baja
Windows
CVE-2026-57084 Windows File Explorer Information Disclosure Vulnerability
Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally.
CVE-2026-57084
Baja
Windows
CVE-2026-56650 Windows Network File System Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges locally.
CVE-2026-56650
Baja
Windows
CVE-2026-57095 Win32k Elevation of Privilege Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally.
CVE-2026-57095
Media
Windows
CVE-2026-57090 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.
CVE-2026-57090
Media
Windows
CVE-2026-57094 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.
CVE-2026-57094
Baja
Windows
CVE-2026-57091 Windows File History Service Elevation of Privilege Vulnerability
Stack-based buffer overflow in Windows File History Service allows an authorized attacker to elevate privileges locally.
CVE-2026-57091
Baja
Windows
CVE-2026-57089 Windows SMB Server Network Transport Driver (srvnet.sys) Remote Code Execution Vulnerability
Use after free in Windows SMB Server Network Transport Driver (srvnet.sys) allows an unauthorized attacker to execute code over a network.
CVE-2026-57089
Baja
Windows
CVE-2026-57085 Windows Print Spooler Information Disclosure Vulnerability
Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.
CVE-2026-57085
Baja
Windows
CVE-2026-57092 Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a network.
CVE-2026-57092
Media
Windows
CVE-2026-57087 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.
CVE-2026-57087
Baja
Microsoft
CVE-2026-57088 Extensible Storage Engine (ESENT) Elevation of Privilege Vulnerability
Improper access control in Extensible Storage Engine (ESENT) allows an authorized attacker to elevate privileges locally.
CVE-2026-57088
Baja
Windows
CVE-2026-57093 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-57093
Baja
Windows
CVE-2026-57096 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
CVE-2026-57096
Baja
Visual Studio
CVE-2026-57101 Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-57101
Baja
Visual Studio
CVE-2026-57102 Visual Studio Code Security Feature Bypass Vulnerability
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-57102
Baja
Microsoft
CVE-2026-57108 .NET Denial of Service Vulnerability
Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-57108
Baja
Windows
CVE-2026-57968 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
Buffer over-read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2026-57968
Baja
Windows
CVE-2026-57973 Windows Subsystem for Linux (WSL2) Kernel Tampering Vulnerability
Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering locally.
CVE-2026-57973
Baja
Windows
CVE-2026-57982 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Use of uninitialized resource in Windows RDP allows an authorized attacker to disclose information over a network.
CVE-2026-57982
Baja
Microsoft Office
CVE-2026-58277 Microsoft SharePoint Elevation of Privilege Vulnerability
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2026-58277
Baja
Windows
CVE-2026-58527 Windows Runtime Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-58527
Baja
Windows
CVE-2026-58528 Windows USB Audio Class Driver Information Disclosure Vulnerability
Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.
CVE-2026-58528
Baja
Windows
CVE-2026-58530 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally.
CVE-2026-58530
Baja
Windows
CVE-2026-58538 Windows Bluetooth Service Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2026-58538
Baja
Windows
CVE-2026-58533 Windows Remote Desktop Client Information Disclosure Vulnerability
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-58533
Baja
Windows
CVE-2026-58535 Windows Remote Desktop Client Information Disclosure Vulnerability
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-58535
Baja
Windows
CVE-2026-58546 Windows Remote Desktop Client Information Disclosure Vulnerability
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-58546
Baja
Windows
CVE-2026-58539 Windows Remote Desktop Client Information Disclosure Vulnerability
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-58539
Baja
Windows
CVE-2026-58540 Windows Installer Elevation of Privilege Vulnerability
Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-58540
Baja
Windows
CVE-2026-58531 Windows SMB Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an authorized attacker to elevate privileges over a network.
CVE-2026-58531
Baja
Windows
CVE-2026-58532 Windows Kernel Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-58532
Baja
Microsoft
CVE-2026-58537 Microsoft NAT Helper Components (ipnathlp.dll) Elevation of Privilege Vulnerability
Use after free in Microsoft NAT Helper Components (ipnathlp.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-58537
Baja
Windows
CVE-2026-58534 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
Heap-based buffer overflow in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
CVE-2026-58534
Baja
Windows
CVE-2026-58536 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-58536
Baja
Windows
CVE-2026-58547 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-58547
Baja
Windows
CVE-2026-58545 Windows Kernel Security Feature Bypass Vulnerability
Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.
CVE-2026-58545
Baja
Windows
CVE-2026-58544 Windows Management Services Elevation of Privilege Vulnerability
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-58544
Media
Windows
CVE-2026-58542 Windows Media Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-58542
Baja
Windows
CVE-2026-58543 Universal Print Management Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack.
CVE-2026-58543
Baja
Windows
CVE-2026-58541 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Access of resource using incompatible type ('type confusion') in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2026-58541
Baja
Windows
CVE-2026-58594 Remote Desktop Client Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.
CVE-2026-58594
Baja
Visual Studio
CVE-2026-47305 Visual Studio Remote Code Execution Vulnerability
Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally.
CVE-2026-47305
Baja
Windows
CVE-2026-58613 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-58613
Baja
Microsoft 365
CVE-2026-58617 M365 Copilot for iOS Elevation of Privilege Vulnerability
Improper access control in Microsoft 365 Copilot for iOS allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-58617
Baja
Windows
CVE-2026-58619 Windows Sensor Data Service Elevation of Privilege Vulnerability
Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
CVE-2026-58619
Baja
Windows
CVE-2026-58626 Windows Remote Desktop Services Remote Code Execution Vulnerability
Use after free in Windows Remote Desktop Services allows an authorized attacker to execute code over a network.
CVE-2026-58626
Baja
Windows
CVE-2026-58627 Windows DHCP Server Denial of Service Vulnerability
Uncontrolled resource consumption in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
CVE-2026-58627
Baja
Windows
CVE-2026-58628 Windows Wireless Network Manager Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Networking allows an authorized attacker to elevate privileges locally.
CVE-2026-58628
Baja
Windows
CVE-2026-58629 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2026-58629
Baja
Windows
CVE-2026-58632 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-58632
Baja
Microsoft
CVE-2026-58633 Desktop Window Manager Elevation of Privilege Vulnerability
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-58633
Baja
Microsoft
CVE-2026-58634 Desktop Window Manager Elevation of Privilege Vulnerability
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-58634
Baja
Windows
CVE-2026-58637 Windows Client-Side Caching Elevation of Privilege Vulnerability
Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
CVE-2026-58637
Baja
Windows
CVE-2026-58638 Windows Boot Loader Security Feature Bypass Vulnerability
Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
CVE-2026-58638
Baja
Windows
CVE-2026-56181 Windows Network Address Translation (NAT) Spoofing Vulnerability
Origin validation error in Windows Network Address Translation (NAT) allows an unauthorized attacker to perform spoofing over an adjacent network.
CVE-2026-56181
Baja
Microsoft Office
CVE-2026-55121 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55121
Baja
Windows
CVE-2026-58529 Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability
Out-of-bounds read in Active Directory Federation Services (AD FS) allows an authorized attacker to disclose information over a network.
CVE-2026-58529
Baja
Exchange Server
CVE-2026-55008 Microsoft Exchange Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-55008
Sin clasificar
Microsoft
ADV990001 Latest Servicing Stack Updates
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
Sin clasificar
Exchange Server
CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability
Updated FAQ information. This is an informational change only.
CVE-2026-42897
Sin clasificar
Microsoft
CVE-2026-12480 Arbitrary HDF5 File Read via Virtual Dataset Bypass in keras-team/keras
Information published.
CVE-2026-12480
Baja
Microsoft
CVE-2026-40468 Heap buffer overflow in gawk
Information published.
CVE-2026-40468
Sin clasificar
Microsoft
CVE-2026-14461 Out-of-bound read in mtr
Information published.
CVE-2026-14461
Baja
Microsoft
CVE-2026-40553 Stack-based buffer overflow in gawk
Information published.
CVE-2026-40553
Baja
Microsoft
CVE-2026-40469 Heap buffer overflow in gawk
Information published.
CVE-2026-40469
Sin clasificar
Microsoft
CVE-2026-40467 Use after free in gawk
Information published.
CVE-2026-40467
Sin clasificar
Microsoft
CVE-2025-71072 shmem: fix recovery on rename failures
Information published.
CVE-2025-71072
Baja
Microsoft
CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.
Information published.
CVE-2022-4543
Sin clasificar
Microsoft
CVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW error
Information published.
CVE-2025-38096
Sin clasificar
Microsoft Edge
CVE-2026-45489 Microsoft Edge (Chromium-based) Spoofing Vulnerability
CWE added. Informational change only.
CVE-2026-45489
Baja
Microsoft
CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations
Information published.
CVE-2026-15308
Sin clasificar
Microsoft
CVE-2026-59871 node-tar: Process crash via PAX numeric path type confusion
Information published.
CVE-2026-59871
Sin clasificar
Microsoft
CVE-2026-59873 node-tar: Decompression/parse DoS via unlimited input
Information published.
CVE-2026-59873
Sin clasificar
Microsoft
CVE-2026-59874 node-tar: Negative tar entry size causes infinite loop in archive replace
Information published.
CVE-2026-59874
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14428 Insufficient validation of untrusted input in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14428
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13777 Insufficient validation of untrusted input in iOSWeb
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13777
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13778 Use after free in WebUSB
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13778
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14394 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14394
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14396 Out of bounds read in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14396
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14395 Out of bounds write in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14395
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14397 Out of bounds write in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14397
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14398 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14398
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14399 Uninitialized Use in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14399
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14400 Out of bounds write in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14400
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14401 Insufficient validation of untrusted input in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14401
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14402 Uninitialized Use in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14402
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14403 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14403
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14405 Uninitialized Use in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14405
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14404 Inappropriate implementation in PDFium
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14404
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14406 Out of bounds read in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14406
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14410 Inappropriate implementation in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14410
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14407 Inappropriate implementation in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14407
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14409 Inappropriate implementation in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14409
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14412 Insufficient validation of untrusted input in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14412
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14408 Uninitialized Use in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14408
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14411 Insufficient validation of untrusted input in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14411
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14413 Uninitialized Use in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14413
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14415 Inappropriate implementation in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14415
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14418 Uninitialized Use in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14418
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14417 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14417
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14416 Out of bounds read in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14416
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14419 Use after free in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14419
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14420 Out of bounds read and write in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14420
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14421 Uninitialized Use in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14421
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14422 Out of bounds read and write in Tint
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14422
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14423 Type Confusion in Tint
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14423
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14425 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14425
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14426 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14426
Baja
Microsoft Edge
Chromium: CVE-2026-14427 Heap buffer overflow in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14427
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14424 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14424
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14429 Insufficient validation of untrusted input in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14429
Baja
Microsoft Edge
Chromium: CVE-2026-14430 Integer overflow in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14430
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14432 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14432
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14431 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14431
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14414 Insufficient validation of untrusted input in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14414
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13785 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13785
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13788 Use after free in Fullscreen
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13788
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13791 Insufficient validation of untrusted input in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13791
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13807 Use after free in Import
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13807
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13795 Insufficient policy enforcement in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13795
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13792 Use after free in Touchbar
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13792
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13805 Use after free in GFX
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13805
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13808 Insufficient data validation in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13808
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13812 Insufficient validation of untrusted input in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13812
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13809 Side-channel information leakage in Safe Browsing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13809
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13813 Insufficient validation of untrusted input in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13813
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13816 Insufficient validation of untrusted input in File Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13816
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13822 Inappropriate implementation in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13822
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13819 Out of bounds read in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13819
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13825 Uninitialized Use in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13825
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13826 Inappropriate implementation in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13826
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13827 Use after free in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13827
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13842 Incorrect security UI in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13842
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13843 Insufficient validation of untrusted input in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13843
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13833 Uninitialized Use in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13833
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13846 Use after free in USB
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13846
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13847 Insufficient validation of untrusted input in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13847
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13850 Insufficient validation of untrusted input in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13850
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13851 Insufficient validation of untrusted input in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13851
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13856 Insufficient validation of untrusted input in Speech
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13856
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13852 Insufficient validation of untrusted input in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13852
Sin clasificar
Microsoft
CVE-2026-13862
CVE-2026-13862
CVE-2026-13862
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13863 Insufficient validation of untrusted input in CustomTabs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13863
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13866 Insufficient validation of untrusted input in Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13866
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13872 Insufficient validation of untrusted input in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13872
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13868 Inappropriate implementation in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13868
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13870 Use after free in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13870
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13878 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13878
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13885 Use after free in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13885
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13880 Use after free in USB
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13880
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13889 Insufficient validation of untrusted input in WebAuthentication
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13889
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13892 Inappropriate implementation in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13892
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13887 Insufficient policy enforcement in NFC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13887
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13902 Inappropriate implementation in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13902
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13904 Incorrect security UI in Safe Browsing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13904
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13905 Incorrect security UI in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13905
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13907 Inappropriate implementation in iOSWeb
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13907
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13908 Insufficient validation of untrusted input in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13908
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13910 Insufficient policy enforcement in WebXR
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13910
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13912 Incorrect security UI in Safe Browsing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13912
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13914 Inappropriate implementation in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13914
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13913 Insufficient policy enforcement in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13913
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13915 Use after free in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13915
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13916 Inappropriate implementation in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13916
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13917 Insufficient validation of untrusted input in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13917
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13918 Use after free in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13918
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13924 Insufficient validation of untrusted input in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13924
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13923 Uninitialized Use in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13923
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13926 Insufficient validation of untrusted input in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13926
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13927 Insufficient validation of untrusted input in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13927
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13932 Inappropriate implementation in Sharing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13932
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13929 Insufficient validation of untrusted input in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13929
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13936 Inappropriate implementation in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13936
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13939 Insufficient validation of untrusted input in WebShare
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13939
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13944 Inappropriate implementation in DataTransfer
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13944
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13943 Uninitialized Use in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13943
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13949 Insufficient policy enforcement in Payments
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13949
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13946 Inappropriate implementation in ScriptInjections
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13946
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13955 Insufficient validation of untrusted input in CustomTabs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13955
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13964 Insufficient policy enforcement in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13964
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13969 Uninitialized Use in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13969
Baja
Microsoft Edge
Chromium: CVE-2026-13974 Integer overflow in Safe Browsing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13974
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13975 Out of bounds read in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13975
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13980 Incorrect security UI in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13980
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13994 Inappropriate implementation in Credential Management
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13994
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13983 Incorrect security UI in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13983
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13981 Inappropriate implementation in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13981
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13991 Insufficient validation of untrusted input in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13991
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13992 Inappropriate implementation in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13992
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13987 Incorrect security UI in Mobile
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13987
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13997 Incorrect security UI in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13997
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13998 Incorrect security UI in File Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13998
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14028 Incorrect security UI in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14028
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13995 Insufficient validation of untrusted input in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13995
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14005 Use after free in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14005
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14066 Insufficient validation of untrusted input in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14066
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14067 Use after free in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14067
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14075 Policy bypass in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14075
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14099 Use after free in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14099
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14096 Object lifecycle issue in Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14096
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14101 Insufficient policy enforcement in Sandbox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14101
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14114 Inappropriate implementation in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14114
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14126 Incorrect security UI in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14126
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14123 Incorrect security UI in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14123
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14128 Insufficient data validation in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14128
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14382 Insufficient validation of untrusted input in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14382
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14136 Incorrect security UI in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14136
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14137 Insufficient validation of untrusted input in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14137
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14386 Out of bounds read in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14386
Baja
Microsoft Edge
Chromium: CVE-2026-14385 Heap buffer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14385
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14388 Out of bounds read in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14388
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14390 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14390
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14393 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14393
Baja
Microsoft Edge
Chromium: CVE-2026-14391 Integer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14391
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14392 Out of bounds write in Tint
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-14392
Baja
Microsoft Edge
CVE-2026-58281 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58281
Sin clasificar
Microsoft
CVE-2024-7598 Network restriction bypass via race condition during namespace termination
Information published.
CVE-2024-7598
Sin clasificar
Microsoft
CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop
Information published.
CVE-2026-54886
Sin clasificar
Microsoft
CVE-2026-56000 xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent()
Information published.
CVE-2026-56000
Sin clasificar
Microsoft
CVE-2026-54908 Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message
Information published.
CVE-2026-54908
Sin clasificar
Microsoft
CVE-2026-59856 Vim: Arbitrary Code Execution via PHP Omni-Completion
Information published.
CVE-2026-59856
Sin clasificar
Microsoft
CVE-2026-20214 ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability
Information published.
CVE-2026-20214
Sin clasificar
Microsoft
CVE-2026-20215 ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability
Information published.
CVE-2026-20215
Sin clasificar
Microsoft
CVE-2026-20216 ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability
Information published.
CVE-2026-20216
Sin clasificar
Microsoft
CVE-2026-20217 ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerability
Information published.
CVE-2026-20217
Sin clasificar
Microsoft
CVE-2026-20244 ClamAV DMG File Processing Denial of Service Vulnerability
Information published.
CVE-2026-20244
Sin clasificar
Windows
CVE-2026-59998 sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
Information published.
CVE-2026-59998
Sin clasificar
Microsoft
CVE-2026-14380 DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile
Information published.
CVE-2026-14380
Sin clasificar
Microsoft
CVE-2026-14740 DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment
Information published.
CVE-2026-14740
Sin clasificar
Microsoft
CVE-2026-59926 Mistune: XSS via unescaped class option in Admonition directive
Information published.
CVE-2026-59926
Sin clasificar
Microsoft
CVE-2026-59925 inline_parser: quadratic-time parsing on long runs of `**x**` and `***x***` emphasis pairs
Information published.
CVE-2026-59925
Baja
Microsoft
CVE-2026-59930 Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content
Information published.
CVE-2026-59930
Sin clasificar
Microsoft
CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+
Information published.
CVE-2026-59890
Baja
Microsoft
CVE-2026-58207 NATS Server: Remote crash via integer overflow in Connz pagination
Information published.
CVE-2026-58207
Sin clasificar
Microsoft
CVE-2026-58251 NATS Server: Queue Subscribe Authz Bypass
Information published.
CVE-2026-58251
Sin clasificar
Microsoft
CVE-2026-58208 NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled
Information published.
CVE-2026-58208
Sin clasificar
Microsoft
CVE-2026-58252 NATS Server: Subscribe Authz Bypass via Wildcard-Overlap
Information published.
CVE-2026-58252
Sin clasificar
Microsoft
CVE-2026-58209 NATS Server: MQTT retained and QoS replay bypass subscribe deny filters
Information published.
CVE-2026-58209
Sin clasificar
Microsoft
CVE-2026-58253 NATS Server: Route API Auth Bypass
Information published.
CVE-2026-58253
Sin clasificar
Microsoft
CVE-2026-20213 ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability
Information published.
CVE-2026-20213
Sin clasificar
Microsoft
CVE-2026-20243 ClamAV ALZ Archive Processing Denial of Service Vulnerability
Information published.
CVE-2026-20243
Sin clasificar
Microsoft
CVE-2026-14461 Out-of-bound read in mtr
Information published.
CVE-2026-14461
Baja
Microsoft
CVE-2026-14739 DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders
Information published.
CVE-2026-14739
Sin clasificar
Microsoft
CVE-2026-59928 Mistune block_parser: quadratic-time parsing on long lists of repeated reference-link definitions
Information published.
CVE-2026-59928
Sin clasificar
Microsoft
CVE-2026-59922 Mistune plugins/formatting: quadratic-time parsing on long runs of `~~x~~`, `==x==`, and `^^x^^` markers (strikethrough / mark / insert)
Information published.
CVE-2026-59922
Sin clasificar
Microsoft
CVE-2026-59869 js-yaml: YAML merge-key chains can force quadratic CPU consumption
Information published.
CVE-2026-59869
Sin clasificar
Microsoft
CVE-2026-58250 NATS Server: Pre-auth server crash via double INFO in leafnode handshake
Information published.
CVE-2026-58250
Sin clasificar
Microsoft
CVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directories
Information published.
CVE-2026-45571
Sin clasificar
Microsoft
CVE-2026-45570 go-git: Improper single-quote escaping in go-git SSH transport
Information published.
CVE-2026-45570
Sin clasificar
Microsoft
CVE-2026-56288 NULL Pointer Dereference in GNU patch
Information published.
CVE-2026-56288
Sin clasificar
Microsoft
CVE-2026-59818 etcd: gRPC client listener does not enforce `--client-crl-file` certificate revocation
Information published.
CVE-2026-59818
Sin clasificar
Microsoft
CVE-2026-56289 Loop with Unreachable Exit Condition in GNU patch
Information published.
CVE-2026-56289
Sin clasificar
Microsoft
CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Information published.
CVE-2025-61727
Sin clasificar
Microsoft
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Information published.
CVE-2025-58188
Sin clasificar
Microsoft
CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
Information published.
CVE-2025-61724
Sin clasificar
Microsoft
CVE-2025-23131 dlm: prevent NPD when writing a positive value to event_done
Information published.
CVE-2025-23131
Sin clasificar
Microsoft
CVE-2026-9545 exposing HTTP/3 early data
Information published.
CVE-2026-9545
Sin clasificar
Microsoft
CVE-2026-8932 incomplete mTLS config matching in conn reuse
Information published.
CVE-2026-8932
Sin clasificar
Microsoft
CVE-2026-9547 SSH improper host validation
Information published.
CVE-2026-9547
Sin clasificar
Microsoft
CVE-2026-8458 wrong reuse for different services
Information published.
CVE-2026-8458
Sin clasificar
Microsoft
CVE-2026-8924 trailing dot domain super cookie
Information published.
CVE-2026-8924
Sin clasificar
Microsoft
CVE-2026-10536 HTTP/2 stream-dependency tree UAF
Information published.
CVE-2026-10536
Sin clasificar
Microsoft
CVE-2026-11856 cross-origin Digest auth state leak
Information published.
CVE-2026-11856
Sin clasificar
Microsoft
CVE-2026-8286 wrong STARTTLS connection reuse
Information published.
CVE-2026-8286
Sin clasificar
Microsoft
CVE-2026-8926 password leak with netrc and user in URL
Information published.
CVE-2026-8926
Sin clasificar
Microsoft
CVE-2026-9080 UAF after pause in socket callback
Information published.
CVE-2026-9080
Sin clasificar
Microsoft
CVE-2026-8925 SASL double-free
Information published.
CVE-2026-8925
Sin clasificar
Microsoft
CVE-2026-53359 KVM: x86: Fix shadow paging use-after-free due to unexpected role
Information published.
CVE-2026-53359
Sin clasificar
Microsoft
CVE-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD
Information published.
CVE-2026-14355
Sin clasificar
Microsoft
CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension
Information published.
CVE-2026-55952
Alta
Microsoft
CVE-2026-59997 internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.
Information published.
CVE-2026-59997
Sin clasificar
Microsoft
CVE-2026-59996 scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.
Information published.
CVE-2026-59996
Sin clasificar
Microsoft
CVE-2026-59995 sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.
Information published.
CVE-2026-59995
Sin clasificar
Microsoft
CVE-2026-60001 sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
Information published.
CVE-2026-60001
Baja
Microsoft
CVE-2026-60000 sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication.
Information published.
CVE-2026-60000
Sin clasificar
Microsoft
CVE-2026-59999 In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.
Information published.
CVE-2026-59999
Sin clasificar
Microsoft
CVE-2026-60002 ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
Information published.
CVE-2026-60002
Baja
Microsoft
CVE-2026-56002 libXfont2 PCF Font Parsing Heap Buffer Overflow
Information published.
CVE-2026-56002
Sin clasificar
Microsoft
CVE-2026-56000 xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent()
Information published.
CVE-2026-56000
Sin clasificar
Microsoft
CVE-2026-38968 ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding session cookies under attacker-controlled timing.
Information published.
CVE-2026-38968
Sin clasificar
Microsoft
CVE-2026-38969 ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling.
Information published.
CVE-2026-38969
Sin clasificar
Microsoft
CVE-2026-54908 Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message
Information published.
CVE-2026-54908
Sin clasificar
Microsoft
CVE-2026-53354 arm64: errata: Mitigate TLBI errata on various Arm CPUs
Information published.
CVE-2026-53354
Sin clasificar
Microsoft
CVE-2026-53345 KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying
Information published.
CVE-2026-53345
Sin clasificar
Microsoft
CVE-2026-53332 slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd
Information published.
CVE-2026-53332
Sin clasificar
Microsoft
CVE-2026-53336 nvmem: layouts: onie-tlv: fix hang on unknown types
Information published.
CVE-2026-53336
Sin clasificar
Microsoft
CVE-2026-53327 debugobjects: Do not fill_pool() if pi_blocked_on
Information published.
CVE-2026-53327
Sin clasificar
Microsoft
CVE-2026-53339 i2c: qcom-cci: Fix NULL pointer dereference in cci_remove()
Information published.
CVE-2026-53339
Sin clasificar
Microsoft
CVE-2026-9079 stale proxy password leak
Information published.
CVE-2026-9079
Sin clasificar
Microsoft
CVE-2026-8927 env-set cross-proxy Digest auth state leak
Information published.
CVE-2026-8927
Sin clasificar
Microsoft
CVE-2026-12064 proto-default skips SSH verification
Information published.
CVE-2026-12064
Sin clasificar
Microsoft
CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl
Information published.
CVE-2026-54891
Baja
Microsoft
CVE-2026-56001 libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow
Information published.
CVE-2026-56001
Baja
Microsoft
CVE-2026-56003 libXfont2 computeProps Property Buffer Heap Buffer Overflow
Information published.
CVE-2026-56003
Baja
Microsoft
CVE-2026-55999 xorg-server / xwayland glamor font atlas Heap Buffer Overflow
Information published.
CVE-2026-55999
Sin clasificar
Microsoft
CVE-2026-14191 WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader
Information published.
CVE-2026-14191
Sin clasificar
Microsoft
CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements
Information published.
CVE-2026-23278
Sin clasificar
Microsoft
CVE-2026-43010 bpf: Reject sleepable kprobe_multi programs at attach time
Information published.
CVE-2026-43010
Sin clasificar
Microsoft
CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks
Information published.
CVE-2026-46054
Sin clasificar
Microsoft
CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown
Information published.
CVE-2026-46135
Sin clasificar
Microsoft
CVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAF
Information published.
CVE-2026-46242
Sin clasificar
Microsoft
CVE-2026-46140 Bluetooth: btmtk: validate WMT event SKB length before struct access
Information published.
CVE-2026-46140
Sin clasificar
Microsoft
CVE-2026-46252 regulator: core: fix locking in regulator_resolve_supply() error path
Information published.
CVE-2026-46252
Sin clasificar
Microsoft
CVE-2026-53269 netfilter: synproxy: add mutex to guard hook reference counting
Information published.
CVE-2026-53269
Sin clasificar
Microsoft
CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption
Information published.
CVE-2026-46331
Sin clasificar
Microsoft
CVE-2026-47241 Net::IMAP: Denial of Service via incomplete raw argument validation
Information published.
CVE-2026-47241
Sin clasificar
Microsoft
CVE-2026-53167 fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios
Information published.
CVE-2026-53167
Sin clasificar
Microsoft
CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length
Information published.
CVE-2026-58055
Sin clasificar
Microsoft
CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter
Information published.
CVE-2026-4360
Sin clasificar
Microsoft
CVE-2026-42980 NT OS Kernel Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-42980
Sin clasificar
Defender
CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability
Microsoft has released an update to the Microsoft Malware Protection Engine that addresses the vulnerability identified by CVE-2026-50656. Please see the FAQ for more information on how to check if the new version ha...
CVE-2026-50656
Baja
Microsoft Edge
CVE-2026-58525 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-58525
Sin clasificar
Windows
CVE-2026-45638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-45638
Sin clasificar
Microsoft
CVE-2026-9545 exposing HTTP/3 early data
Information published.
CVE-2026-9545
Sin clasificar
Microsoft
CVE-2026-8932 incomplete mTLS config matching in conn reuse
Information published.
CVE-2026-8932
Sin clasificar
Microsoft
CVE-2026-8458 wrong reuse for different services
Information published.
CVE-2026-8458
Sin clasificar
Microsoft
CVE-2026-8924 trailing dot domain super cookie
Information published.
CVE-2026-8924
Sin clasificar
Microsoft
CVE-2026-10536 HTTP/2 stream-dependency tree UAF
Information published.
CVE-2026-10536
Sin clasificar
Microsoft
CVE-2026-8286 wrong STARTTLS connection reuse
Information published.
CVE-2026-8286
Sin clasificar
Microsoft
CVE-2026-8926 password leak with netrc and user in URL
Information published.
CVE-2026-8926
Sin clasificar
Microsoft
CVE-2026-9080 UAF after pause in socket callback
Information published.
CVE-2026-9080
Sin clasificar
Microsoft
CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension
Information published.
CVE-2026-55952
Sin clasificar
Microsoft
CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop
Information published.
CVE-2026-54886
Sin clasificar
Microsoft
CVE-2026-12480 Arbitrary HDF5 File Read via Virtual Dataset Bypass in keras-team/keras
Information published.
CVE-2026-12480
Sin clasificar
Microsoft
CVE-2026-14647 onnx onnxruntime old.cc convPoolShapeInference_opset19 out-of-bounds
Information published.
CVE-2026-14647
Sin clasificar
Microsoft
CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl
Information published.
CVE-2026-54891
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-53223 net: guard timestamp cmsgs to real error queue skbs
Information published.
CVE-2026-53223
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13933 Insufficient policy enforcement in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13933
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14153 Inappropriate implementation in Glic
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14153
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14125 Uninitialized Use in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14125
Baja
Microsoft Edge
CVE-2026-55945 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Edge (Chromium-based) allows an authorized attacker to disclose information locally.
CVE-2026-55945
Baja
Microsoft Edge
CVE-2026-56645 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-56645
Baja
Microsoft Edge
CVE-2026-57975 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-57975
Baja
Microsoft Edge
CVE-2026-57983 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-57983
Baja
Microsoft Edge
CVE-2026-57984 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-57984
Baja
Microsoft Edge
CVE-2026-57985 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-57985
Baja
Microsoft Edge
CVE-2026-57987 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-57987
Baja
Microsoft Edge
CVE-2026-57988 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-57988
Baja
Microsoft Edge
CVE-2026-57992 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-57992
Baja
Microsoft Edge
CVE-2026-57993 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-57993
Baja
Microsoft Edge
CVE-2026-56646 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-56646
Baja
Microsoft Edge
CVE-2026-58282 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58282
Baja
Microsoft Edge
CVE-2026-58283 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58283
Baja
Microsoft Edge
CVE-2026-58287 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58287
Baja
Microsoft Edge
CVE-2026-58299 Microsoft Edge for Android Remote Code Execution Vulnerability
Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.
CVE-2026-58299
Baja
Microsoft Edge
CVE-2026-58522 Microsoft Edge for Android Information Disclosure Vulnerability
Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
CVE-2026-58522
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13775 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13775
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13776 Type Confusion in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13776
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13779 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13779
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13780 Insufficient validation of untrusted input in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13780
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13781 Insufficient validation of untrusted input in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13781
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13782 Use after free in Browser
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13782
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13783 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13783
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13784 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13784
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13786 Use after free in Ozone
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13786
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13787 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13787
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13790 Side-channel information leakage in Scroll
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13790
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13793 Insufficient policy enforcement in SVG
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13793
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13794 Insufficient validation of untrusted input in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13794
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13797 Insufficient validation of untrusted input in Chromecast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13797
Baja
Microsoft Edge
Chromium: CVE-2026-13801 Integer overflow in Chromecast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13801
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13802 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13802
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13803 Type Confusion in Chrome Tabs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13803
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13804 Use after free in Chromecast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13804
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13810 Inappropriate implementation in Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13810
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13811 Use after free in IME
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13811
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13814 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13814
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13817 Insufficient validation of untrusted input in Glic
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13817
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13815 Use after free in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13815
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13820 Out of bounds read in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13820
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13821 Use after free in Canvas
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13821
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13823 Use after free in Glic
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13823
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13818 Inappropriate implementation in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13818
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13829 Insufficient validation of untrusted input in Settings
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13829
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13828 Inappropriate implementation in Enterprise
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13828
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13824 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13824
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13830 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13830
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13832 Use after free in Headless
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13832
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13831 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13831
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13837 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13837
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13836 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13836
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13835 Inappropriate implementation in XML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13835
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13834 Insufficient validation of untrusted input in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13834
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13838 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13838
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13839 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13839
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13840 Insufficient policy enforcement in Canvas
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13840
Baja
Microsoft Edge
Chromium: CVE-2026-13841 Integer overflow in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13841
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13844 Use after free in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13844
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13845 Use after free in DOM
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13845
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13849 Insufficient validation of untrusted input in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13849
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13848 Use after free in Forms
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13848
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13853 Use after free in Journeys
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13853
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13854 Use after free in Ozone
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13854
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13855 Use after free in Ozone
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13855
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13858 Out of bounds read in FFmpeg
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13858
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13857 Inappropriate implementation in Geometry
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13857
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13859 Inappropriate implementation in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13859
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13860 Incorrect security UI in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13860
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13861 Use after free in Core
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13861
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13864 Insufficient policy enforcement in WebHID
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13864
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13865 Insufficient validation of untrusted input in Enterprise
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13865
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13869 Use after free in Device
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13869
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13867 Inappropriate implementation in Geolocation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13867
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13871 Insufficient data validation in GuestView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13871
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13873 Out of bounds memory access in Layout
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13873
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13874 Inappropriate implementation in DataTransfer
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13874
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13876 Inappropriate implementation in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13876
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13875 Insufficient validation of untrusted input in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13875
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13881 Insufficient data validation in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13881
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13882 Inappropriate implementation in USB
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13882
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13879 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13879
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13877 Insufficient validation of untrusted input in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13877
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13883 Type Confusion in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13883
Baja
Microsoft Edge
Chromium: CVE-2026-13884 Heap buffer overflow in Chromecast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13884
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13890 Out of bounds read in Chromecast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13890
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13886 Policy bypass in Isolated Web Apps
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13886
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13888 Use after free in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13888
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13891 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13891
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13893 Insufficient validation of untrusted input in WebUI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13893
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13894 Insufficient policy enforcement in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13894
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13899 Use after free in HTML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13899
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13897 Insufficient policy enforcement in Chromecast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13897
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13895 Inappropriate implementation in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13895
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13896 Insufficient policy enforcement in Glic
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13896
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13898 Use after free in Cast Receiver
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13898
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13900 Insufficient validation of untrusted input in Chromecast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13900
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13901 Insufficient validation of untrusted input in Serial
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13901
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13903 Insufficient policy enforcement in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13903
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13906 Out of bounds read in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13906
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13909 Insufficient policy enforcement in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13909
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13911 Insufficient data validation in Spellcheck
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13911
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13919 Insufficient data validation in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13919
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13921 Insufficient validation of untrusted input in DeviceBoundSessionCredentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13921
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13922 Side-channel information leakage in Paint
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13922
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13925 Inappropriate implementation in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13925
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13928 Insufficient validation of untrusted input in Enterprise
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13928
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13930 Insufficient policy enforcement in Actor
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13930
Media
Microsoft Edge
Chromium: CVE-2026-13931 Inappropriate implementation in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13931
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13934 Insufficient validation of untrusted input in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13934
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13935 Side-channel information leakage in ComputePressure
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13935
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13937 Insufficient policy enforcement in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13937
Baja
Microsoft Edge
Chromium: CVE-2026-13938 Integer overflow in Fonts
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13938
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13940 Uninitialized Use in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13940
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13941 Inappropriate implementation in SiteSettings
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13941
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13942 Insufficient validation of untrusted input in Video Capture
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13942
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13945 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13945
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13947 Uninitialized Use in XR
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13947
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13948 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13948
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13950 Uninitialized Use in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13950
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13951 Policy bypass in USB
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13951
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13952 Inappropriate implementation in PerformanceAPIs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13952
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13953 Inappropriate implementation in SplitView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13953
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13956 Incorrect security UI in PageInfo
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13956
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13957 Incorrect security UI in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13957
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13958 Uninitialized Use in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13958
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13959 Insufficient validation of untrusted input in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13959
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13960 Inappropriate implementation in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13960
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13962 Insufficient data validation in PDF
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13962
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13774 Use after free in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13774
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14142 Inappropriate implementation in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14142
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14130 Incorrect security UI in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14130
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14116 Insufficient validation of untrusted input in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14116
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14105 Insufficient policy enforcement in Speech
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14105
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14092 Insufficient policy enforcement in Privacy
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14092
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14082 Race in Storage
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14082
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14071 Side-channel information leakage in WebAudio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14071
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14059 Insufficient policy enforcement in Related-Website-Sets
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14059
Media
Microsoft Edge
Chromium: CVE-2026-14039 Insufficient policy enforcement in GetUserMedia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14039
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14027 Use after free in SignIn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14027
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14016 Insufficient policy enforcement in SVG
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14016
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14006 Use after free in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14006
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13989 Insufficient policy enforcement in PageInfo
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13989
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13973 Inappropriate implementation in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13973
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13961 Insufficient validation of untrusted input in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13961
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14156 Policy bypass in StorageAccessAPI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14156
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14155 Insufficient policy enforcement in StorageAccessAPI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14155
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14154 Inappropriate implementation in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14154
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14152 Out of bounds write in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14152
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14151 Inappropriate implementation in AI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14151
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14150 Insufficient validation of untrusted input in Speech
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14150
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14149 Use after free in Audio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14149
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14148 Type Confusion in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14148
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14147 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14147
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14146 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14146
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14145 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14145
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14144 Incorrect security UI in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14144
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14143 Incorrect security UI in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14143
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14141 Incorrect security UI in Document Picture-in-Picture
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14141
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14140 Insufficient validation of untrusted input in Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14140
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14139 Inappropriate implementation in TabStrip
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14139
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14133 Race in History Embeddings
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14133
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14132 Inappropriate implementation in WebXR
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14132
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14131 Insufficient validation of untrusted input in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14131
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14129 Incorrect security UI in PreviewTab
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14129
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14127 Inappropriate implementation in Printing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14127
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14124 Inappropriate implementation in CredentialProvider
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14124
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14122 Insufficient validation of untrusted input in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14122
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14121 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14121
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14119 Type Confusion in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14119
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14117 Insufficient validation of untrusted input in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14117
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14115 Insufficient validation of untrusted input in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14115
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14112 Inappropriate implementation in Enterprise
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14112
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14110 Inappropriate implementation in DarkMode
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14110
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14109 Insufficient policy enforcement in Mojo
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14109
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14104 Insufficient validation of untrusted input in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14104
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14103 Use after free in SSL
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14103
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14102 Use after free in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14102
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14100 Insufficient data validation in NetworkCache
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14100
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14098 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14098
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14097 Inappropriate implementation in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14097
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14095 Insufficient validation of untrusted input in Browser
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14095
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14094 Use after free in Installer
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14094
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14093 Use after free in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14093
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14091 Use after free in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14091
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14089 Insufficient validation of untrusted input in PopupBlocker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14089
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14088 Uninitialized Use in Canvas
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14088
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14087 Insufficient validation of untrusted input in WebNN
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14087
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14086 Insufficient policy enforcement in HID
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14086
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14084 Insufficient validation of untrusted input in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14084
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14081 Insufficient policy enforcement in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14081
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14080 Insufficient validation of untrusted input in TabSwitcher
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14080
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14079 Policy bypass in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14079
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14078 Policy bypass in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14078
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14077 Incorrect security UI in Select
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14077
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14076 Policy bypass in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14076
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14074 Side-channel information leakage in WebAuthentication
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14074
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14072 Incorrect security UI in SplitView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14072
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14070 Uninitialized Use in WebNN
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14070
Baja
Microsoft Edge
Chromium: CVE-2026-14069 Integer overflow in WebNN
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14069
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14065 Insufficient validation of untrusted input in PageInfo
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14065
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14064 Use after free in PageInfo
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14064
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14063 Out of bounds memory access in Chromecast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14063
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14062 Inappropriate implementation in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14062
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14061 Inappropriate implementation in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14061
Media
Microsoft Edge
Chromium: CVE-2026-14056 Insufficient validation of untrusted input in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14056
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14055 Insufficient validation of untrusted input in Device Trust
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14055
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14052 Insufficient policy enforcement in FileSystem
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14052
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14051 Uninitialized Use in GamepadAPI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14051
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14050 Insufficient policy enforcement in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14050
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14048 Use after free in Chromecast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14048
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14047 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14047
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14046 Inappropriate implementation in CustomTabs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14046
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14045 Insufficient validation of untrusted input in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14045
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14044 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14044
Media
Microsoft Edge
Chromium: CVE-2026-14043 Use after free in GetUserMedia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14043
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14042 Inappropriate implementation in Isolated Web Apps
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14042
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14041 Insufficient policy enforcement in Serial
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14041
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14040 Use after free in BrowserTag
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14040
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14038 Insufficient validation of untrusted input in New Tab Page
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14038
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14037 Insufficient policy enforcement in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14037
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14036 Insufficient policy enforcement in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14036
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14035 Insufficient policy enforcement in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14035
Media
Microsoft Edge
Chromium: CVE-2026-14033 Insufficient policy enforcement in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14033
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14032 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14032
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14031 Incorrect security UI in File Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14031
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14026 Incorrect security UI in SplitView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14026
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14024 Use after free in Ozone
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14024
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14022 Insufficient validation of untrusted input in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14022
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14020 Insufficient validation of untrusted input in WebXR
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14020
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14019 Inappropriate implementation in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14019
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14018 Use after free in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14018
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14015 Inappropriate implementation in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14015
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14014 Inappropriate implementation in Paint
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14014
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14013 Inappropriate implementation in SVG
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14013
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14012 Side-channel information leakage in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14012
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14011 Out of bounds read in SurfaceCapture
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14011
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14009 Insufficient data validation in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14009
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14008 Uninitialized Use in WebXR
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14008
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14004 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14004
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14003 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14003
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14002 Inappropriate implementation in Geolocation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14002
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14001 Inappropriate implementation in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14001
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14000 Inappropriate implementation in XML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14000
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13999 Inappropriate implementation in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13999
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13988 Inappropriate implementation in Paint
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13988
Media
Microsoft Edge
Chromium: CVE-2026-13985 Inappropriate implementation in MediaCapture
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13985
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13979 Inappropriate implementation in Paint
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13979
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13978 Insufficient policy enforcement in PageInfo
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13978
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13977 Inappropriate implementation in HTMLParser
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13977
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13972 Inappropriate implementation in Paint
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13972
Media
Microsoft Edge
Chromium: CVE-2026-13970 Uninitialized Use in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13970
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13968 Insufficient validation of untrusted input in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13968
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13967 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13967
Crítica
Microsoft Edge
CVE-2026-45488 Microsoft Edge (Chromium-based) Spoofing Vulnerability
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-45488
Baja
Microsoft Edge
CVE-2026-57974 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-57974
Baja
Microsoft Edge
CVE-2026-57977 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-57977
Baja
Microsoft Edge
CVE-2026-57981 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-57981
Baja
Microsoft Edge
CVE-2026-57986 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-57986
Baja
Microsoft Edge
CVE-2026-58276 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58276
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13954 Insufficient policy enforcement in XML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13954
Baja
Microsoft Edge
CVE-2026-58278 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58278
Baja
Microsoft Edge
CVE-2026-58284 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58284
Baja
Microsoft Edge
CVE-2026-58285 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58285
Baja
Microsoft Edge
CVE-2026-58286 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58286
Baja
Microsoft Edge
CVE-2026-58288 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58288
Baja
Microsoft Edge
CVE-2026-58289 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58289
Baja
Microsoft Edge
CVE-2026-58290 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58290
Baja
Microsoft Edge
CVE-2026-58292 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58292
Baja
Microsoft Edge
CVE-2026-58293 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58293
Baja
Microsoft Edge
CVE-2026-58294 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58294
Baja
Microsoft Edge
CVE-2026-58295 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-58295
Baja
Microsoft Edge
CVE-2026-58296 Microsoft Edge for Android Information Disclosure Vulnerability
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.
CVE-2026-58296
Baja
Microsoft Edge
CVE-2026-58297 Microsoft Edge for Android Information Disclosure Vulnerability
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.
CVE-2026-58297
Baja
Microsoft Edge
CVE-2026-58298 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58298
Baja
Microsoft Edge
CVE-2026-58300 Microsoft Edge for Android Information Disclosure Vulnerability
Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
CVE-2026-58300
Baja
Microsoft Edge
CVE-2026-58524 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58524
Baja
Microsoft Edge
CVE-2026-58597 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58597
Baja
Microsoft Edge
Chromium: CVE-2026-13796 Integer overflow in Chromecast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13796
Baja
Microsoft Edge
Chromium: CVE-2026-13798 Heap buffer overflow in Chromecast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13798
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13799 Use after free in QUIC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13799
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13800 Inappropriate implementation in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13800
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13806 Insufficient validation of untrusted input in Accessibility
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13806
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14138 Inappropriate implementation in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14138
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14135 Insufficient validation of untrusted input in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14135
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14134 Inappropriate implementation in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14134
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14120 Inappropriate implementation in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14120
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14118 Insufficient data validation in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14118
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14113 Use after free in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14113
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14111 Use after free in WebProtect
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14111
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14108 Use after free in PDFium
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14108
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14107 Use after free in Scheduling
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14107
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14106 Insufficient validation of untrusted input in Text
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14106
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14085 Side-channel information leakage in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14085
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14083 Insufficient validation of untrusted input in HTML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14083
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14073 Insufficient policy enforcement in WebXR
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14073
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14068 Inappropriate implementation in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14068
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14060 Insufficient validation of untrusted input in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14060
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14058 Policy bypass in Parser
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14058
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14057 Insufficient policy enforcement in FedCM
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14057
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14054 Insufficient policy enforcement in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14054
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14053 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14053
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14034 Inappropriate implementation in WebXR
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14034
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14030 Incorrect security UI in SplitView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14030
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14025 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14025
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14023 Insufficient validation of untrusted input in SanitizerAPI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14023
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14021 Insufficient validation of untrusted input in StorageAccessAPI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14021
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14017 Inappropriate implementation in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14017
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14010 Uninitialized Use in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14010
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14007 Insufficient policy enforcement in PermissionsPolicy
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14007
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13996 Incorrect security UI in Permissions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13996
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13993 Incorrect security UI in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13993
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13990 Insufficient validation of untrusted input in DataTransfer
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13990
Media
Microsoft Edge
Chromium: CVE-2026-13986 Inappropriate implementation in Media UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13986
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13984 Incorrect security UI in TabStrip
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13984
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13982 Incorrect security UI in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13982
Baja
Microsoft Edge
Chromium: CVE-2026-13976 Heap buffer overflow in Storage
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13976
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13971 Uninitialized Use in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13971
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13966 Inappropriate implementation in History
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13966
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13965 Use after free in Oilpan
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13965
Sin clasificar
Microsoft Edge
CVE-2026-45489 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Information published.
CVE-2026-45489
Baja
Microsoft Edge
CVE-2026-58291 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
CVE-2026-58291
Media
Microsoft Edge
Chromium: CVE-2026-13920 Insufficient validation of untrusted input in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13920
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-14049 Inappropriate implementation in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-14049
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13963 Inappropriate implementation in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-13963
Baja
Microsoft Edge
CVE-2026-58523 Microsoft Edge for Android Security Feature Bypass Vulnerability
Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-58523
Sin clasificar
Microsoft
CVE-2026-56149 Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service
Information published.
CVE-2026-56149
Sin clasificar
Microsoft
CVE-2026-14258 Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling
Information published.
CVE-2026-14258
Sin clasificar
Microsoft
CVE-2026-49090 Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service
Information published.
CVE-2026-49090
Sin clasificar
Microsoft
CVE-2026-53357 Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del()
Information published.
CVE-2026-53357
Baja
Microsoft
CVE-2026-56405 libexpat before 2.8.2 has an integer overflow in getAttributeId.
Information published.
CVE-2026-56405
Baja
Microsoft
CVE-2026-56406 libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.
Information published.
CVE-2026-56406
Sin clasificar
Microsoft
CVE-2026-53043 ocfs2/dlm: validate qr_numregions in dlm_match_regions()
Information published.
CVE-2026-53043
Sin clasificar
Microsoft
CVE-2026-56131 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).
Information published.
CVE-2026-56131
CVE-2026-50219
Baja
Microsoft
CVE-2026-52911 ksmbd: scope conn->binding slowpath to bound sessions only
Information published.
CVE-2026-52911
Sin clasificar
Microsoft
CVE-2026-53049 gfs2: add some missing log locking
Information published.
CVE-2026-53049
Sin clasificar
Microsoft
CVE-2026-53045 memory: tegra124-emc: Fix dll_change check
Information published.
CVE-2026-53045
Sin clasificar
Microsoft
CVE-2026-53097 wifi: mt76: mt7996: fix use-after-free bugs in mt7996_mac_dump_work()
Information published.
CVE-2026-53097
Sin clasificar
Microsoft
CVE-2026-53039 ocfs2: validate group add input before caching
Information published.
CVE-2026-53039
Sin clasificar
Microsoft
CVE-2026-53010 ksmbd: fix use-after-free in smb2_open during durable reconnect
Information published.
CVE-2026-53010
Sin clasificar
Microsoft
CVE-2026-53046 ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine
Information published.
CVE-2026-53046
Sin clasificar
Microsoft
CVE-2026-53048 gfs2: prevent NULL pointer dereference during unmount
Information published.
CVE-2026-53048
Baja
Microsoft
CVE-2026-53196 USB: serial: io_ti: fix heap overflow in get_manuf_info()
Information published.
CVE-2026-53196
Baja
Microsoft
CVE-2026-58050 libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation
Information published.
CVE-2026-58050
Sin clasificar
Microsoft
CVE-2026-58051 libssh2 - Free of Uninitialized Pointer in publickey List Cleanup
Information published.
CVE-2026-58051
Sin clasificar
Microsoft
CVE-2026-48779 ws: Memory exhaustion DoS from tiny fragments and data chunks
Information published.
CVE-2026-48779
Sin clasificar
Microsoft
CVE-2026-13322 Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service
Information published.
CVE-2026-13322
Baja
Microsoft
CVE-2026-57918 libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker.
Information published.
CVE-2026-57918
Baja
Microsoft
CVE-2026-12912 Libtiff: libtiff: heap-based buffer overflow via crafted pixarlog-compressed tiff image
Information published.
CVE-2026-12912
Sin clasificar
Microsoft
CVE-2026-14164 Libarchive: double-free vulnerability in rar5 decompression logic via dangling filtered_buf pointer in init_unpack()
Information published.
CVE-2026-14164
Baja
Microsoft
CVE-2026-53195 USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr()
Information published.
CVE-2026-53195
Baja
Microsoft
CVE-2026-56407 libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.
Information published.
CVE-2026-56407
Baja
Microsoft
CVE-2026-56404 libexpat before 2.8.2 has an integer overflow in addBinding.
Information published.
CVE-2026-56404
Sin clasificar
Microsoft
CVE-2026-52913 batman-adv: v: stop OGMv2 on disabled interface
Information published.
CVE-2026-52913
Baja
Microsoft
CVE-2026-56403 libexpat before 2.8.2 has an integer overflow in storeAtts.
Information published.
CVE-2026-56403
Baja
Microsoft
CVE-2026-56132 In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
Information published.
CVE-2026-56132
Sin clasificar
Microsoft
CVE-2026-56412 libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.
Information published.
CVE-2026-56412
CVE-2026-50219
Baja
Microsoft
CVE-2026-3195 Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730)
Information published.
CVE-2026-3195
CVE-2024-7730
Sin clasificar
Microsoft
CVE-2026-11972 tarfile opened in streaming mode mishandles EOF
Information published.
CVE-2026-11972
Sin clasificar
Microsoft
CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method
Information published.
CVE-2026-0864
Sin clasificar
Microsoft
CVE-2026-55199 libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler
Information published.
CVE-2026-55199
Sin clasificar
Microsoft
CVE-2026-55200 libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
Information published.
CVE-2026-55200
Sin clasificar
Microsoft
CVE-2025-15661 libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c
Information published.
CVE-2025-15661
Sin clasificar
Microsoft
CVE-2026-53052 ASoC: qcom: qdsp6: topology: check widget type before accessing data
Information published.
CVE-2026-53052
Sin clasificar
Microsoft
CVE-2026-53098 wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work()
Information published.
CVE-2026-53098
Sin clasificar
Microsoft
CVE-2026-52946 fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling
Information published.
CVE-2026-52946
Sin clasificar
Microsoft
CVE-2026-52992 fs/adfs: validate nzones in adfs_validate_bblk()
Information published.
CVE-2026-52992
Sin clasificar
Microsoft
CVE-2026-52954 libceph: handle rbtree insertion error in decode_choose_args()
Information published.
CVE-2026-52954
Sin clasificar
Microsoft
CVE-2026-53160 misc: fastrpc: fix use-after-free race in fastrpc_map_create
Information published.
CVE-2026-53160
Sin clasificar
Microsoft
CVE-2026-53130 fs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_START
Information published.
CVE-2026-53130
Sin clasificar
Microsoft
CVE-2026-53016 crypto: ccp - copy IV using skcipher ivsize
Information published.
CVE-2026-53016
Sin clasificar
Microsoft
CVE-2026-52962 ceph: fix a buffer leak in __ceph_setxattr()
Information published.
CVE-2026-52962
Sin clasificar
Microsoft
CVE-2026-52935 xfrm: espintcp: do not reuse an in-progress partial send
Information published.
CVE-2026-52935
Sin clasificar
Microsoft
CVE-2026-52944 ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE
Information published.
CVE-2026-52944
Sin clasificar
Microsoft
CVE-2026-53320 nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()
Information published.
CVE-2026-53320
Sin clasificar
Microsoft
CVE-2026-53296 mailbox: mailbox-test: free channels on probe error
Information published.
CVE-2026-53296
Sin clasificar
Microsoft
CVE-2026-53309 ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison
Information published.
CVE-2026-53309
Sin clasificar
Microsoft
CVE-2026-53306 tty: hvc_iucv: fix off-by-one in number of supported devices
Information published.
CVE-2026-53306
Sin clasificar
Microsoft
CVE-2026-53294 mailbox: mailbox-test: don't free the reused channel
Information published.
CVE-2026-53294
Sin clasificar
Microsoft
CVE-2026-53303 f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()
Information published.
CVE-2026-53303
Sin clasificar
Microsoft
CVE-2026-53279 drm/gma500/oaktrail_lvds: fix hang on init failure
Information published.
CVE-2026-53279
Sin clasificar
Microsoft
CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length
Information published.
CVE-2026-58055
Sin clasificar
Microsoft
CVE-2026-41991 Predictable Temporary File in GNU gzip
Information published.
CVE-2026-41991
Sin clasificar
Microsoft
CVE-2026-57231 Podman: Malformed Image can trick podman run into leaking host environment variables into the container
Information published.
CVE-2026-57231
Sin clasificar
Microsoft
CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter
Information published.
CVE-2026-4360
Sin clasificar
Microsoft
CVE-2026-13757 P11-kit: stack exhaustion via unbounded recursion in rpc attribute parsing
Information published.
CVE-2026-13757
Sin clasificar
Microsoft
CVE-2026-57585 MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error
Information published.
CVE-2026-57585
Sin clasificar
Microsoft Edge
CVE-2026-50521 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Added Edge software to the Security Updates table. Customers that are running supported version of Edge are encouraged to update to the indicated version to be protected from this vulnerability.
CVE-2026-50521
Baja
Microsoft
CVE-2026-57100 Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
CVE-2026-57100
Baja
Azure
CVE-2026-45499 Azure OpenAI Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.
CVE-2026-45499
Baja
Azure
CVE-2026-26145 Microsoft Azure Synapse Elevation of Privilege Vulnerability
Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network.
CVE-2026-26145
Baja
Microsoft 365
CVE-2026-41106 Microsoft 365 Copilot Elevation of Privilege Vulnerability
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41106
Baja
Microsoft
CVE-2026-54998 Microsoft Exchange Online Elevation of Privilege Vulnerability
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
CVE-2026-54998
Sin clasificar
Microsoft
CVE-2026-32208 Microsoft Entra ID Spoofing Vulnerability
Corrected the CVE description and title. This is an informational change only.
CVE-2026-32208
Sin clasificar
Microsoft
CVE-2026-57062 CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182.
Information published.
CVE-2026-57062
CVE-2026-34182
Baja
Microsoft
CVE-2026-58050 libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation
Information published.
CVE-2026-58050
Sin clasificar
Microsoft
CVE-2026-58051 libssh2 - Free of Uninitialized Pointer in publickey List Cleanup
Information published.
CVE-2026-58051
Sin clasificar
Microsoft
CVE-2026-42055 NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability
Information published.
CVE-2026-42055
Sin clasificar
Microsoft
CVE-2026-48779 ws: Memory exhaustion DoS from tiny fragments and data chunks
Information published.
CVE-2026-48779
Sin clasificar
Microsoft
CVE-2026-58010 Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal()
Information published.
CVE-2026-58010
Sin clasificar
Microsoft
CVE-2026-58015 Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive
Information published.
CVE-2026-58015
Baja
Microsoft
CVE-2026-58016 Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
Information published.
CVE-2026-58016
Sin clasificar
Microsoft
CVE-2026-58012 Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
Information published.
CVE-2026-58012
Sin clasificar
Microsoft
CVE-2026-58011 Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime
Information published.
CVE-2026-58011
Sin clasificar
Microsoft
CVE-2026-58013 Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
Information published.
CVE-2026-58013
Sin clasificar
Microsoft
CVE-2026-58014 Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list"
Information published.
CVE-2026-58014
Sin clasificar
Microsoft
CVE-2026-13322 Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service
Information published.
CVE-2026-13322
Sin clasificar
Microsoft
CVE-2026-13208 Kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts vmi identity from unauthenticated grpc request body
Information published.
CVE-2026-13208
Baja
Microsoft
CVE-2026-13218 Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher
Information published.
CVE-2026-13218
Sin clasificar
Microsoft
CVE-2026-13325 Virt-handler-rhel9: kubevirt: kubevirt: disabletls migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces
Information published.
CVE-2026-13325
Baja
Microsoft
CVE-2026-57918 libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker.
Information published.
CVE-2026-57918
Sin clasificar
Microsoft
CVE-2026-6291 Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption
Information published.
CVE-2026-6291
Sin clasificar
Microsoft
CVE-2026-7532 iPAddress name constraints not enforced when WOLFSSL_IP_ALT_NAME is undefined
Information published.
CVE-2026-7532
Crítica
Microsoft
CVE-2026-6450 CRL critical extension bypass in ParseCRL_Extensions
Information published.
CVE-2026-6450
Sin clasificar
Microsoft
CVE-2026-55960 Un-negotiated Raw Public Key (RFC 7250) accepted in place of X.509, bypassing chain validation
Information published.
CVE-2026-55960
Media
Microsoft
CVE-2026-55964 Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA (temporary CA exemption)
Information published.
CVE-2026-55964
Sin clasificar
Microsoft
CVE-2026-6329 PKCS#12 MAC verification uses attacker-controlled comparison length
Information published.
CVE-2026-6329
Sin clasificar
Microsoft
CVE-2026-55961 wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer
Information published.
CVE-2026-55961
Baja
Microsoft
CVE-2026-6678 Integer underflow in wc_PKCS7_DecryptOri handling crafted Other Recipient Info
Information published.
CVE-2026-6678
Sin clasificar
Microsoft
CVE-2026-6094 Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData
Information published.
CVE-2026-6094
Sin clasificar
Microsoft
CVE-2026-6331 HMAC zero-length tag forgery in EVP_DigestVerifyFinal
Information published.
CVE-2026-6331
Sin clasificar
Microsoft
CVE-2026-6330 ML-KEM ARM64 NEON ciphertext comparison only compares half of the input
Information published.
CVE-2026-6330
Sin clasificar
Microsoft
CVE-2026-6731 X.509 name constraint bypass via Subject CN treated as a DNS name
Information published.
CVE-2026-6731
Sin clasificar
Microsoft
CVE-2026-55958 Renesas TSIP TLS 1.3 transcript buffer out-of-bounds write in tsip_StoreMessage
Information published.
CVE-2026-55958
Sin clasificar
Microsoft
CVE-2026-6325 Out-of-bounds write in SetSuitesHashSigAlgo on oversized signature algorithms list
Information published.
CVE-2026-6325
Sin clasificar
Microsoft
CVE-2026-10592 Wildcard DNS SAN bypasses CA name-constraint checks
Information published.
CVE-2026-10592
Sin clasificar
Microsoft
CVE-2026-10512 X25519 x86_64 assembly final reduction leaves non-canonical field element
Information published.
CVE-2026-10512
Sin clasificar
Microsoft
CVE-2026-8720 HMAC-BLAKE2 final discards message when key length exceeds block size
Information published.
CVE-2026-8720
Sin clasificar
Microsoft
CVE-2026-10098 OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status
Information published.
CVE-2026-10098
Sin clasificar
Microsoft
CVE-2026-10097 ML-KEM-1024 x64 AVX2 incomplete cipher text comparison enables IND-CCA2 break and static private-key recovery
Information published.
CVE-2026-10097
Media
Microsoft
CVE-2026-11310 X.509 trust-chain bypass in wolfSSL_X509_verify_cert() via untrusted intermediate anchoring
Information published.
CVE-2026-11310
Sin clasificar
Microsoft
CVE-2026-13595 Util-linux: util-linux: heap use-after-free in libblkid nested partition probing
Information published.
CVE-2026-13595
Sin clasificar
Microsoft
CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length
Information published.
CVE-2026-58055
Sin clasificar
Microsoft
CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr
Information published.
CVE-2026-54371
Baja
Microsoft
CVE-2026-41992 Global Buffer Overflow in GNU gzip
Information published.
CVE-2026-41992
Sin clasificar
Microsoft
CVE-2026-13318 Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip
Information published.
CVE-2026-13318
Sin clasificar
Microsoft
CVE-2026-57231 Podman: Malformed Image can trick podman run into leaking host environment variables into the container
Information published.
CVE-2026-57231
Sin clasificar
Microsoft
CVE-2026-11703 Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption
Information published.
CVE-2026-11703
Sin clasificar
Microsoft
CVE-2026-55967 AES-GCM streaming APIs do not reject >64 GiB cumulative single messages, enabling counter wrap and keystream reuse
Information published.
CVE-2026-55967
Sin clasificar
Microsoft
CVE-2026-55962 TLS 1.3 post-handshake authentication: server accepts Finished without client Certificate/CertificateVerify
Information published.
CVE-2026-55962
Sin clasificar
Microsoft
CVE-2026-11999 X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()
Information published.
CVE-2026-11999
Baja
Microsoft
CVE-2026-7511 PKCS7_verify signer confusion allows forged signatures to be accepted
Information published.
CVE-2026-7511
Media
Microsoft
CVE-2026-6091 Partial-chain verification accepts untrusted intermediate as trust anchor
Information published.
CVE-2026-6091
Sin clasificar
Microsoft
CVE-2026-12340 Out-of-bounds heap read in SM2/SM3 certificate Subject Key Identifier computation
Information published.
CVE-2026-12340
Sin clasificar
Microsoft
CVE-2026-6092 Encrypt-then-MAC could fall back to MAC-then-Encrypt when HAVE_ENCRYPT_THEN_MAC is configured
Information published.
CVE-2026-6092
Sin clasificar
Microsoft
CVE-2026-6412 Continued acceptance of SHA-1/MD5 digests in certificate processing
Information published.
CVE-2026-6412
Sin clasificar
Microsoft
CVE-2026-7531 Use-after-free in PQC hybrid key-share handling
Information published.
CVE-2026-7531
Sin clasificar
Microsoft
CVE-2026-11625 Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes
Information published.
CVE-2026-11625
Sin clasificar
Windows
CVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-42910
Sin clasificar
Microsoft
CVE-2026-54369 acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions
Information published.
CVE-2026-54369
Sin clasificar
Microsoft
CVE-2026-41991 Predictable Temporary File in GNU gzip
Information published.
CVE-2026-41991
Sin clasificar
Microsoft
CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr
Information published.
CVE-2026-54371
Sin clasificar
Microsoft
CVE-2026-53325 agp/amd64: Fix broken error propagation in agp_amd64_probe()
Information published.
CVE-2026-53325
Baja
Microsoft
CVE-2026-41992 Global Buffer Overflow in GNU gzip
Information published.
CVE-2026-41992
Baja
Microsoft
CVE-2026-11979 Stack-Based Buffer Overflow in libxml2
Information published.
CVE-2026-11979
Sin clasificar
Microsoft
CVE-2026-52910 bpf: Free reuseport cBPF prog after RCU grace period.
Information published.
CVE-2026-52910
Sin clasificar
Microsoft
CVE-2026-52908 RDMA: During rereg_mr ensure that REREG_ACCESS is compatible
Information published.
CVE-2026-52908
Baja
Microsoft
CVE-2026-58050 libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation
Information published.
CVE-2026-58050
Sin clasificar
Microsoft
CVE-2026-58051 libssh2 - Free of Uninitialized Pointer in publickey List Cleanup
Information published.
CVE-2026-58051
Baja
Microsoft
CVE-2026-58058 Nmap - Integer Underflow in IPv6 Extension Header Parsing
Information published.
CVE-2026-58058
Sin clasificar
Microsoft
CVE-2026-52909 ip6_vti: set netns_immutable on the fallback device.
Information published.
CVE-2026-52909
Sin clasificar
Microsoft
CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length
Information published.
CVE-2026-58055
Sin clasificar
Microsoft
CVE-2023-6606 Kernel: out-of-bounds read vulnerability in smbcalcsize
Information published.
CVE-2023-6606
Sin clasificar
Microsoft
CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Information published.
CVE-2025-21825
Sin clasificar
Microsoft
CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
Information published.
CVE-2024-58089
Baja
Microsoft
CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP
Information published.
CVE-2025-21892
Sin clasificar
Microsoft
CVE-2025-21885 RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers
Information published.
CVE-2025-21885
Sin clasificar
Microsoft
CVE-2025-21833 iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
Information published.
CVE-2025-21833
Baja
Microsoft
CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
Information published.
CVE-2025-29923
Sin clasificar
Microsoft
CVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM type
Information published.
CVE-2025-21888
Sin clasificar
Microsoft
CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
Information published.
CVE-2025-21870
Sin clasificar
Microsoft
CVE-2026-23214 btrfs: reject new transactions if the fs is fully read-only
Information published.
CVE-2026-23214
Sin clasificar
Microsoft
CVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
Information published.
CVE-2026-23213
Sin clasificar
Microsoft
CVE-2025-71225 md: suspend array while updating raid_disks via sysfs
Information published.
CVE-2025-71225
Sin clasificar
Microsoft
CVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channels
Information published.
CVE-2025-71227
Sin clasificar
Microsoft
CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler
Information published.
CVE-2026-23207
Sin clasificar
Microsoft
CVE-2025-40213 Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete
Information published.
CVE-2025-40213
Sin clasificar
Microsoft
CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().
Information published.
CVE-2025-40139
Sin clasificar
Microsoft
CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown
Information published.
CVE-2025-40146
Sin clasificar
Microsoft
CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().
Information published.
CVE-2025-40168
Sin clasificar
Microsoft
CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()
Information published.
CVE-2025-40170
Sin clasificar
Microsoft
CVE-2025-40158 ipv6: use RCU in ip6_output()
Information published.
CVE-2025-40158
Sin clasificar
Microsoft
CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
Information published.
CVE-2025-40180
Sin clasificar
Microsoft
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work
Information published.
CVE-2025-68822
Baja
Microsoft
CVE-2026-0989 Libxml2: unbounded relaxng include recursion leading to stack overflow
Information published.
CVE-2026-0989
Sin clasificar
Microsoft
CVE-2025-71073 Input: lkkbd - disable pending work before freeing device
Information published.
CVE-2025-71073
Sin clasificar
Microsoft
CVE-2025-71072 shmem: fix recovery on rename failures
Information published.
CVE-2025-71072
Sin clasificar
Microsoft
CVE-2025-68201 drm/amdgpu: remove two invalid BUG_ON()s
Information published.
CVE-2025-68201
Sin clasificar
Microsoft
CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough
Information published.
CVE-2025-68230
Sin clasificar
Microsoft
CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition
Information published.
CVE-2025-68174
Sin clasificar
Microsoft
CVE-2025-40355 sysfs: check visibility before changing group attribute ownership
Information published.
CVE-2025-40355
Sin clasificar
Microsoft
CVE-2025-68209 mlx5: Fix default values in create CQ
Information published.
CVE-2025-68209
Sin clasificar
Microsoft
CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side
Information published.
CVE-2025-68304
Sin clasificar
Microsoft
CVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irq
Information published.
CVE-2025-68338
Sin clasificar
Microsoft
CVE-2025-68745 scsi: qla2xxx: Clear cmds after chip reset
Information published.
CVE-2025-68745
Sin clasificar
Microsoft
CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Information published.
CVE-2025-61727
Sin clasificar
Microsoft
CVE-2025-40289 drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
Information published.
CVE-2025-40289
Sin clasificar
Microsoft
CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved
Information published.
CVE-2025-40339
Sin clasificar
Microsoft
CVE-2025-68190 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()
Information published.
CVE-2025-68190
Sin clasificar
Microsoft
CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
Information published.
CVE-2025-68188
Baja
Microsoft
CVE-2025-68378 bpf: Fix stackmap overflow check in __bpf_get_stackid()
Information published.
CVE-2025-68378
Sin clasificar
Microsoft
CVE-2025-68374 md: fix rcu protection in md_wakeup_thread
Information published.
CVE-2025-68374
Sin clasificar
Microsoft
CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes
Information published.
CVE-2025-38041
Sin clasificar
Microsoft
CVE-2025-38029 kasan: avoid sleepable page allocation from atomic context
Information published.
CVE-2025-38029
Sin clasificar
Microsoft
CVE-2025-38064 virtio: break and reset virtio devices on device_shutdown()
Information published.
CVE-2025-38064
Sin clasificar
Microsoft
CVE-2023-52485 drm/amd/display: Wake DMCUB before sending a command
Information published.
CVE-2023-52485
Sin clasificar
Microsoft
CVE-2024-25740 A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
Information published.
CVE-2024-25740
Media
Microsoft
CVE-2024-24864 Race condition vulnerability in Linux kernel media/dvb-core in dvbdmx_write()
Information published.
CVE-2024-24864
Baja
Microsoft
CVE-2024-1151 Kernel: stack overflow problem in open vswitch kernel module leading to dos
Information published.
CVE-2024-1151
Sin clasificar
Microsoft
CVE-2024-53201 drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
Information published.
CVE-2024-53201
Sin clasificar
Microsoft
CVE-2024-53114 x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
Information published.
CVE-2024-53114
Sin clasificar
Microsoft
CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO
Information published.
CVE-2024-53219
Sin clasificar
Microsoft
CVE-2024-56712 udmabuf: fix memory leak on last export_udmabuf() error path
Information published.
CVE-2024-56712
Sin clasificar
Microsoft
CVE-2024-56591 Bluetooth: hci_conn: Use disable_delayed_work_sync
Information published.
CVE-2024-56591
Sin clasificar
Microsoft
CVE-2024-53133 drm/amd/display: Handle dml allocation failure to avoid crash
Information published.
CVE-2024-53133
Baja
Microsoft
CVE-2024-53187 io_uring: check for overflows in io_pin_pages
Information published.
CVE-2024-53187
Sin clasificar
Microsoft
CVE-2024-56544 udmabuf: change folios array from kmalloc to kvmalloc
Information published.
CVE-2024-56544
Sin clasificar
Microsoft
CVE-2024-56702 bpf: Mark raw_tp arguments with PTR_MAYBE_NULL
Information published.
CVE-2024-56702
Sin clasificar
Microsoft
CVE-2024-56742 vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages()
Information published.
CVE-2024-56742
Sin clasificar
Microsoft
CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string
Information published.
CVE-2025-38660
Sin clasificar
Microsoft
CVE-2025-38636 rv: Use strings in da monitors tracepoints
Information published.
CVE-2025-38636
Sin clasificar
Microsoft
CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields
Information published.
CVE-2025-38591
Sin clasificar
Microsoft
CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
Information published.
CVE-2025-38656
Media
Microsoft
CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
Information published.
CVE-2025-38585
Sin clasificar
Microsoft
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
Information published.
CVE-2025-58160
Sin clasificar
Microsoft
CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta
Information published.
CVE-2024-47702
Baja
Microsoft
CVE-2024-49888 bpf: Fix a sdiv overflow issue
Information published.
CVE-2024-49888
Sin clasificar
Microsoft
CVE-2024-47662 drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection
Information published.
CVE-2024-47662
Baja
Microsoft
CVE-2024-49940 l2tp: prevent possible tunnel refcount underflow
Information published.
CVE-2024-49940
Sin clasificar
Microsoft
CVE-2024-49932 btrfs: don't readahead the relocation inode on RST
Information published.
CVE-2024-49932
Sin clasificar
Microsoft
CVE-2024-49893 drm/amd/display: Check stream_status before it is used
Information published.
CVE-2024-49893
Sin clasificar
Microsoft
CVE-2024-49885 mm, slub: avoid zeroing kmalloc redzone
Information published.
CVE-2024-49885
Sin clasificar
Microsoft
CVE-2024-49972 drm/amd/display: Deallocate DML memory if allocation fails
Information published.
CVE-2024-49972
Sin clasificar
Microsoft
CVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structure
Information published.
CVE-2024-49945
Sin clasificar
Microsoft
CVE-2024-49920 drm/amd/display: Check null pointers before multiple uses
Information published.
CVE-2024-49920
Baja
Microsoft
CVE-2024-47661 drm/amd/display: Avoid overflow from uint32_t to uint8_t
Information published.
CVE-2024-47661
Sin clasificar
Microsoft
CVE-2024-49904 drm/amdgpu: add list empty check to avoid null pointer issue
Information published.
CVE-2024-49904
Sin clasificar
Microsoft
CVE-2024-50028 thermal: core: Reference count the zone in thermal_zone_get_by_id()
Information published.
CVE-2024-50028
Sin clasificar
Microsoft
CVE-2024-49908 drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (v2)
Information published.
CVE-2024-49908
Sin clasificar
Microsoft
CVE-2024-49918 drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer
Information published.
CVE-2024-49918
Sin clasificar
Microsoft
CVE-2024-49990 drm/xe/hdcp: Check GSC structure validity
Information published.
CVE-2024-49990
Sin clasificar
Microsoft
CVE-2024-49922 drm/amd/display: Check null pointers before using them
Information published.
CVE-2024-49922
Sin clasificar
Microsoft
CVE-2024-46870 drm/amd/display: Disable DMCUB timeout for DCN35
Information published.
CVE-2024-46870
Sin clasificar
Microsoft
CVE-2024-49971 drm/amd/display: Increase array size of dummy_boolean
Information published.
CVE-2024-49971
Sin clasificar
Microsoft
CVE-2024-49921 drm/amd/display: Check null pointers before used
Information published.
CVE-2024-49921
Sin clasificar
Microsoft
CVE-2024-47703 bpf, lsm: Add check for BPF LSM return value
Information published.
CVE-2024-47703
Sin clasificar
Microsoft
CVE-2024-49910 drm/amd/display: Add NULL check for function pointer in dcn401_set_output_transfer_func
Information published.
CVE-2024-49910
Sin clasificar
Microsoft
CVE-2024-49916 drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn401_init_hw
Information published.
CVE-2024-49916
Sin clasificar
Microsoft
CVE-2024-49970 drm/amd/display: Implement bounds check for stream encoder creation in DCN401
Information published.
CVE-2024-49970
Sin clasificar
Microsoft
CVE-2024-50004 drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35
Information published.
CVE-2024-50004
Sin clasificar
Microsoft
CVE-2024-38608 net/mlx5e: Fix netif state handling
Information published.
CVE-2024-38608
Sin clasificar
Microsoft
CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port
Information published.
CVE-2024-38595
Sin clasificar
Microsoft
CVE-2024-46834 ethtool: fail closed if we can't get max channel used in indirection tables
Information published.
CVE-2024-46834
Sin clasificar
Microsoft
CVE-2024-44951 serial: sc16is7xx: fix TX fifo corruption
Information published.
CVE-2024-44951
Sin clasificar
Microsoft
CVE-2024-46730 drm/amd/display: Ensure array index tg_inst won't be -1
Information published.
CVE-2024-46730
Sin clasificar
Microsoft
CVE-2024-46727 drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update
Information published.
CVE-2024-46727
Sin clasificar
Microsoft
CVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.
Information published.
CVE-2024-46754
Sin clasificar
Microsoft
CVE-2024-46681 pktgen: use cpus_read_lock() in pg_net_init()
Information published.
CVE-2024-46681
Sin clasificar
Microsoft
CVE-2024-46701 libfs: fix infinite directory reads for offset dir
Information published.
CVE-2024-46701
Sin clasificar
Microsoft
CVE-2024-46775 drm/amd/display: Validate function returns
Information published.
CVE-2024-46775
Crítica
Microsoft
CVE-2024-44956 drm/xe/preempt_fence: enlarge the fence critical section
Information published.
CVE-2024-44956
Sin clasificar
Microsoft
CVE-2024-46698 video/aperture: optionally match the device in sysfb_disable()
Information published.
CVE-2024-46698
Sin clasificar
Microsoft
CVE-2024-46705 drm/xe: reset mmio mappings with devm
Information published.
CVE-2024-46705
Sin clasificar
Microsoft
CVE-2024-46778 drm/amd/display: Check UnboundedRequestEnabled's value
Information published.
CVE-2024-46778
Sin clasificar
Microsoft
CVE-2024-46808 drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range
Information published.
CVE-2024-46808
Sin clasificar
Microsoft
CVE-2024-46842 scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
Information published.
CVE-2024-46842
Baja
Microsoft
CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.
Information published.
CVE-2022-4543
Sin clasificar
Microsoft
CVE-2025-39932 smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work)
Information published.
CVE-2025-39932
Sin clasificar
Microsoft
CVE-2025-40064 smc: Fix use-after-free in __pnet_find_base_ndev().
Information published.
CVE-2025-40064
Sin clasificar
Microsoft
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Information published.
CVE-2025-58188
Sin clasificar
Microsoft
CVE-2025-39927 ceph: fix race condition validating r_parent before applying state
Information published.
CVE-2025-39927
Sin clasificar
Microsoft
CVE-2025-39901 i40e: remove read access to debugfs files
Information published.
CVE-2025-39901
Sin clasificar
Microsoft
CVE-2025-39905 net: phylink: add lock for serializing concurrent pl->phydev writes with resolver
Information published.
CVE-2025-39905
Baja
Microsoft
CVE-2025-39940 dm-stripe: fix a possible integer overflow
Information published.
CVE-2025-39940
Sin clasificar
Microsoft
CVE-2025-39990 bpf: Check the helper function is valid in get_helper_proto
Information published.
CVE-2025-39990
Sin clasificar
Microsoft
CVE-2025-40003 net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work
Information published.
CVE-2025-40003
Sin clasificar
Microsoft
CVE-2025-40074 ipv4: start using dst_dev_rcu()
Information published.
CVE-2025-40074
Sin clasificar
Microsoft
CVE-2025-40065 RISC-V: KVM: Write hgatp register with valid mode bits
Information published.
CVE-2025-40065
Sin clasificar
Microsoft
CVE-2025-40075 tcp_metrics: use dst_dev_net_rcu()
Information published.
CVE-2025-40075
Sin clasificar
Microsoft
CVE-2025-40057 ptp: Add a upper bound on max_vclocks
Information published.
CVE-2025-40057
Sin clasificar
Microsoft
CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Information published.
CVE-2025-58183
Sin clasificar
Microsoft
CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
Information published.
CVE-2025-61725
Sin clasificar
Microsoft
CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Information published.
CVE-2025-58186
Sin clasificar
Microsoft
CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
Information published.
CVE-2025-61724
Sin clasificar
Microsoft
CVE-2025-40102 KVM: arm64: Prevent access to vCPU events before init
Information published.
CVE-2025-40102
Baja
Microsoft
CVE-2025-21976 fbdev: hyperv_fb: Allow graceful removal of framebuffer
Information published.
CVE-2025-21976
Sin clasificar
Microsoft
CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying
Information published.
CVE-2025-22113
Sin clasificar
Microsoft
CVE-2025-22108 bnxt_en: Mask the bd_cnt field in the TX BD properly
Information published.
CVE-2025-22108
Sin clasificar
Microsoft
CVE-2025-22070 fs/9p: fix NULL pointer dereference on mkdir
Information published.
CVE-2025-22070
Sin clasificar
Microsoft
CVE-2025-21961 eth: bnxt: fix truesize for mb-xdp-pass case
Information published.
CVE-2025-21961
Sin clasificar
Microsoft
CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses
Information published.
CVE-2025-21985
Sin clasificar
Microsoft
CVE-2025-22115 btrfs: fix block group refcount race in btrfs_create_pending_block_groups()
Information published.
CVE-2025-22115
Sin clasificar
Microsoft
CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
Information published.
CVE-2025-21927
Sin clasificar
Microsoft
CVE-2025-21949 LoongArch: Set hugetlb mmap base address aligned with pmd size
Information published.
CVE-2025-21949
Sin clasificar
Microsoft
CVE-2025-23131 dlm: prevent NPD when writing a positive value to event_done
Information published.
CVE-2025-23131
Sin clasificar
Microsoft
CVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folio
Information published.
CVE-2025-21907
Sin clasificar
Microsoft
CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
Information published.
CVE-2025-22124
Sin clasificar
Microsoft
CVE-2025-23135 RISC-V: KVM: Teardown riscv specific bits after kvm_exit
Information published.
CVE-2025-23135
Sin clasificar
Microsoft
CVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
Information published.
CVE-2025-46327
Sin clasificar
Microsoft
CVE-2025-22109 ax25: Remove broken autobind
Information published.
CVE-2025-22109
Sin clasificar
Microsoft
CVE-2025-4035 Libsoup: cookie domain validation bypass via uppercase characters in libsoup
Information published.
CVE-2025-4035
Sin clasificar
Microsoft
CVE-2025-40325 md/raid10: wait barrier before returning discard request with REQ_NOWAIT
Information published.
CVE-2025-40325
Sin clasificar
Microsoft
CVE-2025-37860 sfc: fix NULL dereferences in ef100_process_design_param()
Information published.
CVE-2025-37860
Sin clasificar
Microsoft
CVE-2024-43901 drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401
Information published.
CVE-2024-43901
Sin clasificar
Microsoft
CVE-2024-43872 RDMA/hns: Fix soft lockup under heavy CEQE load
Information published.
CVE-2024-43872
Sin clasificar
Microsoft
CVE-2024-43819 kvm: s390: Reject memory region operations for ucontrol VMs
Information published.
CVE-2024-43819
Sin clasificar
Microsoft
CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed
Information published.
CVE-2024-42317
Sin clasificar
Microsoft
CVE-2024-43886 drm/amd/display: Add null check in resource_log_pipe_topology_update
Information published.
CVE-2024-43886
Sin clasificar
Microsoft
CVE-2024-43824 PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()
Information published.
CVE-2024-43824
Baja
Microsoft
CVE-2013-1633 easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
Information published.
CVE-2013-1633
Sin clasificar
Microsoft
CVE-2025-38333 f2fs: fix to bail out in get_new_segment()
Information published.
CVE-2025-38333
Sin clasificar
Microsoft
CVE-2025-38359 s390/mm: Fix in_atomic() handling in do_secure_storage_access()
Information published.
CVE-2025-38359
Sin clasificar
Microsoft
CVE-2025-38264 nvme-tcp: sanitize request list handling
Information published.
CVE-2025-38264
Sin clasificar
Microsoft
CVE-2025-38303 Bluetooth: eir: Fix possible crashes on eir_create_adv_data
Information published.
CVE-2025-38303
Sin clasificar
Microsoft
CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping
Information published.
CVE-2025-38279
Sin clasificar
Microsoft
CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
Information published.
CVE-2025-38269
Sin clasificar
Microsoft
CVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW error
Information published.
CVE-2025-38096
Sin clasificar
Microsoft
CVE-2025-38272 net: dsa: b53: do not enable EEE on bcm63xx
Information published.
CVE-2025-38272
Baja
Microsoft
CVE-2024-58266 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
Information published.
CVE-2024-58266
Sin clasificar
Microsoft
CVE-2025-38311 iavf: get rid of the crit lock
Information published.
CVE-2025-38311
Sin clasificar
Microsoft
CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs
Information published.
CVE-2025-38140
Sin clasificar
Microsoft
CVE-2024-42107 ice: Don't process extts if PTP is disabled
Information published.
CVE-2024-42107
Sin clasificar
Microsoft
CVE-2024-42064 drm/amd/display: Skip pipe if the pipe idx not set properly
Information published.
CVE-2024-42064
Sin clasificar
Microsoft
CVE-2024-42065 drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
Information published.
CVE-2024-42065
Baja
Microsoft
CVE-2024-42066 drm/xe: Fix potential integer overflow in page size calculation
Information published.
CVE-2024-42066
Sin clasificar
Microsoft
CVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_free
Information published.
CVE-2024-41045
Sin clasificar
Microsoft
CVE-2024-42151 bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
Information published.
CVE-2024-42151
Sin clasificar
Microsoft
CVE-2024-41008 drm/amdgpu: change vm->task_info handling
Information published.
CVE-2024-41008
Sin clasificar
Microsoft
CVE-2024-41082 nvme-fabrics: use reserved tag for reg read/write command
Information published.
CVE-2024-41082
Sin clasificar
Microsoft
CVE-2024-42134 virtio-pci: Check if is_avq is NULL
Information published.
CVE-2024-42134
Sin clasificar
Microsoft
CVE-2024-40999 net: ena: Add validation for completion descriptors consistency
Information published.
CVE-2024-40999
Sin clasificar
Microsoft
CVE-2024-42118 drm/amd/display: Do not return negative stream id for array
Information published.
CVE-2024-42118
Sin clasificar
Microsoft
CVE-2024-39478 crypto: starfive - Do not free stack buffer
Information published.
CVE-2024-39478
Sin clasificar
Microsoft
CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly
Information published.
CVE-2024-41067
Sin clasificar
Microsoft
CVE-2024-41023 sched/deadline: Fix task_struct reference leak
Information published.
CVE-2024-41023
Sin clasificar
Microsoft
CVE-2024-42123 drm/amdgpu: fix double free err_addr pointer warnings
Information published.
CVE-2024-42123
Sin clasificar
Microsoft
CVE-2024-42155 s390/pkey: Wipe copies of protected- and secure-keys
Information published.
CVE-2024-42155
Sin clasificar
Microsoft
CVE-2024-42227 drm/amd/display: Fix overlapping copy within dml_core_mode_programming
Information published.
CVE-2024-42227
Sin clasificar
Microsoft
CVE-2024-42081 drm/xe/xe_devcoredump: Check NULL before assignments
Information published.
CVE-2024-42081
Sin clasificar
Microsoft
CVE-2024-41085 cxl/mem: Fix no cxl_nvd during pmem region auto-assembling
Information published.
CVE-2024-41085
Sin clasificar
Microsoft
CVE-2024-42139 ice: Fix improper extts handling
Information published.
CVE-2024-42139
Sin clasificar
Microsoft
CVE-2024-42158 s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
Information published.
CVE-2024-42158
Media
Microsoft
CVE-2024-23848 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
Information published.
CVE-2024-23848
Sin clasificar
Microsoft
CVE-2025-21696 mm: clear uffd-wp PTE/PMD state on mremap()
Information published.
CVE-2025-21696
Sin clasificar
Microsoft
CVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
Information published.
CVE-2025-21768
Sin clasificar
Microsoft
CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash
Information published.
CVE-2024-57974
Sin clasificar
Microsoft
CVE-2025-21801 net: ravb: Fix missing rtnl lock in suspend/resume path
Information published.
CVE-2025-21801
Sin clasificar
Microsoft
CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed
Information published.
CVE-2024-57976
Sin clasificar
Microsoft
CVE-2025-21732 RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error
Information published.
CVE-2025-21732
Sin clasificar
Microsoft
CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool
Information published.
CVE-2025-21786
Sin clasificar
Microsoft
CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug
Information published.
CVE-2025-21693
Sin clasificar
Microsoft
CVE-2024-58006 PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()
Information published.
CVE-2024-58006
Sin clasificar
Microsoft
CVE-2025-21723 scsi: mpi3mr: Fix possible crash when setting up bsg fails
Information published.
CVE-2025-21723
Sin clasificar
Microsoft
CVE-2025-21714 RDMA/mlx5: Fix implicit ODP use after free
Information published.
CVE-2025-21714
Sin clasificar
Microsoft
CVE-2024-58012 ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params
Information published.
CVE-2024-58012
Sin clasificar
Microsoft
CVE-2024-53050 drm/i915/hdcp: Add encoder check in hdcp2_get_capability
Information published.
CVE-2024-53050
Sin clasificar
Microsoft
CVE-2024-53090 afs: Fix lock recursion
Information published.
CVE-2024-53090
Sin clasificar
Microsoft
CVE-2024-53089 LoongArch: KVM: Mark hrtimer to expire in hard interrupt context
Information published.
CVE-2024-53089
Baja
Microsoft
CVE-2024-30896 InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API.
Information published.
CVE-2024-30896
Sin clasificar
Microsoft
CVE-2024-50177 drm/amd/display: fix a UBSAN warning in DML2.1
Information published.
CVE-2024-50177
Sin clasificar
Microsoft
CVE-2024-50225 btrfs: fix error propagation of split bios
Information published.
CVE-2024-50225
Media
Microsoft
CVE-2024-53056 drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()
Information published.
CVE-2024-53056
Sin clasificar
Microsoft
CVE-2024-50277 dm: fix a crash if blk_alloc_disk fails
Information published.
CVE-2024-50277
Sin clasificar
Microsoft
CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
Information published.
CVE-2024-50217
Sin clasificar
Microsoft
CVE-2024-53084 drm/imagination: Break an object reference loop
Information published.
CVE-2024-53084
Sin clasificar
Microsoft
CVE-2024-50091 dm vdo: don't refer to dedupe_context after releasing it
Information published.
CVE-2024-50091
Baja
Microsoft
CVE-2024-50090 drm/xe/oa: Fix overflow in oa batch buffer
Information published.
CVE-2024-50090
Sin clasificar
Microsoft
CVE-2024-50102 x86: fix user address masking non-canonical speculation issue
Information published.
CVE-2024-50102
Sin clasificar
Microsoft
CVE-2024-50178 cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request()
Information published.
CVE-2024-50178
Sin clasificar
Microsoft
CVE-2024-53051 drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability
Information published.
CVE-2024-53051
Sin clasificar
Microsoft
CVE-2024-57872 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
Information published.
CVE-2024-57872
Sin clasificar
Microsoft
CVE-2024-56775 drm/amd/display: Fix handling of plane refcount
Information published.
CVE-2024-56775
Sin clasificar
Microsoft
CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap
Information published.
CVE-2024-57875
Sin clasificar
Microsoft
CVE-2024-41932 sched: fix warning in sched_setaffinity
Information published.
CVE-2024-41932
Sin clasificar
Microsoft
CVE-2024-57804 scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs
Information published.
CVE-2024-57804
Sin clasificar
Microsoft
CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up
Information published.
CVE-2024-57898
Sin clasificar
Microsoft
CVE-2025-21635 rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
Information published.
CVE-2025-21635
Sin clasificar
Microsoft
CVE-2025-21649 net: hns3: fix kernel crash when 1588 is sent on HIP08 devices
Information published.
CVE-2025-21649
Sin clasificar
Microsoft
CVE-2025-21634 cgroup/cpuset: remove kernfs active break
Information published.
CVE-2025-21634
Sin clasificar
Microsoft
CVE-2024-57809 PCI: imx6: Fix suspend/resume support on i.MX6QDL
Information published.
CVE-2024-57809
Sin clasificar
Microsoft
CVE-2024-56782 ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()
Information published.
CVE-2024-56782
Sin clasificar
Microsoft
CVE-2024-47794 bpf: Prevent tailcall infinite loop caused by freplace
Information published.
CVE-2024-47794
Sin clasificar
Microsoft
CVE-2024-57857 RDMA/siw: Remove direct link to net_device
Information published.
CVE-2024-57857
Sin clasificar
Microsoft
CVE-2025-21672 afs: Fix merge preference rule failure condition
Information published.
CVE-2025-21672
Sin clasificar
Microsoft
CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()
Information published.
CVE-2026-31419
Sin clasificar
Microsoft
CVE-2026-35387 OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.
Information published.
CVE-2026-35387
Sin clasificar
Microsoft
CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN
Information published.
CVE-2026-23472
Sin clasificar
Microsoft
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Information published.
CVE-2026-6100
Sin clasificar
Microsoft
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Information published.
CVE-2026-4786
CVE-2026-4519
Sin clasificar
Microsoft
CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex
Information published.
CVE-2026-31486
Sin clasificar
Microsoft
CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly
Information published.
CVE-2024-35808
Sin clasificar
Microsoft
CVE-2024-35931 drm/amdgpu: Skip do PCI error slot reset during RAS recovery
Information published.
CVE-2024-35931
Baja
Microsoft
CVE-2024-36024 drm/amd/display: Disable idle reallow as part of command/gpint execution
Information published.
CVE-2024-36024
Sin clasificar
Microsoft
CVE-2024-26944 btrfs: zoned: fix use-after-free in do_zone_finish()
Information published.
CVE-2024-26944
Sin clasificar
Microsoft
CVE-2024-27010 net/sched: Fix mirred deadlock on device recursion
Information published.
CVE-2024-27010
Sin clasificar
Microsoft
CVE-2024-35794 dm-raid: really frozen sync_thread during suspend
Information published.
CVE-2024-35794
Sin clasificar
Microsoft
CVE-2024-26962 dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape
Information published.
CVE-2024-26962
Sin clasificar
Microsoft
CVE-2024-27079 iommu/vt-d: Fix NULL domain on device release
Information published.
CVE-2024-27079
Sin clasificar
Microsoft
CVE-2019-11254 Kubernetes API Server denial of service vulnerability from malicious YAML payloads
Information published.
CVE-2019-11254
Sin clasificar
Microsoft
CVE-2023-1386 Qemu: 9pfs: suid/sgid bits not dropped on file write
Information published.
CVE-2023-1386
Sin clasificar
Microsoft
CVE-2026-2297 SourcelessFileLoader does not use io.open_code()
Information published.
CVE-2026-2297
Baja
Microsoft
CVE-2026-4224 Stack overflow parsing XML with deeply nested DTD content models
Information published.
CVE-2026-4224
Sin clasificar
Microsoft
CVE-2026-3644 Incomplete control character validation in http.cookies
Information published.
CVE-2026-3644
Sin clasificar
Microsoft
CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements
Information published.
CVE-2026-23278
Sin clasificar
Microsoft
CVE-2026-23276 net: add xmit recursion limit to tunnel xmit functions
Information published.
CVE-2026-23276
Sin clasificar
Microsoft
CVE-2026-3634 Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header
Information published.
CVE-2026-3634
Sin clasificar
Microsoft
CVE-2026-3632 Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames
Information published.
CVE-2026-3632
Sin clasificar
Microsoft
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz
Information published.
CVE-2026-23377
Sin clasificar
Microsoft
CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
Information published.
CVE-2026-23383
Sin clasificar
Microsoft
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
Information published.
CVE-2026-23371
Sin clasificar
Microsoft
CVE-2026-5119 Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment
Information published.
CVE-2026-5119
Sin clasificar
Microsoft
CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()
Information published.
CVE-2026-23240
Sin clasificar
Microsoft
CVE-2026-23247 tcp: secure_seq: add back ports to TS offset
Information published.
CVE-2026-23247
Sin clasificar
Microsoft
CVE-2026-3633 Libsoup: libsoup: header and http request injection via crlf injection
Information published.
CVE-2026-3633
Sin clasificar
Microsoft
CVE-2026-3099 Libsoup: libsoup: authentication bypass via digest authentication replay attack
Information published.
CVE-2026-3099
Sin clasificar
Microsoft
CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
Information published.
CVE-2025-13462
Sin clasificar
Microsoft
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
Information published.
CVE-2026-23361
Sin clasificar
Microsoft
CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()
Information published.
CVE-2026-23346
Baja
Microsoft
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Information published.
CVE-2025-49010
Sin clasificar
Microsoft
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Information published.
CVE-2025-66038
Sin clasificar
Microsoft
CVE-2025-37907 accel/ivpu: Fix locking order in ivpu_job_submit
Information published.
CVE-2025-37907
Sin clasificar
Microsoft
CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio
Information published.
CVE-2025-37834
Sin clasificar
Microsoft
CVE-2025-37870 drm/amd/display: prevent hang on link training fail
Information published.
CVE-2025-37870
Sin clasificar
Microsoft
CVE-2025-37877 iommu: Clear iommu-dma ops on cleanup
Information published.
CVE-2025-37877
Sin clasificar
Microsoft
CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
Information published.
CVE-2025-37826
Sin clasificar
Microsoft
CVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
Information published.
CVE-2025-37745
Sin clasificar
Microsoft
CVE-2025-37856 btrfs: harden block_group::bg_list against list_del() races
Information published.
CVE-2025-37856
Sin clasificar
Microsoft
CVE-2025-37882 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
Information published.
CVE-2025-37882
Sin clasificar
Microsoft
CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
Information published.
CVE-2025-37861
Sin clasificar
Microsoft
CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap
Information published.
CVE-2025-37807
Sin clasificar
Microsoft
CVE-2025-37747 perf: Fix hang while freeing sigtrap event
Information published.
CVE-2025-37747
Sin clasificar
Microsoft
CVE-2025-37750 smb: client: fix UAF in decryption with multichannel
Information published.
CVE-2025-37750
Sin clasificar
Microsoft
CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq
Information published.
CVE-2023-52586
Sin clasificar
Microsoft
CVE-2023-52624 drm/amd/display: Wake DMCUB before executing GPINT commands
Information published.
CVE-2023-52624
Sin clasificar
Microsoft
CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'
Information published.
CVE-2024-26672
Sin clasificar
Microsoft
CVE-2024-26757 md: Don't ignore read-only array in md_check_recovery()
Information published.
CVE-2024-26757
Sin clasificar
Microsoft
CVE-2024-26758 md: Don't ignore suspended array in md_check_recovery()
Information published.
CVE-2024-26758
Sin clasificar
Microsoft
CVE-2024-26756 md: Don't register sync_thread for reshape directly
Information published.
CVE-2024-26756
Sin clasificar
Microsoft
CVE-2024-26914 drm/amd/display: fix incorrect mpc_combine array size
Information published.
CVE-2024-26914
Sin clasificar
Microsoft
CVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi module
Information published.
CVE-2024-24856
Sin clasificar
Microsoft
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Information published.
CVE-2026-27136
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Baja
Microsoft
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Information published.
CVE-2026-9150
Baja
Microsoft
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
Information published.
CVE-2026-9149
Sin clasificar
Microsoft
CVE-2026-45877 HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients
Information published.
CVE-2026-45877
Sin clasificar
Microsoft
CVE-2026-45917 ipvs: do not keep dest_dst if dev is going down
Information published.
CVE-2026-45917
Sin clasificar
Microsoft
CVE-2026-46059 KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN
Information published.
CVE-2026-46059
Sin clasificar
Microsoft
CVE-2026-45901 netfilter: nf_tables: revert commit_mutex usage in reset path
Information published.
CVE-2026-45901
Sin clasificar
Microsoft
CVE-2026-45894 iommu/vt-d: Clear Present bit before tearing down PASID entry
Information published.
CVE-2026-45894
Sin clasificar
Microsoft
CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks
Information published.
CVE-2026-46054
Sin clasificar
Microsoft
CVE-2026-45944 iommu/vt-d: Clear Present bit before tearing down context entry
Information published.
CVE-2026-45944
Sin clasificar
Microsoft
CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given
Information published.
CVE-2026-45932
Sin clasificar
Microsoft
CVE-2026-45961 gfs2: fix memory leaks in gfs2_fill_super error path
Information published.
CVE-2026-45961
Sin clasificar
Microsoft
CVE-2026-45940 net: stmmac: fix oops when split header is enabled
Information published.
CVE-2026-45940
Sin clasificar
Microsoft
CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory
Information published.
CVE-2026-45893
Sin clasificar
Microsoft
CVE-2026-45943 erofs: fix inline data read failure for ztailpacking pclusters
Information published.
CVE-2026-45943
Sin clasificar
Microsoft
CVE-2026-46017 mm: fix deferred split queue races during migration
Information published.
CVE-2026-46017
Sin clasificar
Microsoft
CVE-2026-45897 netfilter: nft_counter: serialize reset with spinlock
Information published.
CVE-2026-45897
Sin clasificar
Microsoft
CVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directories
Information published.
CVE-2026-45571
Sin clasificar
Microsoft
CVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation
Information published.
CVE-2026-45859
Sin clasificar
Microsoft
CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT
Information published.
CVE-2026-46032
Sin clasificar
Microsoft
CVE-2026-46014 KVM: SVM: Add missing save/restore handling of LBR MSRs
Information published.
CVE-2026-46014
Sin clasificar
Microsoft
CVE-2026-45861 gfs2: Fix slab-use-after-free in qd_put
Information published.
CVE-2026-45861
Sin clasificar
Microsoft
CVE-2026-45963 ASoC: nau8821: Cancel delayed work on component remove
Information published.
CVE-2026-45963
Sin clasificar
Microsoft
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Information published.
CVE-2026-42250
Sin clasificar
Microsoft
CVE-2026-46158 mptcp: pm: ADD_ADDR rtx: always decrease sk refcount
Information published.
CVE-2026-46158
Sin clasificar
Microsoft
CVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if last
Information published.
CVE-2026-46170
Sin clasificar
Microsoft
CVE-2026-46175 f2fs: fix fsck inconsistency caused by FGGC of node block
Information published.
CVE-2026-46175
Sin clasificar
Microsoft
CVE-2026-46153 8021q: delete cleared egress QoS mappings
Information published.
CVE-2026-46153
Sin clasificar
Microsoft
CVE-2026-46241 spi: mpc52xx: fix use-after-free on registration failure
Information published.
CVE-2026-46241
Sin clasificar
Microsoft
CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()
Information published.
CVE-2026-46147
Sin clasificar
Microsoft
CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown
Information published.
CVE-2026-46135
Sin clasificar
Microsoft
CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
Information published.
CVE-2026-46181
Sin clasificar
Microsoft
CVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAF
Information published.
CVE-2026-46242
Sin clasificar
Microsoft
CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error
Information published.
CVE-2026-6324
Sin clasificar
Microsoft
CVE-2026-43059 Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers
Information published.
CVE-2026-43059
Sin clasificar
Microsoft
CVE-2026-45973 RDMA/mlx5: Fix UMR hang in LAG error state unload
Information published.
CVE-2026-45973
Sin clasificar
Microsoft
CVE-2026-46071 KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12
Information published.
CVE-2026-46071
Sin clasificar
Microsoft
CVE-2026-46066 ceph: fix num_ops off-by-one when crypto allocation fails
Information published.
CVE-2026-46066
Sin clasificar
Microsoft
CVE-2026-45855 ata: libata-scsi: avoid Non-NCQ command starvation
Information published.
CVE-2026-45855
Sin clasificar
Microsoft
CVE-2026-45570 go-git: Improper single-quote escaping in go-git SSH transport
Information published.
CVE-2026-45570
Sin clasificar
Microsoft
CVE-2026-45949 hwrng: core - use RCU and work_struct to fix race condition
Information published.
CVE-2026-45949
Sin clasificar
Microsoft
CVE-2026-46044 ipmi:ssif: Clean up kthread on errors
Information published.
CVE-2026-46044
Sin clasificar
Microsoft
CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation
Information published.
CVE-2026-45934
Sin clasificar
Microsoft
CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop
Information published.
CVE-2026-46090
Sin clasificar
Microsoft
CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
Information published.
CVE-2026-46076
Sin clasificar
Microsoft
CVE-2026-46200 spi: mpc52xx: fix controller deregistration
Information published.
CVE-2026-46200
Sin clasificar
Microsoft
CVE-2026-46171 riscv: kvm: fix vector context allocation leak
Information published.
CVE-2026-46171
Sin clasificar
Microsoft
CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3)
Information published.
CVE-2026-46130
Baja
Microsoft
CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI
Information published.
CVE-2026-44839
Sin clasificar
Microsoft
CVE-2026-46140 Bluetooth: btmtk: validate WMT event SKB length before struct access
Information published.
CVE-2026-46140
Sin clasificar
Microsoft
CVE-2025-39779 btrfs: subpage: keep TOWRITE tag until folio is cleaned
Information published.
CVE-2025-39779
Sin clasificar
Microsoft
CVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migration
Information published.
CVE-2025-39754
Sin clasificar
Microsoft
CVE-2025-39762 drm/amd/display: add null check
Information published.
CVE-2025-39762
Sin clasificar
Microsoft
CVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliable
Information published.
CVE-2025-39746
Sin clasificar
Microsoft
CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup
Information published.
CVE-2025-39747
Sin clasificar
Microsoft
CVE-2025-39789 crypto: x86/aegis - Add missing error checks
Information published.
CVE-2025-39789
Sin clasificar
Microsoft
CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer
Information published.
CVE-2025-39833
Sin clasificar
Microsoft
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
Information published.
CVE-2025-39850
Sin clasificar
Microsoft
CVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog
Information published.
CVE-2025-39859
Sin clasificar
Microsoft
CVE-2025-38705 drm/amd/pm: fix null pointer access
Information published.
CVE-2025-38705
Sin clasificar
Microsoft
CVE-2025-38722 habanalabs: fix UAF in export_dmabuf()
Information published.
CVE-2025-38722
Sin clasificar
Microsoft
CVE-2025-38717 net: kcm: Fix race condition in kcm_unattach()
Information published.
CVE-2025-38717
Sin clasificar
Microsoft
CVE-2025-39705 drm/amd/display: fix a Null pointer dereference vulnerability
Information published.
CVE-2025-39705
Sin clasificar
Microsoft
CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal
Information published.
CVE-2025-39677
Sin clasificar
Microsoft
CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
Information published.
CVE-2025-39707
Sin clasificar
Microsoft
CVE-2025-9901 Libsoup: improper handling of http vary header in libsoup caching
Information published.
CVE-2025-9901
Sin clasificar
Microsoft
CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown
Information published.
CVE-2025-39810
Sin clasificar
Microsoft
CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object
Information published.
CVE-2025-39851
Sin clasificar
Microsoft
CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart
Information published.
CVE-2025-39862
Sin clasificar
Microsoft
CVE-2024-58241 Bluetooth: hci_core: Disable works on hci_unregister_dev
Information published.
CVE-2024-58241
Sin clasificar
Microsoft
CVE-2026-46245 drm/amd/display: Fix dc_link NULL handling in HPD init
Information published.
CVE-2026-46245
Sin clasificar
Microsoft
CVE-2026-46252 regulator: core: fix locking in regulator_resolve_supply() error path
Information published.
CVE-2026-46252
Sin clasificar
Microsoft
CVE-2026-46244 netfilter: nft_inner: Fix IPv6 inner_thoff desync
Information published.
CVE-2026-46244
Sin clasificar
Microsoft
CVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime
Information published.
CVE-2026-42504
Sin clasificar
Microsoft
CVE-2026-46275 Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
Information published.
CVE-2026-46275
Sin clasificar
Microsoft
CVE-2026-46282 iio: frequency: admv1013: fix NULL pointer dereference on str
Information published.
CVE-2026-46282
Baja
Microsoft
CVE-2026-46302 selinux: allow multiple opens of /sys/fs/selinux/policy
Information published.
CVE-2026-46302
Sin clasificar
Microsoft
CVE-2026-46314 drm/v3d: Reject empty multisync extension to prevent infinite loop
Information published.
CVE-2026-46314
Sin clasificar
Microsoft
CVE-2025-71315 drm/vkms: Convert to DRM's vblank timer
Information published.
CVE-2025-71315
Sin clasificar
Microsoft
CVE-2026-46323 net: gro: don't merge zcopy skbs
Information published.
CVE-2026-46323
Sin clasificar
Microsoft
CVE-2026-46324 netfilter: nf_tables: use list_del_rcu for netlink hooks
Information published.
CVE-2026-46324
Baja
Microsoft
CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling
Information published.
CVE-2026-48914
Baja
Microsoft
CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow
Information published.
CVE-2026-9669
Sin clasificar
Microsoft
CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2
Information published.
CVE-2026-43966
Sin clasificar
Microsoft
CVE-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation
Information published.
CVE-2026-12003
Sin clasificar
Microsoft
CVE-2026-52953 iommu/vt-d: Fix oops due to out of scope access
Information published.
CVE-2026-52953
Baja
Microsoft
CVE-2026-56405 libexpat before 2.8.2 has an integer overflow in getAttributeId.
Information published.
CVE-2026-56405
Sin clasificar
Microsoft
CVE-2026-53005 af_unix: Drop all SCM attributes for SOCKMAP.
Information published.
CVE-2026-53005
Sin clasificar
Microsoft
CVE-2026-53239 xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx()
Information published.
CVE-2026-53239
Sin clasificar
Microsoft
CVE-2026-52912 netfilter: nf_queue: hold bridge skb->dev while queued
Information published.
CVE-2026-52912
Sin clasificar
Microsoft
CVE-2026-55653 Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service
Information published.
CVE-2026-55653
Baja
Microsoft
CVE-2026-56406 libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.
Information published.
CVE-2026-56406
Sin clasificar
Microsoft
CVE-2026-53213 drm/vc4: fix krealloc() memory leak
Information published.
CVE-2026-53213
Sin clasificar
Microsoft
CVE-2026-52931 batman-adv: tp_meter: avoid use of uninit sender vars
Information published.
CVE-2026-52931
Sin clasificar
Microsoft
CVE-2026-55655 Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions
Information published.
CVE-2026-55655
Sin clasificar
Microsoft
CVE-2026-53147 thunderbolt: Validate XDomain request packet size before type cast
Information published.
CVE-2026-53147
Sin clasificar
Microsoft
CVE-2026-9675 undici WebSocket client vulnerable to denial of service via cumulative fragment bypass
Information published.
CVE-2026-9675
Sin clasificar
Microsoft
CVE-2026-53159 misc: fastrpc: fix DMA address corruption due to find_vma misuse
Information published.
CVE-2026-53159
Sin clasificar
Microsoft
CVE-2026-56131 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).
Information published.
CVE-2026-56131
CVE-2026-50219
Sin clasificar
Microsoft
CVE-2026-53274 net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS
Information published.
CVE-2026-53274
Sin clasificar
Microsoft
CVE-2026-52915 netfilter: ip6t_hbh: reject oversized option lists
Information published.
CVE-2026-52915
Sin clasificar
Microsoft
CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
Information published.
CVE-2026-9697
Sin clasificar
Microsoft
CVE-2026-53230 net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list
Information published.
CVE-2026-53230
Sin clasificar
Microsoft
CVE-2026-52956 libceph: Fix potential out-of-bounds access in __ceph_x_decrypt()
Information published.
CVE-2026-52956
Baja
Microsoft
CVE-2026-53194 USB: serial: kl5kusb105: fix bulk-out buffer overflow
Information published.
CVE-2026-53194
Sin clasificar
Microsoft
CVE-2026-53115 bus: fsl-mc: use generic driver_override infrastructure
Information published.
CVE-2026-53115
Sin clasificar
Microsoft
CVE-2026-53161 misc: fastrpc: fix use-after-free of fastrpc_user in workqueue context
Information published.
CVE-2026-53161
Sin clasificar
Microsoft
CVE-2026-53163 locking/rtmutex: Skip remove_waiter() when waiter is not enqueued
Information published.
CVE-2026-53163
Sin clasificar
Microsoft
CVE-2026-53254 Bluetooth: RFCOMM: validate skb length in MCC handlers
Information published.
CVE-2026-53254
Baja
Microsoft
CVE-2026-52916 batman-adv: frag: disallow unicast fragment in fragment
Information published.
CVE-2026-52916
Sin clasificar
Microsoft
CVE-2026-53017 f2fs: fix data loss caused by incorrect use of nat_entry flag
Information published.
CVE-2026-53017
Sin clasificar
Microsoft
CVE-2026-53089 bpf: Fix use-after-free in offloaded map/prog info fill
Information published.
CVE-2026-53089
Sin clasificar
Microsoft
CVE-2026-53158 misc: fastrpc: Fix NULL pointer dereference in rpmsg callback
Information published.
CVE-2026-53158
Sin clasificar
Microsoft
CVE-2026-53120 PCI: use generic driver_override infrastructure
Information published.
CVE-2026-53120
Sin clasificar
Microsoft
CVE-2026-53151 rxrpc: Fix the ACK parser to extract the SACK table for parsing
Information published.
CVE-2026-53151
Sin clasificar
Microsoft
CVE-2026-52934 batman-adv: tvlv: reject oversized TVLV packets
Information published.
CVE-2026-52934
Sin clasificar
Microsoft
CVE-2026-53267 netfilter: nft_ct: bail out on template ct in get eval
Information published.
CVE-2026-53267
Sin clasificar
Microsoft
CVE-2026-53249 ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options
Information published.
CVE-2026-53249
Sin clasificar
Microsoft
CVE-2026-52943 net: skbuff: fix missing zerocopy reference in pskb_carve helpers
Information published.
CVE-2026-52943
Sin clasificar
Microsoft
CVE-2026-53139 drm/v3d: Skip CSD when it has zeroed workgroups
Information published.
CVE-2026-53139
Sin clasificar
Microsoft
CVE-2026-52942 netfilter: nf_log: validate MAC header was set before dumping it
Information published.
CVE-2026-52942
Sin clasificar
Microsoft
CVE-2026-52957 libceph: Fix potential null-ptr-deref in decode_choose_args()
Information published.
CVE-2026-52957
Sin clasificar
Microsoft
CVE-2026-53131 netfilter: require Ethernet MAC header before using eth_hdr()
Information published.
CVE-2026-53131
Sin clasificar
Microsoft
CVE-2026-53177 bnxt_en: Fix NULL pointer dereference
Information published.
CVE-2026-53177
Sin clasificar
Microsoft
CVE-2026-53198 ksmbd: fix use-after-free of a deferred file_lock on double SMB2_CANCEL
Information published.
CVE-2026-53198
Sin clasificar
Microsoft
CVE-2026-53214 ipv6: Fix a potential NPD in cleanup_prefix_route()
Information published.
CVE-2026-53214
Sin clasificar
Microsoft
CVE-2026-53218 netfilter: nft_exthdr: fix register tracking for F_PRESENT flag
Information published.
CVE-2026-53218
Sin clasificar
Microsoft
CVE-2026-53097 wifi: mt76: mt7996: fix use-after-free bugs in mt7996_mac_dump_work()
Information published.
CVE-2026-53097
Sin clasificar
Microsoft
CVE-2026-53107 wifi: libertas: don't kill URBs in interrupt context
Information published.
CVE-2026-53107
Sin clasificar
Microsoft
CVE-2026-53166 futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock
Information published.
CVE-2026-53166
Sin clasificar
Microsoft
CVE-2026-53220 netfilter: revalidate bridge ports
Information published.
CVE-2026-53220
Sin clasificar
Microsoft
CVE-2026-53179 staging: rtl8723bs: fix buffer over-read in rtw_update_protection
Information published.
CVE-2026-53179
Sin clasificar
Microsoft
CVE-2026-53228 ipv6: sit: reload inner IPv6 header after GSO offloads
Information published.
CVE-2026-53228
Sin clasificar
Microsoft
CVE-2026-53132 vsock/virtio: fix potential unbounded skb queue
Information published.
CVE-2026-53132
Sin clasificar
Microsoft
CVE-2026-52961 ceph: fix BUG_ON in __ceph_build_xattrs_blob() due to stale blob size
Information published.
CVE-2026-52961
Sin clasificar
Microsoft
CVE-2026-53208 Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig
Information published.
CVE-2026-53208
Sin clasificar
Microsoft
CVE-2026-53010 ksmbd: fix use-after-free in smb2_open during durable reconnect
Information published.
CVE-2026-53010
Sin clasificar
Microsoft
CVE-2026-52937 tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDR
Information published.
CVE-2026-52937
Sin clasificar
Microsoft
CVE-2026-53109 powerpc/pgtable-frag: Fix bad page state in pte_frag_destroy
Information published.
CVE-2026-53109
Baja
Microsoft
CVE-2026-53106 bpf: Do not allow deleting local storage in NMI
Information published.
CVE-2026-53106
Sin clasificar
Microsoft
CVE-2026-53217 net: mvpp2: sync RX data at the hardware packet offset
Information published.
CVE-2026-53217
Sin clasificar
Microsoft
CVE-2026-53186 RDMA/srp: bound SRP_RSP sense copy by the received length
Information published.
CVE-2026-53186
Sin clasificar
Microsoft
CVE-2026-53268 netfilter: conntrack_irc: fix possible out-of-bounds read
Information published.
CVE-2026-53268
Sin clasificar
Microsoft
CVE-2026-53053 iommu/amd: Fix clone_alias() to use the original device's devid
Information published.
CVE-2026-53053
Sin clasificar
Microsoft
CVE-2026-52926 batman-adv: clear current gateway during teardown
Information published.
CVE-2026-52926
Sin clasificar
Microsoft
CVE-2026-52927 netfilter: ebtables: fix OOB read in compat_mtw_from_user
Information published.
CVE-2026-52927
Sin clasificar
Microsoft
CVE-2026-53219 netfilter: x_tables: avoid leaking percpu counter pointers
Information published.
CVE-2026-53219
Sin clasificar
Microsoft
CVE-2026-53157 net: phonet: free phonet_device after RCU grace period
Information published.
CVE-2026-53157
Sin clasificar
Microsoft
CVE-2026-53102 wifi: mt76: Fix memory leak after mt76_connac_mcu_alloc_sta_req()
Information published.
CVE-2026-53102
Sin clasificar
Microsoft
CVE-2026-53247 net: ethernet: mtk_eth_soc: Fix use-after-free in metadata dst teardown
Information published.
CVE-2026-53247
Sin clasificar
Microsoft
CVE-2026-57452 Vim: Out-of-bounds Read with libsodium-encrypted Files
Information published.
CVE-2026-57452
Sin clasificar
Microsoft
CVE-2026-55895 Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename
Information published.
CVE-2026-55895
Sin clasificar
Microsoft
CVE-2026-53221 ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()
Information published.
CVE-2026-53221
Sin clasificar
Microsoft
CVE-2026-55693 Vim: Out-of-bounds Write in Spell File Word Count
Information published.
CVE-2026-55693
Sin clasificar
Microsoft
CVE-2026-53253 Bluetooth: bnep: reject short frames before parsing
Information published.
CVE-2026-53253
Baja
Microsoft
CVE-2026-53196 USB: serial: io_ti: fix heap overflow in get_manuf_info()
Information published.
CVE-2026-53196
Sin clasificar
Microsoft
CVE-2026-57455 Vim: Stack out-of-bounds write in `spell_soundfold_sofo()` via an over-length `soundfold()` argument
Information published.
CVE-2026-57455
Sin clasificar
Microsoft
CVE-2026-53025 greybus: raw: fix use-after-free on cdev close
Information published.
CVE-2026-53025
Sin clasificar
Microsoft
CVE-2026-57456 Vim: Arbitrary Code Execution via Python Omni-Completion Docstrings
Information published.
CVE-2026-57456
Sin clasificar
Microsoft
CVE-2026-57453 Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction
Information published.
CVE-2026-57453
Sin clasificar
Microsoft
CVE-2026-53215 net: mvpp2: refill RX buffers before XDP or skb use
Information published.
CVE-2026-53215
Sin clasificar
Microsoft
CVE-2026-55892 Vim: Out-of-bounds Write in Spell File Prefix Dump
Information published.
CVE-2026-55892
Sin clasificar
Microsoft
CVE-2026-53154 mm/hugetlb: restore reservation on error in hugetlb folio copy paths
Information published.
CVE-2026-53154
Sin clasificar
Microsoft
CVE-2026-52941 net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint
Information published.
CVE-2026-52941
Baja
Microsoft
CVE-2026-53263 6lowpan: fix off-by-one in multicast context address compression
Information published.
CVE-2026-53263
Sin clasificar
Microsoft
CVE-2026-52947 net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove
Information published.
CVE-2026-52947
Sin clasificar
Microsoft
CVE-2026-52991 sched/psi: fix race between file release and pressure write
Information published.
CVE-2026-52991
Sin clasificar
Microsoft
CVE-2026-52988 netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase
Information published.
CVE-2026-52988
Sin clasificar
Microsoft
CVE-2026-57454 Vim: Out-of-bounds Read with Text Properties
Information published.
CVE-2026-57454
Sin clasificar
Microsoft
CVE-2026-46243 smb: client: reject userspace cifs.spnego descriptions
Information published.
CVE-2026-46243
Sin clasificar
Microsoft
CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory
Information published.
CVE-2026-8643
Baja
Microsoft
CVE-2026-46254 AppArmor: Allow apparmor to handle unaligned dfa tables
Information published.
CVE-2026-46254
Sin clasificar
Microsoft
CVE-2025-71313 PCI: endpoint: Add missing NULL check for alloc_workqueue()
Information published.
CVE-2025-71313
Sin clasificar
Microsoft
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto
Information published.
CVE-2026-42507
Baja
Microsoft
CVE-2026-10275 OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow
Information published.
CVE-2026-10275
Sin clasificar
Microsoft
CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509
Information published.
CVE-2026-27145
Sin clasificar
Microsoft
CVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()
Information published.
CVE-2026-3276
Baja
Microsoft
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
Information published.
CVE-2026-7774
Sin clasificar
Microsoft
CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service
Information published.
CVE-2026-49762
Sin clasificar
Microsoft
CVE-2026-46325 RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE
Information published.
CVE-2026-46325
Sin clasificar
Microsoft
CVE-2026-46330 Revert "net/smc: Introduce TCP ULP support"
Information published.
CVE-2026-46330
Sin clasificar
Microsoft
CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption
Information published.
CVE-2026-46331
Baja
Microsoft
CVE-2026-43973 gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion
Information published.
CVE-2026-43973
Baja
Microsoft
CVE-2026-52948 i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl
Information published.
CVE-2026-52948
Sin clasificar
Microsoft
CVE-2026-53136 drm/amd/display: Clamp VBIOS HDMI retimer register count to array size
Information published.
CVE-2026-53136
Sin clasificar
Microsoft
CVE-2026-53227 net: openvswitch: fix possible kfree_skb of ERR_PTR
Information published.
CVE-2026-53227
Baja
Microsoft
CVE-2026-56407 libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.
Information published.
CVE-2026-56407
Baja
Microsoft
CVE-2026-56404 libexpat before 2.8.2 has an integer overflow in addBinding.
Information published.
CVE-2026-56404
Sin clasificar
Microsoft
CVE-2026-53207 mm/memory-failure: fix hugetlb_lock AA deadlock in get_huge_page_for_hwpoison
Information published.
CVE-2026-53207
Sin clasificar
Microsoft
CVE-2026-52913 batman-adv: v: stop OGMv2 on disabled interface
Information published.
CVE-2026-52913
Sin clasificar
Microsoft
CVE-2026-53027 fs/ntfs3: fix missing run load for vcn0 in attr_data_get_block_locked()
Information published.
CVE-2026-53027
Baja
Microsoft
CVE-2026-56403 libexpat before 2.8.2 has an integer overflow in storeAtts.
Information published.
CVE-2026-56403
Sin clasificar
Microsoft
CVE-2026-53238 netlabel: validate unlabeled address and mask attribute lengths
Information published.
CVE-2026-53238
Sin clasificar
Microsoft
CVE-2026-52921 netfilter: ipset: stop hash:* range iteration at end
Information published.
CVE-2026-52921
Sin clasificar
Microsoft
CVE-2026-53024 greybus: raw: fix use-after-free if write is called after disconnect
Information published.
CVE-2026-53024
Sin clasificar
Microsoft
CVE-2026-53270 ipvs: clear the svc scheduler ptr early on edit
Information published.
CVE-2026-53270
Sin clasificar
Microsoft
CVE-2026-11525 undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching
Information published.
CVE-2026-11525
Baja
Microsoft
CVE-2026-56132 In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
Information published.
CVE-2026-56132
Sin clasificar
Microsoft
CVE-2026-53129 fs/mbcache: cancel shrink work before destroying the cache
Information published.
CVE-2026-53129
Sin clasificar
Microsoft
CVE-2026-48142 NGINX ngx_http_charset_module vulnerability
Information published.
CVE-2026-48142
Sin clasificar
Microsoft
CVE-2026-53242 ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams
Information published.
CVE-2026-53242
Sin clasificar
Microsoft
CVE-2026-53236 tcp: restrict SO_ATTACH_FILTER to priv users
Information published.
CVE-2026-53236
Sin clasificar
Microsoft
CVE-2026-53118 vdpa: use generic driver_override infrastructure
Information published.
CVE-2026-53118
Sin clasificar
Microsoft
CVE-2026-56412 libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.
Information published.
CVE-2026-56412
CVE-2026-50219
Sin clasificar
Microsoft
CVE-2026-53266 netfilter: bridge: make ebt_snat ARP rewrite writable
Information published.
CVE-2026-53266
Sin clasificar
Microsoft
CVE-2026-53138 drm/amd/display: Bound VBIOS record-chain walk loops
Information published.
CVE-2026-53138
Sin clasificar
Microsoft
CVE-2026-53146 thunderbolt: Limit XDomain response copy to actual frame size
Information published.
CVE-2026-53146
Sin clasificar
Microsoft
CVE-2026-53264 net/sched: act_api: use RCU with deferred freeing for action lifecycle
Information published.
CVE-2026-53264
Baja
Microsoft
CVE-2026-3195 Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730)
Information published.
CVE-2026-3195
CVE-2024-7730
Baja
Microsoft
CVE-2026-3196 Qemu-kvm: virtio-snd: integer overflow leading to unbounded memory allocation
Information published.
CVE-2026-3196
Sin clasificar
Microsoft
CVE-2026-53182 wifi: nl80211: reject oversized EMA RNR lists
Information published.
CVE-2026-53182
Sin clasificar
Microsoft
CVE-2026-11972 tarfile opened in streaming mode mishandles EOF
Information published.
CVE-2026-11972
Sin clasificar
Microsoft
CVE-2026-52924 sctp: purge outqueue on stale COOKIE-ECHO handling
Information published.
CVE-2026-52924
Sin clasificar
Microsoft
CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method
Information published.
CVE-2026-0864
Sin clasificar
Microsoft
CVE-2026-55199 libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler
Information published.
CVE-2026-55199
Sin clasificar
Microsoft
CVE-2026-55200 libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
Information published.
CVE-2026-55200
Sin clasificar
Microsoft
CVE-2026-53246 sctp: validate cached peer INIT chunk length in COOKIE_ECHO processing
Information published.
CVE-2026-53246
Sin clasificar
Microsoft
CVE-2026-53150 thunderbolt: Reject zero-length property entries in validator
Information published.
CVE-2026-53150
Sin clasificar
Microsoft
CVE-2026-53149 thunderbolt: Bound root directory content to block size
Information published.
CVE-2026-53149
Sin clasificar
Microsoft
CVE-2026-53181 vsock/vmci: fix sk_ack_backlog leak on failed handshake
Information published.
CVE-2026-53181
Sin clasificar
Microsoft
CVE-2026-53018 f2fs: avoid reading already updated pages during GC
Information published.
CVE-2026-53018
Sin clasificar
Microsoft
CVE-2025-15661 libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c
Information published.
CVE-2025-15661
Sin clasificar
Microsoft
CVE-2026-53184 udp: clear skb->dev before running a sockmap verdict
Information published.
CVE-2026-53184
Sin clasificar
Microsoft
CVE-2026-52923 ipc: limit next_id allocation to the valid ID range
Information published.
CVE-2026-52923
Sin clasificar
Microsoft
CVE-2026-53178 staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction
Information published.
CVE-2026-53178
Baja
Microsoft
CVE-2026-53143 drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11
Information published.
CVE-2026-53143
Sin clasificar
Microsoft
CVE-2026-53209 Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend
Information published.
CVE-2026-53209
Sin clasificar
Microsoft
CVE-2026-53275 ipv6: mcast: Fix use-after-free when processing MLD queries
Information published.
CVE-2026-53275
Sin clasificar
Microsoft
CVE-2026-53192 ALSA: timer: Fix UAF at snd_timer_user_params()
Information published.
CVE-2026-53192
Sin clasificar
Microsoft
CVE-2026-52960 ceph: put folios not suitable for writeback
Information published.
CVE-2026-52960
Sin clasificar
Microsoft
CVE-2026-53133 RDMA/umem: Fix truncation for block sizes >= 4G
Information published.
CVE-2026-53133
Baja
Microsoft
CVE-2026-52919 batman-adv: fix tp_meter counter underflow during shutdown
Information published.
CVE-2026-52919
Sin clasificar
Microsoft
CVE-2026-53078 bpf: Fix same-register dst/src OOB read and pointer leak in sock_ops
Information published.
CVE-2026-53078
Sin clasificar
Microsoft
CVE-2026-53009 ice: fix double-free of tx_buf skb
Information published.
CVE-2026-53009
Sin clasificar
Microsoft
CVE-2026-52946 fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling
Information published.
CVE-2026-52946
Sin clasificar
Microsoft
CVE-2026-53255 Bluetooth: MGMT: validate advertising TLV before type checks
Information published.
CVE-2026-53255
Sin clasificar
Microsoft
CVE-2026-53113 wifi: ath11k: fix memory leaks in beacon template setup
Information published.
CVE-2026-53113
Sin clasificar
Microsoft
CVE-2026-53015 erofs: unify lcn as u64 for 32-bit platforms
Information published.
CVE-2026-53015
Sin clasificar
Microsoft
CVE-2026-53265 dm cache policy smq: check allocation under invalidate lock
Information published.
CVE-2026-53265
Sin clasificar
Microsoft
CVE-2026-52922 batman-adv: dat: handle forward allocation error
Information published.
CVE-2026-52922
Sin clasificar
Microsoft
CVE-2026-53237 gpio: mvebu: fix NULL pointer dereference in suspend/resume
Information published.
CVE-2026-53237
Sin clasificar
Microsoft
CVE-2026-52954 libceph: handle rbtree insertion error in decode_choose_args()
Information published.
CVE-2026-52954
Sin clasificar
Microsoft
CVE-2026-53148 thunderbolt: Clamp XDomain response data copy to allocation size
Information published.
CVE-2026-53148
Sin clasificar
Microsoft
CVE-2026-53000 netfilter: nat: use kfree_rcu to release ops
Information published.
CVE-2026-53000
Sin clasificar
Microsoft
CVE-2026-53225 sctp: fix uninit-value in __sctp_rcv_asconf_lookup()
Information published.
CVE-2026-53225
Sin clasificar
Microsoft
CVE-2026-53262 l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl()
Information published.
CVE-2026-53262
Sin clasificar
Microsoft
CVE-2026-53245 net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr
Information published.
CVE-2026-53245
Sin clasificar
Microsoft
CVE-2026-53199 hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf
Information published.
CVE-2026-53199
Sin clasificar
Microsoft
CVE-2026-53258 wifi: fix leak if split 6 GHz scanning fails
Information published.
CVE-2026-53258
Sin clasificar
Microsoft
CVE-2026-53160 misc: fastrpc: fix use-after-free race in fastrpc_map_create
Information published.
CVE-2026-53160
Baja
Microsoft
CVE-2026-53183 mptcp: allow subflow rcv wnd to shrink
Information published.
CVE-2026-53183
Sin clasificar
Microsoft
CVE-2026-53226 gpio: rockchip: fix generic IRQ chip leak on remove
Information published.
CVE-2026-53226
Sin clasificar
Microsoft
CVE-2026-52930 ipc/shm: serialize orphan cleanup with shm_nattch updates
Information published.
CVE-2026-52930
Sin clasificar
Microsoft
CVE-2026-53135 drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs
Information published.
CVE-2026-53135
Sin clasificar
Microsoft
CVE-2026-53080 net/sched: cls_fw: fix NULL dereference of "old" filters before change()
Information published.
CVE-2026-53080
Sin clasificar
Microsoft
CVE-2026-53108 powerpc/64s: Fix unmap race with PMD migration entries
Information published.
CVE-2026-53108
Sin clasificar
Microsoft
CVE-2026-53091 net: pull headers in qdisc_pkt_len_segs_init()
Information published.
CVE-2026-53091
Sin clasificar
Microsoft
CVE-2026-53232 net: phy: clean the sfp upstream if phy probing fails
Information published.
CVE-2026-53232
Sin clasificar
Microsoft
CVE-2026-52962 ceph: fix a buffer leak in __ceph_setxattr()
Information published.
CVE-2026-52962
Sin clasificar
Microsoft
CVE-2026-53176 IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN
Information published.
CVE-2026-53176
Sin clasificar
Microsoft
CVE-2026-53070 sctp: disable BH before calling udp_tunnel_xmit_skb()
Information published.
CVE-2026-53070
Sin clasificar
Microsoft
CVE-2026-53156 nvmem: core: fix use-after-free bugs in error paths
Information published.
CVE-2026-53156
Sin clasificar
Microsoft
CVE-2026-57451 Vim: Out-of-bounds Read in Text Property Count
Information published.
CVE-2026-57451
Sin clasificar
Microsoft
CVE-2026-53252 Bluetooth: fix memory leak in error path of hci_alloc_dev()
Information published.
CVE-2026-53252
Sin clasificar
Microsoft
CVE-2026-53320 nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()
Information published.
CVE-2026-53320
Sin clasificar
Microsoft
CVE-2026-53296 mailbox: mailbox-test: free channels on probe error
Information published.
CVE-2026-53296
Sin clasificar
Microsoft
CVE-2026-53292 net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind
Information published.
CVE-2026-53292
Sin clasificar
Microsoft
CVE-2026-53284 btrfs: only release the dirty pages io tree after successful writes
Information published.
CVE-2026-53284
Sin clasificar
Microsoft
CVE-2026-53309 ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison
Information published.
CVE-2026-53309
Sin clasificar
Microsoft
CVE-2026-53304 scsi: sg: Resolve soft lockup issue when opening /dev/sgX
Information published.
CVE-2026-53304
Sin clasificar
Microsoft
CVE-2026-53313 drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths
Information published.
CVE-2026-53313
Sin clasificar
Microsoft
CVE-2026-53306 tty: hvc_iucv: fix off-by-one in number of supported devices
Information published.
CVE-2026-53306
Sin clasificar
Microsoft
CVE-2026-53291 ALSA: hda/conexant: Fix missing error check for jack detection
Information published.
CVE-2026-53291
Sin clasificar
Microsoft
CVE-2026-53297 net: mana: Guard mana_remove against double invocation
Information published.
CVE-2026-53297
Sin clasificar
Microsoft
CVE-2026-53293 drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG
Information published.
CVE-2026-53293
Sin clasificar
Microsoft
CVE-2026-53294 mailbox: mailbox-test: don't free the reused channel
Information published.
CVE-2026-53294
Sin clasificar
Microsoft
CVE-2026-53289 ice: fix NULL pointer dereference in ice_reset_all_vfs()
Information published.
CVE-2026-53289
Sin clasificar
Microsoft
CVE-2026-53287 audit: fix incorrect inheritable capability in CAPSET records
Information published.
CVE-2026-53287
Sin clasificar
Microsoft
CVE-2026-53303 f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()
Information published.
CVE-2026-53303
Baja
Microsoft
CVE-2026-53314 padata: Put CPU offline callback in ONLINE section to allow failure
Information published.
CVE-2026-53314
Sin clasificar
Microsoft
CVE-2026-44889 WebOb: Location header normalization during redirect leads to open redirect
Information published.
CVE-2026-44889
Sin clasificar
Microsoft
CVE-2026-53295 mailbox: add sanity check for channel array
Information published.
CVE-2026-53295
Sin clasificar
Microsoft
CVE-2026-53279 drm/gma500/oaktrail_lvds: fix hang on init failure
Information published.
CVE-2026-53279
Media
Microsoft
CVE-2026-53655 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)
Information published.
CVE-2026-53655
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13027 Use after free in FileSystem
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13027
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13026 Use after free in Digital Credentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13026
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13025 Insufficient validation of untrusted input in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13025
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13024 Insufficient validation of untrusted input in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13024
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13023 Uninitialized Use in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13023
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13022 Inappropriate implementation in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13022
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13021 Inappropriate implementation in DeviceBoundSessionCredentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13021
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13036 Use after free in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13036
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13035 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13035
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13034 Inappropriate implementation in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13034
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13033 Out of bounds read in Blink>InterestGroups
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13033
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13031 Use after free in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13031
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13029 Use after free in Web Authentication
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13029
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-13038 Use after free in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-13038
Sin clasificar
Microsoft
CVE-2025-68736 landlock: Fix handling of disconnected directories
Information published.
CVE-2025-68736
Sin clasificar
Microsoft
CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
Information published.
CVE-2025-68296
Sin clasificar
Microsoft
CVE-2026-45930 net: mctp: ensure our nlmsg responses are initialised
Information published.
CVE-2026-45930
Sin clasificar
Microsoft
CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks
Information published.
CVE-2026-45850
Sin clasificar
Microsoft
CVE-2026-46321 tun: free page on short-frame rejection in tun_xdp_one()
Information published.
CVE-2026-46321
Sin clasificar
Microsoft
CVE-2026-46320 tap: free page on error paths in tap_get_user_xdp()
Information published.
CVE-2026-46320
Sin clasificar
Microsoft
CVE-2026-46322 tun: free page on build_skb failure in tun_xdp_one()
Information published.
CVE-2026-46322
Sin clasificar
Microsoft
CVE-2026-4367 Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing
Information published.
CVE-2026-4367
Sin clasificar
Windows
CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-41086
Sin clasificar
Microsoft
CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-45637
Sin clasificar
Microsoft
CVE-2026-46140 Bluetooth: btmtk: validate WMT event SKB length before struct access
Information published.
CVE-2026-46140
Sin clasificar
Microsoft
CVE-2026-11816 Path Traversal in keras-team/keras
Information published.
CVE-2026-11816
Sin clasificar
Microsoft
CVE-2026-4367 Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing
Information published.
CVE-2026-4367
Sin clasificar
Microsoft
CVE-2026-46285 mtd: docg3: fix use-after-free in docg3_release()
Information published.
CVE-2026-46285
Sin clasificar
Windows
CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-42915
Sin clasificar
Exchange Server
CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-45504
Sin clasificar
Microsoft
CVE-2026-33840 Win32k Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-33840
Sin clasificar
Microsoft
CVE-2025-5791 Users: `root` appended to group listings
Information published.
CVE-2025-5791
Sin clasificar
Microsoft
CVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on drop
Information published.
CVE-2025-4574
Sin clasificar
Microsoft
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Information published.
CVE-2026-45445
Sin clasificar
Microsoft
CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler
Information published.
CVE-2026-34183
Baja
Microsoft
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
Information published.
CVE-2026-7383
Sin clasificar
Microsoft
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
Information published.
CVE-2026-42768
Sin clasificar
Microsoft
CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption
Information published.
CVE-2026-9076
Sin clasificar
Microsoft
CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
Information published.
CVE-2026-45446
Sin clasificar
Microsoft
CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption
Information published.
CVE-2026-42766
Sin clasificar
Microsoft
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption
Information published.
CVE-2026-42767
Sin clasificar
Microsoft
CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing
Information published.
CVE-2026-34180
Sin clasificar
Microsoft
CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response
Information published.
CVE-2026-44967
Sin clasificar
Microsoft
CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption
Information published.
CVE-2026-46331
Sin clasificar
Microsoft Office
CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45469
Sin clasificar
Microsoft Office
CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45475
Sin clasificar
Microsoft Office
CVE-2026-45472 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...
CVE-2026-45472
Sin clasificar
Microsoft Office
CVE-2026-45471 Microsoft Word Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45471
Sin clasificar
Microsoft Office
CVE-2026-45474 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...
CVE-2026-45474
Sin clasificar
Microsoft Office
CVE-2026-45486 Microsoft Word Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45486
Sin clasificar
Microsoft Office
CVE-2026-45485 Microsoft Office Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45485
Sin clasificar
Microsoft Office
CVE-2026-44817 Microsoft Excel Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44817
Sin clasificar
Microsoft Office
CVE-2026-44818 Microsoft Excel Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44818
Sin clasificar
Microsoft Office
CVE-2026-44819 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44819
Sin clasificar
Microsoft Office
CVE-2026-44820 Microsoft Excel Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44820
Sin clasificar
Microsoft Office
CVE-2026-44821 Microsoft Office Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44821
Sin clasificar
Microsoft Office
CVE-2026-44823 Microsoft Excel Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44823
Sin clasificar
Microsoft Office
CVE-2026-44824 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44824
Sin clasificar
Microsoft Office
CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45456
Sin clasificar
Microsoft Office
CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45458
Sin clasificar
Microsoft Office
CVE-2026-45460 Microsoft Office Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...
CVE-2026-45460
Sin clasificar
Microsoft Office
CVE-2026-45461 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...
CVE-2026-45461
Sin clasificar
Microsoft Office
CVE-2026-45466 Microsoft Word Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45466
Sin clasificar
Microsoft Office
CVE-2026-45643 Microsoft Word Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45643
Sin clasificar
Microsoft Office
CVE-2026-45645 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45645
Sin clasificar
Microsoft Office
CVE-2026-45649 Office for Android Spoofing Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their ...
CVE-2026-45649
Sin clasificar
Microsoft Office
CVE-2026-44822 Microsoft Excel Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-44822
Sin clasificar
Microsoft Office
CVE-2026-45455 Microsoft Excel Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45455
Sin clasificar
Microsoft Office
CVE-2026-45457 Microsoft Word Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45457
Sin clasificar
Microsoft Office
CVE-2026-45459 Microsoft Excel Security Feature Bypass Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerabilit...
CVE-2026-45459
Sin clasificar
Microsoft Office
CVE-2026-45463 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be pro...
CVE-2026-45463
Sin clasificar
Microsoft
Chromium: CVE-2026-12439 Use after free in Digital Credentials
Corrected CVE title. This is an informational change only.
CVE-2026-12439
Sin clasificar
Microsoft
Chromium: CVE-2026-12440 Use after free in DigitalCredentials
Corrected CVE title. This is an informational change only.
CVE-2026-12440
Sin clasificar
Microsoft
Chromium: CVE-2026-12445 Use after free in Extensions
Corrected CVE title. This is an informational change only.
CVE-2026-12445
Sin clasificar
Microsoft
Chromium: CVE-2026-12446 Insufficient data validation in Passwords
Corrected CVE title. This is an informational change only.
CVE-2026-12446
Sin clasificar
Microsoft
Chromium: CVE-2026-12451 Use after free in DigitalCredentials
Corrected CVE title. This is an informational change only.
CVE-2026-12451
Sin clasificar
Microsoft
Chromium: CVE-2026-12441 Use after free in File Input
Corrected CVE title. This is an informational change only.
CVE-2026-12441
Baja
Microsoft
Chromium: CVE-2026-12447 Heap buffer overflow in WebRTC
Corrected CVE title. This is an informational change only.
CVE-2026-12447
Sin clasificar
Microsoft
Chromium: CVE-2026-12443 Use after free in Web Authentication
Corrected CVE title. This is an informational change only.
CVE-2026-12443
Sin clasificar
Microsoft
Chromium: CVE-2026-12452 Use after free in Downloads
Corrected CVE title. This is an informational change only.
CVE-2026-12452
Sin clasificar
Microsoft
Chromium: CVE-2026-12453 Insufficient validation of untrusted input in Input
Corrected CVE title. This is an informational change only.
CVE-2026-12453
Sin clasificar
Microsoft
Chromium: CVE-2026-12455 Use after free in Tab Strip
Corrected CVE title. This is an informational change only.
CVE-2026-12455
Sin clasificar
Microsoft
Chromium: CVE-2026-12456 Insufficient validation of untrusted input in Extensions
Corrected CVE title. This is an informational change only.
CVE-2026-12456
Sin clasificar
Microsoft
Chromium: CVE-2026-12458 Incorrect security UI in Passwords
Corrected CVE title. This is an informational change only.
CVE-2026-12458
Sin clasificar
Microsoft
Chromium: CVE-2026-12457 Insufficient data validation in Extensions
Corrected CVE title. This is an informational change only.
CVE-2026-12457
Sin clasificar
Microsoft
Chromium: CVE-2026-12459 Inappropriate implementation in Serial
Corrected CVE title. This is an informational change only.
CVE-2026-12459
Sin clasificar
Microsoft
Chromium: CVE-2026-12460 Insufficient policy enforcement in File System Access
Corrected CVE title. This is an informational change only.
CVE-2026-12460
Media
Microsoft
Chromium: CVE-2026-12462 Use after free in Media
Corrected CVE title. This is an informational change only.
CVE-2026-12462
Sin clasificar
Microsoft
Chromium: CVE-2026-12464 Use after free in Browser
Corrected CVE title. This is an informational change only.
CVE-2026-12464
Sin clasificar
Microsoft
Chromium: CVE-2026-12463 Inappropriate implementation in Views
Corrected CVE title. This is an informational change only.
CVE-2026-12463
Sin clasificar
Microsoft
Chromium: CVE-2026-12465 Insufficient validation of untrusted input in Metrics
Corrected CVE title. This is an informational change only.
CVE-2026-12465
Sin clasificar
Microsoft
Chromium: CVE-2026-12454 Race in Safe Browsing
Corrected CVE title. This is an informational change only.
CVE-2026-12454
Sin clasificar
Microsoft
Chromium: CVE-2026-12467 Use after free in Extensions
Corrected CVE title. This is an informational change only.
CVE-2026-12467
Sin clasificar
Microsoft
Chromium: CVE-2026-12468 Inappropriate implementation in Updater
Corrected CVE title. This is an informational change only.
CVE-2026-12468
Sin clasificar
Microsoft
Chromium: CVE-2026-12449 Use after free in Chromoting
Corrected CVE title. This is an informational change only.
CVE-2026-12449
Sin clasificar
Microsoft
Chromium: CVE-2026-12444 Out of bounds read in Chromoting
Corrected CVE title. This is an informational change only.
CVE-2026-12444
Sin clasificar
Microsoft
Chromium: CVE-2026-12437 Use after free in WebShare
Corrected CVE title. This is an informational change only.
CVE-2026-12437
Sin clasificar
Microsoft
Chromium: CVE-2026-12461 Out of bounds read in WebRTC
Corrected CVE title. This is an informational change only.
CVE-2026-12461
Baja
Microsoft
Chromium: CVE-2026-12466 Heap buffer overflow in WebRTC
Corrected CVE title. This is an informational change only.
CVE-2026-12466
Sin clasificar
Windows
CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-42903
Sin clasificar
Microsoft Office
CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their ...
CVE-2026-44803
Sin clasificar
Microsoft Office
CVE-2026-44812 Windows Graphics Component Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their ...
CVE-2026-44812
Sin clasificar
Microsoft Edge
CVE-2026-12439 Use after free in Digital Credentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12439
Sin clasificar
Microsoft Edge
CVE-2026-12440 Use after free in DigitalCredentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12440
Sin clasificar
Microsoft Edge
CVE-2026-12445 Use after free in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12445
Sin clasificar
Microsoft Edge
CVE-2026-12446 Insufficient data validation in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12446
Sin clasificar
Microsoft Edge
CVE-2026-12451 Use after free in DigitalCredentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12451
Sin clasificar
Microsoft Edge
CVE-2026-12441 Use after free in File Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12441
Baja
Microsoft Edge
CVE-2026-12447 Heap buffer overflow in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12447
Sin clasificar
Microsoft Edge
CVE-2026-12443 Use after free in Web Authentication
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12443
Sin clasificar
Microsoft Edge
CVE-2026-12452 Use after free in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12452
Sin clasificar
Microsoft Edge
CVE-2026-12453 Insufficient validation of untrusted input in Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12453
Sin clasificar
Microsoft Edge
CVE-2026-12455 Use after free in Tab Strip
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12455
Sin clasificar
Microsoft Edge
CVE-2026-12456 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12456
Sin clasificar
Microsoft Edge
CVE-2026-12458 Incorrect security UI in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12458
Sin clasificar
Microsoft Edge
CVE-2026-12457 Insufficient data validation in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12457
Sin clasificar
Microsoft Edge
CVE-2026-12459 Inappropriate implementation in Serial
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12459
Sin clasificar
Microsoft Edge
CVE-2026-12460 Insufficient policy enforcement in File System Access
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12460
Media
Microsoft Edge
CVE-2026-12462 Use after free in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12462
Sin clasificar
Microsoft Edge
CVE-2026-12464 Use after free in Browser
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12464
Sin clasificar
Microsoft Edge
CVE-2026-12463 Inappropriate implementation in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12463
Sin clasificar
Microsoft Edge
CVE-2026-12465 Insufficient validation of untrusted input in Metrics
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12465
Sin clasificar
Microsoft Edge
CVE-2026-12454 Race in Safe Browsing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12454
Sin clasificar
Microsoft Edge
CVE-2026-12467 Use after free in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12467
Sin clasificar
Microsoft Edge
CVE-2026-12468 Inappropriate implementation in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12468
Sin clasificar
Microsoft Edge
CVE-2026-12449 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12449
Sin clasificar
Microsoft Edge
CVE-2026-12444 Out of bounds read in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12444
Sin clasificar
Microsoft Edge
CVE-2026-12437 Use after free in WebShare
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12437
Sin clasificar
Microsoft Edge
CVE-2026-12461 Out of bounds read in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12461
Baja
Microsoft Edge
CVE-2026-12466 Heap buffer overflow in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-12466
Sin clasificar
Windows
CVE-2026-24289 Windows Kernel Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-24289
Sin clasificar
Microsoft
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Removed incorrectly added rows from the Security Updates table. This is an informational change only.
CVE-2026-32177
Sin clasificar
Visual Studio
CVE-2025-6965 Integer Truncation on SQLite
Added Visual Studio software to the Security Updates table. Customers that are running supported version of Visual Studio are encouraged to update to the indicated version to be protected from this vulnerability.
CVE-2025-6965
Baja
Microsoft
CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds
Information published.
CVE-2026-8376
Baja
Microsoft
CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling
Information published.
CVE-2026-48914
Sin clasificar
Microsoft
CVE-2026-42014 Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin
Information published.
CVE-2026-42014
Sin clasificar
Microsoft
CVE-2026-53689
Information published.
CVE-2026-53689
Sin clasificar
Microsoft
CVE-2026-12087 Socket versions before 2.041 for Perl have an out-of-bounds heap read
Information published.
CVE-2026-12087
Baja
Microsoft
CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow
Information published.
CVE-2026-9669
Sin clasificar
Microsoft
CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2
Information published.
CVE-2026-43966
Baja
Microsoft
CVE-2026-10275 OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow
Information published.
CVE-2026-10275
Sin clasificar
Microsoft
CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response
Information published.
CVE-2026-44967
Baja
Microsoft
CVE-2026-47633 Microsoft Cost Management Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network.
CVE-2026-47633
Baja
Microsoft Edge
CVE-2026-32208 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network.
CVE-2026-32208
Baja
Azure
CVE-2026-32174 Azure Bot Service Elevation of Privilege Vulnerability
Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-32174
Baja
Azure
CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-45480
Baja
Microsoft
CVE-2026-42895 Microsoft Copilot Tampering Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
CVE-2026-42895
Crítica
Microsoft
CVE-2026-54130 M365 Copilot Information Disclosure Vulnerability
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-54130
Baja
Dynamics
CVE-2026-47647 Dynamics 365 Elevation of Privilege Vulnerability
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
CVE-2026-47647
Baja
Azure
CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
CVE-2026-48584
Baja
Microsoft
CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
CVE-2026-48582
Baja
Microsoft 365
CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-47645
Baja
Dynamics
CVE-2026-47646 Dynamics 365 Customer Voice Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-47646
Sin clasificar
Microsoft
CVE-2025-71073 Input: lkkbd - disable pending work before freeing device
Information published.
CVE-2025-71073
Sin clasificar
Microsoft
CVE-2025-71072 shmem: fix recovery on rename failures
Information published.
CVE-2025-71072
Sin clasificar
Microsoft
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
CVE-2026-28387
Sin clasificar
Microsoft
CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
Information published.
CVE-2026-43308
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
CVE-2026-25680
Sin clasificar
Microsoft
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Information published.
CVE-2026-45445
Sin clasificar
Microsoft
CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function
Information published.
CVE-2026-45447
Sin clasificar
Microsoft
CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc
Information published.
CVE-2026-48854
Sin clasificar
Microsoft
CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd
Information published.
CVE-2026-46292
Sin clasificar
Microsoft
CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()
Information published.
CVE-2026-46274
Sin clasificar
Microsoft
CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key
Information published.
CVE-2026-46291
Sin clasificar
Microsoft
CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration
Information published.
CVE-2026-46293
Sin clasificar
Microsoft
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Information published.
CVE-2026-34182
Baja
Microsoft
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
Information published.
CVE-2026-7383
Sin clasificar
Microsoft
CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption
Information published.
CVE-2026-9076
Sin clasificar
Microsoft
CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption
Information published.
CVE-2026-42766
Sin clasificar
Microsoft
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption
Information published.
CVE-2026-42767
Sin clasificar
Microsoft
CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing
Information published.
CVE-2026-34180
Sin clasificar
Windows
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
This CVE was updated to remove Windows 11 (21H1 and 22H2) as impacted
CVE-2026-35433
Sin clasificar
SharePoint
CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-47636
Sin clasificar
Microsoft Office
CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-45475
Sin clasificar
Windows
CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-42828
Sin clasificar
Dynamics
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
Updated the fixed version information and download link. The fix was previously believed to be included in Dynamics 365 Server (on-premises) version 6.2; however, it has been confirmed that the fix is included in Dyna...
CVE-2026-40371
Sin clasificar
Windows
CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability
Updated CWE value. This is an informational change only.
CVE-2026-45602
Sin clasificar
Defender
CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that ad...
CVE-2026-50656
Sin clasificar
Windows
CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability
Corrected the CVE description and title. This is an informational change only.
CVE-2026-42915
Sin clasificar
Microsoft
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Information published.
CVE-2026-34182
Baja
Microsoft
CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.
Information published.
CVE-2026-54411
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12012 Use after free Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12012
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12008 Use after free DigitalCredentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12008
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12019 Out of bounds write Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12019
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12016 Insufficient validation of untrusted input DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12016
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12015 Use after free Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12015
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11628 Use after free in Ozone
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11628
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11629 Use after free in Ozone
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11629
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11631 Use after free in Aura
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11631
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11630 Use after free in File Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11630
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11632 Use after free in TabStrip
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11632
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11633 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11633
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11634 Use after free in Gamepad
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11634
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11635 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11635
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11639 Use after free in Compositing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11639
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11637 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11637
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11636 Use after free in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11636
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11638 Use after free in Printing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11638
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11641 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11641
Baja
Microsoft Edge
Chromium: CVE-2026-11640 Integer overflow in libyuv
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11640
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11642 Use after free in Web Apps
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11642
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11645 Out of bounds memory access in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11645
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11643 Use after free in Proxy
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11643
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11644 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11644
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11646 Use after free in ViewTransitions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11646
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11657 Use after free in Payments
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11657
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11658 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11658
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11660 Insufficient validation of untrusted input in New Tab Page
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11660
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11661 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11661
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11659 Insufficient validation of untrusted input in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11659
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11663 Use after free in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11663
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11662 Type Confusion in Bindings
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11662
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11664 Use after free in Payments
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11664
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11665 Out of bounds read in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11665
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11666 Insufficient validation of untrusted input in Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11666
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11668 Uninitialized Use in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11668
Media
Microsoft Edge
Chromium: CVE-2026-11669 Integer overflow in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11669
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11667 Out of bounds read in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11667
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11670 Use after free in PDF
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11670
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11671 Use after free in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11671
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11672 Out of bounds write in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11672
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11673 Use after free in InterestGroups
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11673
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11675 Insufficient validation of untrusted input in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11675
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11674 Use after free in Guest View
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11674
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11676 Insufficient validation of untrusted input in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11676
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11677 Race in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11677
Baja
Microsoft Edge
Chromium: CVE-2026-11678 Integer overflow in libyuv
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11678
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11679 Use after free in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11679
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11681 Use after free in Ozone
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11681
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11682 Insufficient validation of untrusted input in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11682
Media
Microsoft Edge
Chromium: CVE-2026-11680 Use after free in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11680
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11683 Use after free in WebCodecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11683
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11684 Insufficient policy enforcement in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11684
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11687 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11687
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11686 Insufficient validation of untrusted input in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11686
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11688 Object lifecycle issue in SVG
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11688
Media
Microsoft Edge
Chromium: CVE-2026-11685 Insufficient data validation in MediaCapture
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11685
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11689 Insufficient validation of untrusted input in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11689
Media
Microsoft Edge
Chromium: CVE-2026-11690 Out of bounds read and write in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11690
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11691 Insufficient validation of untrusted input in New Tab Page
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11691
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11692 Use after free in Read Anything
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11692
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11693 Inappropriate implementation in Plugins
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11693
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11694 Use after free in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11694
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11695 Inappropriate implementation in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11695
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11696 Uninitialized Use in Video
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11696
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11697 Insufficient validation of untrusted input in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11697
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11698 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11698
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11699 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11699
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11700 Use after free in Tracing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11700
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12018 Inappropriate implementation Mojo
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12018
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12007 Use after free Core
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12007
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12017 Insufficient validation of untrusted input Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12017
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12014 Use after free Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12014
Media
Microsoft Edge
Chromium: CVE-2026-12013 Use after free Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12013
Baja
Microsoft Edge
Chromium: CVE-2026-12010 Heap buffer overflow GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12010
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12009 Insufficient validation of untrusted input Accessibility
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12009
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11647 Use after free in Printing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11647
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11648 Use after free in FullScreen
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11648
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11651 Use after free in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11651
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11649 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11649
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11652 Use after free in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11652
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11650 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11650
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11653 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11653
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11654 Use after free in CameraCapture
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11654
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11656 Use after free in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11656
Media
Microsoft Edge
Chromium: CVE-2026-11655 Integer overflow in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-11655
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-12011 Use after free WebMIDI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20U...
CVE-2026-12011
Sin clasificar
Microsoft Edge
CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-33118
Sin clasificar
Microsoft
CVE-2026-6429 netrc credential leak with reused proxy connection
Information published.
CVE-2026-6429
Sin clasificar
Microsoft
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
Information published.
CVE-2026-5545
Sin clasificar
Microsoft
CVE-2026-6253 proxy credentials leak over redirect-to proxy
Information published.
CVE-2026-6253
Sin clasificar
Microsoft
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Information published.
CVE-2026-45445
Baja
Microsoft
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
Information published.
CVE-2026-7774
Sin clasificar
Microsoft
CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service
Information published.
CVE-2026-49762
Sin clasificar
Microsoft
CVE-2026-46433 lldpd: Heap OOB Read in VLAN Decapsulation memmove
Information published.
CVE-2026-46433
Sin clasificar
Microsoft
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
Information published.
CVE-2026-42768
Baja
Microsoft
CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle
Information published.
CVE-2026-11526
Sin clasificar
Microsoft
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value
Information published.
CVE-2023-5678
Sin clasificar
Microsoft
CVE-2026-4873 connection reuse ignores TLS requirement
Information published.
CVE-2026-4873
Sin clasificar
Microsoft
CVE-2026-6429 netrc credential leak with reused proxy connection
Information published.
CVE-2026-6429
Sin clasificar
Microsoft
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
Information published.
CVE-2026-5545
Sin clasificar
Microsoft
CVE-2026-6253 proxy credentials leak over redirect-to proxy
Information published.
CVE-2026-6253
Sin clasificar
Microsoft
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Information published.
CVE-2026-5222
Sin clasificar
Microsoft
CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule
Information published.
CVE-2026-40034
Sin clasificar
Microsoft
CVE-2026-6276 stale custom cookie host causes cookie leak
Information published.
CVE-2026-6276
Sin clasificar
Microsoft
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Information published.
CVE-2026-5223
Sin clasificar
Microsoft
CVE-2026-11822 SQLite before 3.53.2 Memory Corruption in FTS5 Extension
Information published.
CVE-2026-11822
Sin clasificar
Microsoft
CVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name
Information published.
CVE-2026-47162
Sin clasificar
Microsoft
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Information published.
CVE-2026-45445
Sin clasificar
Microsoft
CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function
Information published.
CVE-2026-45447
Sin clasificar
Microsoft
CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling
Information published.
CVE-2026-42764
Sin clasificar
Microsoft
CVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
Information published.
CVE-2026-34181
Baja
Microsoft
CVE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate
Information published.
CVE-2026-11824
Sin clasificar
Microsoft
CVE-2026-10846 Insufficient verification that responses belong to a query
Information published.
CVE-2026-10846
Sin clasificar
Microsoft
CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion
Information published.
CVE-2026-52860
Sin clasificar
Microsoft
CVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen Snapshot
Information published.
CVE-2026-52859
Sin clasificar
Microsoft
CVE-2026-47167 Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex
Information published.
CVE-2026-47167
Sin clasificar
Microsoft
CVE-2026-52858 Vim: Arbitrary Code Execution via Python Omni-Completion
Information published.
CVE-2026-52858
Sin clasificar
Microsoft
CVE-2026-44705 tmp: Path Traversal via unsanitized prefix/postfix enables directory escape
Information published.
CVE-2026-44705
Sin clasificar
Microsoft
CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler
Information published.
CVE-2026-34183
Sin clasificar
Microsoft
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Information published.
CVE-2026-34182
Baja
Microsoft
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
Information published.
CVE-2026-7383
Sin clasificar
Microsoft
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
Information published.
CVE-2026-42768
Sin clasificar
Microsoft
CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption
Information published.
CVE-2026-9076
Sin clasificar
Microsoft
CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
Information published.
CVE-2026-45446
Sin clasificar
Microsoft
CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption
Information published.
CVE-2026-42766
Sin clasificar
Microsoft
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption
Information published.
CVE-2026-42767
Sin clasificar
Microsoft
CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate
Information published.
CVE-2026-42769
Sin clasificar
Microsoft
CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing
Information published.
CVE-2026-34180
Sin clasificar
Microsoft
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service
Information published.
CVE-2026-49975
Sin clasificar
Microsoft
CVE-2026-46643 Snappy: Binary path is never shell-escaped due to an inverted is_executable check
Information published.
CVE-2026-46643
Sin clasificar
Microsoft
CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option
Information published.
CVE-2026-46683
Sin clasificar
Microsoft
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-39833
Sin clasificar
Microsoft
CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans
Information published.
CVE-2026-42012
Sin clasificar
Microsoft
CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name
Information published.
CVE-2026-42013
Sin clasificar
Microsoft
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling
Information published.
CVE-2026-42015
Sin clasificar
Microsoft
CVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchange
Information published.
CVE-2026-5260
Baja
Microsoft
CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service
Information published.
CVE-2026-43958
Baja
Microsoft
CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders
Information published.
CVE-2026-10879
Baja
Microsoft
CVE-2026-50256 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch
Information published.
CVE-2026-50256
Sin clasificar
Microsoft
CVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes
Information published.
CVE-2026-50262
Sin clasificar
Microsoft
CVE-2026-50260 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()
Information published.
CVE-2026-50260
Sin clasificar
Microsoft
CVE-2026-50257 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()
Information published.
CVE-2026-50257
Baja
Microsoft
CVE-2026-50258 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels
Information published.
CVE-2026-50258
Sin clasificar
Microsoft
CVE-2026-50263 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()
Information published.
CVE-2026-50263
Sin clasificar
Microsoft
CVE-2026-11822 SQLite before 3.53.2 Memory Corruption in FTS5 Extension
Information published.
CVE-2026-11822
Baja
Microsoft
CVE-2026-42536 Apache HTTP Server: mod_xml2enc heap overflow
Information published.
CVE-2026-42536
Sin clasificar
Microsoft
CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution
Information published.
CVE-2026-11332
Sin clasificar
Microsoft
CVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal
Information published.
CVE-2026-5419
Sin clasificar
Microsoft
CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities
Information published.
CVE-2026-8829
Sin clasificar
Microsoft
CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()
Information published.
CVE-2026-50261
Baja
Microsoft
CVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing
Information published.
CVE-2026-50259
Sin clasificar
Microsoft
CVE-2026-46433 lldpd: Heap OOB Read in VLAN Decapsulation memmove
Information published.
CVE-2026-46433
Baja
Microsoft
CVE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate
Information published.
CVE-2026-11824
Sin clasificar
Microsoft
CVE-2026-10846 Insufficient verification that responses belong to a query
Information published.
CVE-2026-10846
Sin clasificar
Microsoft
CVE-2026-48913 Apache HTTP Server: mod_http2 memory corruption when file handles exhausted
Information published.
CVE-2026-48913
Sin clasificar
Microsoft
CVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules
Information published.
CVE-2026-44119
Sin clasificar
Microsoft
CVE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS
Information published.
CVE-2026-29170
Sin clasificar
Microsoft
CVE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash
Information published.
CVE-2026-43951
Sin clasificar
Microsoft
CVE-2026-29167 Apache HTTP Server: mod_ldap per-dir use-after-free
Information published.
CVE-2026-29167
Sin clasificar
Microsoft
CVE-2026-42535 Apache HTTP Server: mod_dav_fs protected directory access
Information published.
CVE-2026-42535
Baja
Microsoft
CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow
Information published.
CVE-2026-44631
Sin clasificar
Microsoft
CVE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp
Information published.
CVE-2026-44186
Baja
Microsoft
CVE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow
Information published.
CVE-2026-34356
Sin clasificar
Microsoft
CVE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`
Information published.
CVE-2026-44185
Baja
Microsoft
CVE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow
Information published.
CVE-2026-34355
Sin clasificar
SharePoint
CVE-2026-47294 Microsoft SharePoint Server Remote Code Execution Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-47294
Sin clasificar
Windows
CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-42903
Sin clasificar
Visual Studio
CVE-2026-48569 Visual Studio Code Security Feature Bypass Vulnerability
Updated the Security Updates Build Number
CVE-2026-48569
Sin clasificar
Visual Studio
CVE-2026-40376 Visual Studio Code Elevation of Privilege Vulnerability
Updated the Security Updates Build Number
CVE-2026-40376
Sin clasificar
Visual Studio
CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability
Updated the Security Updates Build Number and Title as the Chat extention is now merged into Visual Studio Code
CVE-2026-45482
Sin clasificar
Dynamics
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
The release notes link has been updated to point to the latest available version. Informational change only.
CVE-2026-40371
Sin clasificar
SharePoint
CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-47298
Sin clasificar
Microsoft
CVE-2026-20846 GDI+ Denial of Service Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-20846
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-43059 Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers
Information published.
CVE-2026-43059
Sin clasificar
Microsoft
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service
Information published.
CVE-2026-49975
Sin clasificar
Microsoft
CVE-2026-46275 Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
Information published.
CVE-2026-46275
Sin clasificar
Microsoft
CVE-2026-46285 mtd: docg3: fix use-after-free in docg3_release()
Information published.
CVE-2026-46285
Sin clasificar
Microsoft
CVE-2026-46280 lib: test_hmm: evict device pages on file close to avoid use-after-free
Information published.
CVE-2026-46280
Sin clasificar
Microsoft
CVE-2026-46282 iio: frequency: admv1013: fix NULL pointer dereference on str
Information published.
CVE-2026-46282
Media
Microsoft
CVE-2026-46312 media: videobuf2: Set vma_flags in vb2_dma_sg_mmap
Information published.
CVE-2026-46312
Sin clasificar
Microsoft
CVE-2026-46301 spi: topcliff-pch: fix use-after-free on unbind
Information published.
CVE-2026-46301
Baja
Microsoft
CVE-2026-46302 selinux: allow multiple opens of /sys/fs/selinux/policy
Information published.
CVE-2026-46302
Sin clasificar
Microsoft
CVE-2026-46314 drm/v3d: Reject empty multisync extension to prevent infinite loop
Information published.
CVE-2026-46314
Sin clasificar
Microsoft
CVE-2025-71315 drm/vkms: Convert to DRM's vblank timer
Information published.
CVE-2025-71315
Sin clasificar
Microsoft
CVE-2026-46296 spi: s3c64xx: fix NULL-deref on driver unbind
Information published.
CVE-2026-46296
Sin clasificar
Microsoft
CVE-2026-46287 net: txgbe: fix RTNL assertion warning when remove module
Information published.
CVE-2026-46287
Sin clasificar
Microsoft
CVE-2026-46299 hfsplus: fix held lock freed on hfsplus_fill_super()
Information published.
CVE-2026-46299
Sin clasificar
Microsoft
CVE-2026-46321 tun: free page on short-frame rejection in tun_xdp_one()
Information published.
CVE-2026-46321
Sin clasificar
Microsoft
CVE-2026-46319 net/sched: act_ct: Only release RCU read lock after ct_ft
Information published.
CVE-2026-46319
Sin clasificar
Microsoft
CVE-2026-46323 net: gro: don't merge zcopy skbs
Information published.
CVE-2026-46323
Sin clasificar
Microsoft
CVE-2026-46324 netfilter: nf_tables: use list_del_rcu for netlink hooks
Information published.
CVE-2026-46324
Sin clasificar
Microsoft
CVE-2026-46320 tap: free page on error paths in tap_get_user_xdp()
Information published.
CVE-2026-46320
Sin clasificar
Microsoft
CVE-2026-46289 lib/scatterlist: fix length calculations in extract_kvec_to_sg
Information published.
CVE-2026-46289
Sin clasificar
Microsoft
CVE-2026-46307 wifi: ath5k: do not access array OOB
Information published.
CVE-2026-46307
Sin clasificar
Microsoft
CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd
Information published.
CVE-2026-46292
Sin clasificar
Microsoft
CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()
Information published.
CVE-2026-46274
Sin clasificar
Microsoft
CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key
Information published.
CVE-2026-46291
Sin clasificar
Microsoft
CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration
Information published.
CVE-2026-46293
Baja
Microsoft
CVE-2026-46306 flow_dissector: do not dissect PPPoE PFC frames
Information published.
CVE-2026-46306
Sin clasificar
Microsoft
CVE-2026-46304 nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free
Information published.
CVE-2026-46304
Sin clasificar
Microsoft
CVE-2026-46303 isofs: validate Rock Ridge CE continuation extent against volume size
Information published.
CVE-2026-46303
Sin clasificar
Microsoft
CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service
Information published.
CVE-2026-49762
Sin clasificar
Microsoft
CVE-2026-46322 tun: free page on build_skb failure in tun_xdp_one()
Information published.
CVE-2026-46322
Sin clasificar
Microsoft
CVE-2026-46325 RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE
Information published.
CVE-2026-46325
Sin clasificar
Microsoft
CVE-2026-46330 Revert "net/smc: Introduce TCP ULP support"
Information published.
CVE-2026-46330
Baja
Windows
CVE-2026-41108 Windows DNS Client Elevation of Privilege Vulnerability
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
CVE-2026-41108
Baja
Microsoft Office
CVE-2026-45467 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45467
Baja
Microsoft Office
CVE-2026-45468 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45468
Baja
Microsoft Office
CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-45469
Baja
Microsoft Office
CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45475
Baja
Microsoft Office
CVE-2026-45472 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45472
Baja
Microsoft Office
CVE-2026-45471 Microsoft Word Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45471
Baja
Microsoft Office
CVE-2026-45474 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45474
Baja
Microsoft Office
CVE-2026-45479 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45479
Baja
Microsoft Office
CVE-2026-45486 Microsoft Word Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45486
Baja
Microsoft Office
CVE-2026-45485 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-45485
Baja
Microsoft Office
CVE-2026-45483 Microsoft Office Project Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.
CVE-2026-45483
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10984 Inappropriate implementation in Accessibility
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10984
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11291 Policy bypass in Android Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11291
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11178 Policy bypass in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11178
Baja
Windows
CVE-2025-10263 ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel]
No cwe for this issue in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
CVE-2025-10263
Sin clasificar
Windows
CVE-2026-40409 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
Information published.
CVE-2026-40409
Sin clasificar
Windows
CVE-2026-40404 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
Information published.
CVE-2026-40404
Baja
Windows
CVE-2026-33828 Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.
CVE-2026-33828
Baja
Windows
CVE-2026-34335 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34335
Baja
Microsoft
CVE-2026-42902 Microsoft PowerToys Elevation of Privilege Vulnerability
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.
CVE-2026-42902
Baja
Microsoft Office
CVE-2026-44817 Microsoft Excel Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44817
Baja
Microsoft Office
CVE-2026-44818 Microsoft Excel Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44818
Baja
Microsoft Office
CVE-2026-44819 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-44819
Baja
Microsoft Office
CVE-2026-44820 Microsoft Excel Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44820
Baja
Microsoft Office
CVE-2026-44821 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-44821
Baja
Microsoft Office
CVE-2026-44823 Microsoft Excel Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44823
Baja
Microsoft Office
CVE-2026-44824 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-44824
Baja
Microsoft Office
CVE-2026-45453 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45453
Baja
Microsoft Office
CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45456
Baja
Microsoft Office
CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45458
Baja
Microsoft Office
CVE-2026-45460 Microsoft Office Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-45460
Baja
Microsoft Office
CVE-2026-45461 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45461
Baja
Microsoft Office
CVE-2026-45466 Microsoft Word Information Disclosure Vulnerability
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-45466
Baja
Windows
CVE-2026-45487 Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability
Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.
CVE-2026-45487
Baja
Microsoft
CVE-2026-45490 .NET SDK Elevation of Privilege Vulnerability
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
CVE-2026-45490
Baja
Microsoft
CVE-2026-45491 .NET Tampering Vulnerability
Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.
CVE-2026-45491
Baja
Exchange Server
CVE-2026-45500 Microsoft Exchange Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-45500
Baja
Exchange Server
CVE-2026-45501 Microsoft Exchange Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-45501
Baja
Exchange Server
CVE-2026-45502 Microsoft Exchange Server Information Disclosure Vulnerability
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
CVE-2026-45502
Baja
Exchange Server
CVE-2026-45503 Microsoft Exchange Server Information Disclosure Vulnerability
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
CVE-2026-45503
Baja
Exchange Server
CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-45504
Baja
Exchange Server
CVE-2026-45583 Microsoft Exchange Server Remote Code Execution Vulnerability
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.
CVE-2026-45583
Baja
Windows
CVE-2026-45605 Windows Bluetooth Service Elevation of Privilege Vulnerability
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2026-45605
Baja
Windows
CVE-2026-45639 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-45639
Baja
Windows
CVE-2026-45640 Windows Bluetooth Port Driver Elevation of Privilege Vulnerability
Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-45640
Baja
Microsoft
CVE-2026-45606 Microsoft UxTheme Library (uxtheme.dll) Denial of Service Vulnerability
Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.
CVE-2026-45606
Baja
Windows
CVE-2026-45607 Windows Hyper-V Remote Code Execution Vulnerability
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-45607
Baja
Windows
CVE-2026-45641 Windows Hyper-V Remote Code Execution Vulnerability
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-45641
Baja
Windows
CVE-2026-45634 Windows DHCP Client Information Disclosure Vulnerability
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
CVE-2026-45634
Baja
Azure
CVE-2026-45642 Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.
CVE-2026-45642
Baja
Microsoft Office
CVE-2026-45643 Microsoft Word Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45643
Baja
Microsoft Office
CVE-2026-45645 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45645
Baja
Windows
CVE-2026-45648 Windows Active Directory Domain Services Remote Code Execution Vulnerability
Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
CVE-2026-45648
Baja
Microsoft
CVE-2026-45649 Office for Android Spoofing Vulnerability
Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
CVE-2026-45649
Crítica
Microsoft
CVE-2026-45650 Microsoft Bing Search Spoofing Vulnerability
User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-45650
Baja
Windows
CVE-2026-45655 Windows BitLocker Security Feature Bypass Vulnerability
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-45655
Baja
Windows
CVE-2026-45656 UEFI Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
CVE-2026-45656
Baja
Windows
CVE-2026-45657 Windows Kernel Remote Code Execution Vulnerability
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
CVE-2026-45657
Baja
Visual Studio
CVE-2026-47287 Visual Studio Code Tampering Vulnerability
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.
CVE-2026-47287
Baja
Windows
CVE-2026-47288 Windows Kerberos Key Distribution Center (KDC) Remote Code Execution
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
CVE-2026-47288
Baja
Microsoft
CVE-2026-47289 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-47289
Baja
Windows
CVE-2026-47291 HTTP.sys Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
CVE-2026-47291
Baja
Visual Studio
CVE-2026-47292 Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.
CVE-2026-47292
Baja
Microsoft
CVE-2026-41092 Microsoft Kinect Elevation of Privilege Vulnerability
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
CVE-2026-41092
Baja
Azure
CVE-2026-32193 Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.
CVE-2026-32193
Baja
Microsoft Office
CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-47298
Baja
Exchange Server
CVE-2026-47631 Microsoft Exchange Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-47631
Baja
Azure
CVE-2026-41098 Azure Stack Edge Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.
CVE-2026-41098
Baja
Microsoft Office
CVE-2026-47635 Microsoft Outlook and Word Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-47635
Baja
Microsoft Office
CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47636
Baja
Microsoft Office
CVE-2026-47637 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47637
Baja
Microsoft Office
CVE-2026-47638 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47638
Baja
Microsoft Office
CVE-2026-47639 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47639
Baja
Microsoft Office
CVE-2026-47641 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47641
Baja
Windows
CVE-2026-45588 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-45588
Baja
Windows
CVE-2026-47648 Windows Storage Elevation of Privilege Vulnerability
Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.
CVE-2026-47648
Baja
Windows
CVE-2026-8863 UEFI Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
CVE-2026-8863
Baja
Microsoft
CVE-2026-47653 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-47653
Baja
Windows
CVE-2026-47652 Windows Hyper-V Remote Code Execution Vulnerability
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-47652
Baja
Microsoft
CVE-2026-47654 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-47654
Baja
Microsoft
CVE-2026-48563 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-48563
Sin clasificar
Windows
CVE-2026-48566 Windows DWM Core Library Information Disclosure Vulnerability
Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who ha...
CVE-2026-48566
Baja
Windows
CVE-2026-48568 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48568
Baja
Windows
CVE-2026-48570 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48570
Baja
Windows
CVE-2026-48573 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48573
Baja
Windows
CVE-2026-48575 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48575
Baja
Windows
CVE-2026-48576 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48576
Baja
Windows
CVE-2026-48578 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48578
Baja
Windows
CVE-2026-48583 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-48583
Sin clasificar
Microsoft
ADV990001 Latest Servicing Stack Updates
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
Baja
Microsoft
CVE-2026-49161 Microsoft PC Manager Security Feature Bypass Vulnerability
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-49161
Baja
Windows
CVE-2026-50508 Windows NTLM Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-50508
Baja
Microsoft
CVE-2026-26142 Nuance PowerScribe Remote Code Execution Vulnerability
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.
CVE-2026-26142
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11012 Use after free in Serial
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11012
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11029 Insufficient validation of untrusted input in Drag and Drop
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11029
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11045 Insufficient validation of untrusted input in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11045
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11065 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11065
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11072 Use after free in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11072
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11080 Use after free in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11080
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11082 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11082
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11108 Inappropriate implementation in NFC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11108
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11119 Insufficient validation of untrusted input in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11119
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11131 Use after free in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11131
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11145 Race in Geolocation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11145
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11148 Inappropriate implementation in Payments
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11148
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11175 Incorrect security UI in Messages
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11175
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11188 Use after free in USB
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11188
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11226 Insufficient policy enforcement in PreviewTab
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11226
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11263 Insufficient policy enforcement in WebAuthentication
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11263
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11287 Insufficient validation of untrusted input in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11287
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11295 Inappropriate implementation in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11295
Baja
Microsoft Office
CVE-2026-33113 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-33113
Baja
Dynamics
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
CVE-2026-40371
Baja
Windows
CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-42828
Baja
Windows
CVE-2026-42829 Windows Administrator Protection Secure Feature Bypass Vulnerability
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
CVE-2026-42829
Baja
Microsoft
CVE-2026-42835 Microsoft Teams for Android Information Disclosure Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
CVE-2026-42835
Baja
Visual Studio
CVE-2026-40376 Visual Studio Code Elevation of Privilege Vulnerability
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-40376
Baja
Microsoft Office
CVE-2026-44822 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-44822
Baja
Microsoft Office
CVE-2026-45454 Microsoft SharePoint Remote Code Execution Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-45454
Baja
Microsoft Office
CVE-2026-45455 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-45455
Baja
Microsoft Office
CVE-2026-45457 Microsoft Word Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45457
Baja
Microsoft Office
CVE-2026-45459 Microsoft Excel Security Feature Bypass Vulnerability
Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-45459
Baja
Microsoft Office
CVE-2026-45462 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45462
Baja
Microsoft Office
CVE-2026-45463 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45463
Baja
Microsoft Office
CVE-2026-45464 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45464
Baja
Microsoft Office
CVE-2026-45465 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45465
Baja
Azure
CVE-2026-45476 Microsoft Azure Network Adapter Elevation of Privilege Vulnerability
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-45476
Baja
Visual Studio
CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-45482
Baja
Windows
CVE-2026-45586 Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.
CVE-2026-45586
Baja
Microsoft
CVE-2026-45591 ASP.NET Core Denial of Service Vulnerability
Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-45591
Baja
Windows
CVE-2026-45592 Windows Internet (wininet.dll) Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-45592
Sin clasificar
Windows
CVE-2026-45593 Windows SDK Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-45593
Baja
Windows
CVE-2026-45594 Windows Application Identity (AppID) Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
CVE-2026-45594
Baja
Windows
CVE-2026-45604 Windows Managed Installer Information Disclosure Vulnerability
Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
CVE-2026-45604
Baja
Windows
CVE-2026-45595 Windows Mark of the Web Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-45595
Sin clasificar
Windows
CVE-2026-45597 Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-45597
Baja
Windows
CVE-2026-45599 Windows UPnP Device Host Remote Code Execution Vulnerability
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
CVE-2026-45599
Baja
Windows
CVE-2026-45601 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45601
Baja
Windows
CVE-2026-45598 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45598
Baja
Windows
CVE-2026-45636 Windows NTFS Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-45636
Baja
Windows
CVE-2026-45596 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45596
Baja
Windows
CVE-2026-45600 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-45600
Baja
Windows
CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
CVE-2026-45602
Baja
Windows
CVE-2026-45635 Windows UPnP Device Host Remote Code Execution Vulnerability
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
CVE-2026-45635
Baja
Windows
CVE-2026-45638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45638
Baja
Windows
CVE-2026-45603 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45603
Baja
Windows
CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-45637
Baja
Windows
CVE-2026-45608 Windows DHCP Client Information Disclosure Vulnerability
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
CVE-2026-45608
Baja
Microsoft
CVE-2026-45644 Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.
CVE-2026-45644
Baja
Windows
CVE-2026-45653 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-45653
Baja
Windows
CVE-2026-45654 Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-45654
Baja
Defender
CVE-2026-45647 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2026-45647
Baja
Windows
CVE-2026-45658 Windows BitLocker Security Feature Bypass Vulnerability
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-45658
Baja
Visual Studio
CVE-2026-47281 Visual Studio Code Elevation of Privilege Vulnerability
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-47281
Baja
Visual Studio
CVE-2026-47284 Visual Studio Code Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.
CVE-2026-47284
Baja
Microsoft Office
CVE-2026-47293 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-47293
Baja
Windows
CVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability
Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.
CVE-2026-42910
Baja
Microsoft Office
CVE-2026-47634 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47634
Baja
Microsoft Office
CVE-2026-47640 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47640
Baja
Azure
CVE-2026-47643 Azure Stack Edge Remote Code Execution Vulnerability
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
CVE-2026-47643
Baja
Microsoft Office
CVE-2026-45481 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45481
Baja
Microsoft Office
CVE-2026-45484 Microsoft SharePoint Elevation of Privilege Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2026-45484
Baja
Windows
CVE-2026-47656 Windows Boot Manager Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-47656
Baja
Microsoft Office
CVE-2026-48560 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-48560
Baja
Microsoft Office
CVE-2026-48562 Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-48562
Baja
Windows
CVE-2026-48565 Windows Narrator Braille Elevation of Privilege Vulnerability
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
CVE-2026-48565
Baja
Visual Studio
CVE-2026-48569 Visual Studio Code Security Feature Bypass Vulnerability
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-48569
Media
Windows
CVE-2026-48574 Windows Media Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-48574
Baja
Microsoft
CVE-2026-49160 HTTP.sys Denial of Service Vulnerability
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
CVE-2026-49160
Baja
Windows
CVE-2026-50507 Windows BitLocker Security Feature Bypass Vulnerability
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-50507
Baja
Microsoft
CVE-2026-50511 Microsoft PC Manager Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-50511
Baja
Microsoft
CVE-2026-50512 Microsoft PC Manager Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-50512
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11297 Insufficient validation of untrusted input in Reader Mode
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11297
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10883 Out of bounds write in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10883
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10892 Out of bounds write in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10892
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10923 Use after free in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10923
Baja
Microsoft Edge
Chromium: CVE-2026-10929 Heap buffer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10929
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10934 Use after free in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10934
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10953 Use after free in Core
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10953
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10959 Use after free in Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10959
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-10967 Use after free in SurfaceCapture
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-10967
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11007 Insufficient validation of untrusted input in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11007
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11010 Use after free in WebShare
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11010
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11019 Inappropriate implementation in Payments
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11019
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11034 Insufficient validation of untrusted input in Tab Group Sync
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11034
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11064 Uninitialized Use in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11064
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11077 Out of bounds read in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11077
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11127 Inappropriate implementation in WebAPKs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11127
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11163 Use after free in Messages
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11163
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11167 Inappropriate implementation in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11167
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11172 Incorrect security UI in Contact Picker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11172
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11215 Inappropriate implementation in Cronet
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11215
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11247 Insufficient policy enforcement in CustomTabs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11247
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11270 Inappropriate implementation in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11270
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11278 Inappropriate implementation in CustomTabs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11278
Baja
Microsoft Edge
Chromium: CVE-2026-11290 Integer overflow in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11290
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11035 Insufficient validation of untrusted input in Custom Tabs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11035
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-11097 Inappropriate implementation in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11097
Baja
Windows
CVE-2026-42836 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-42836
Baja
Windows
CVE-2026-42837 Windows Projected File System Elevation of Privilege Vulnerability
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-42837
Sin clasificar
Windows
CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability
Information published.
CVE-2026-42903
Baja
Windows
CVE-2026-42904 Windows TCP/IP Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-42904
Sin clasificar
Windows
CVE-2026-42905 Windows DWM Core Library Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-42905
Baja
Windows
CVE-2026-42906 Windows Shell Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
CVE-2026-42906
Baja
Windows
CVE-2026-42907 Windows Shell Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
CVE-2026-42907
Baja
Windows
CVE-2026-42908 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-42908
Baja
Windows
CVE-2026-42980 NT OS Kernel Elevation of Privilege Vulnerability
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42980
Baja
Microsoft
CVE-2026-42909 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42909
Baja
Windows
CVE-2026-42916 NT OS Kernel Elevation of Privilege Vulnerability
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42916
Baja
Windows
CVE-2026-42911 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-42911
Baja
Microsoft
CVE-2026-42913 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42913
Baja
Windows
CVE-2026-42912 Windows Telephony Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-42912
Sin clasificar
Windows
CVE-2026-42914 Windows Kerberos Denial of Service Vulnerability
Information published.
CVE-2026-42914
Baja
Windows
CVE-2026-42915 Windows TCP/IP Denial of Service Vulnerability
Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.
CVE-2026-42915
Baja
Windows
CVE-2026-42968 Windows Telephony Server Information Disclosure Vulnerability
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
CVE-2026-42968
Baja
Windows
CVE-2026-42972 Windows Hyper-V Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
CVE-2026-42972
Baja
Windows
CVE-2026-42969 Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42969
Baja
Windows
CVE-2026-42971 Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42971
Baja
Windows
CVE-2026-42970 Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42970
Baja
Windows
CVE-2026-42973 Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42973
Baja
Windows
CVE-2026-42984 Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42984
Baja
Windows
CVE-2026-42981 Windows Performance Monitor Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-42981
Baja
Windows
CVE-2026-42974 Windows Performance Monitor Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-42974
Baja
Microsoft
CVE-2026-42986 Microsoft Graphics Component Elevation of Privilege Vulnerability
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-42986
Baja
Windows
CVE-2026-42978 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42978
Baja
Windows
CVE-2026-42977 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42977
Baja
Windows
CVE-2026-42979 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42979
Baja
Windows
CVE-2026-42991 Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42991
Baja
Microsoft
CVE-2026-42989 Winlogon Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-42989
Baja
Windows
CVE-2026-44809 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-44809
Baja
Windows
CVE-2026-44810 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
CVE-2026-44810
Baja
Microsoft
CVE-2026-42992 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42992
Baja
Windows
CVE-2026-44805 Windows Network Controller (NC) Host Agent Denial of Service Vulnerability
Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.
CVE-2026-44805
Baja
Windows
CVE-2026-44811 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44811
Baja
Windows
CVE-2026-44808 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44808
Baja
Windows
CVE-2026-44807 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44807
Baja
Microsoft
CVE-2026-44799 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-44799
Baja
Windows
CVE-2026-44815 DHCP Client Service Remote Code Execution Vulnerability
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
CVE-2026-44815
Baja
Windows
CVE-2026-42983 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42983
Baja
Windows
CVE-2026-44802 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44802
Baja
Windows
CVE-2026-44814 Windows DWM Core Library Information Disclosure Vulnerability
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-44814
Baja
Microsoft
CVE-2026-44801 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-44801
Baja
Microsoft
CVE-2026-42985 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42985
Baja
Windows
CVE-2026-42987 Windows Deployment Services (WDS) Remote Code Execution
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
CVE-2026-42987
Baja
Windows
CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-44803
Baja
Windows
CVE-2026-44812 Windows Graphics Component Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-44812
Baja
Microsoft
CVE-2026-42993 Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42993
Baja
Windows
CVE-2026-44813 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44813
Baja
Windows
CVE-2026-44804 Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44804
Sin clasificar
Exchange Server
CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability
Added links to June 2026 Exchange Server security updates. Microsoft recommends installing this updates as soon as possible.
CVE-2026-42897
Sin clasificar
Microsoft 365
CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability
Added Microsoft Excel for Android, Microsoft Word for Android, Microsoft Loop for Android, Microsoft PowerPoint for Android and Microsoft OneNote for Android softwares to the Security Updates table. Customers that ar...
CVE-2026-41100
Sin clasificar
Windows
CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
Added Office softwares to the Security Updates table. Customers that are running supported versions of Office are encouraged to update to the indicated versions to be protected from this vulnerability.
CVE-2026-21530
Sin clasificar
Windows
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Updated product information in the Software Update table. This is an informational change only.
CVE-2026-45585
Sin clasificar
Windows
CVE-2024-49075 Windows Remote Desktop Services Denial of Service Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...
CVE-2024-49075
Sin clasificar
Windows
CVE-2024-49123 Windows Remote Desktop Services Remote Code Execution Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...
CVE-2024-49123
Sin clasificar
Windows
CVE-2024-49132 Windows Remote Desktop Services Remote Code Execution Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...
CVE-2024-49132
Sin clasificar
Windows
CVE-2025-21330 Windows Remote Desktop Services Denial of Service Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...
CVE-2025-21330
Sin clasificar
Windows
CVE-2024-43582 Remote Desktop Protocol Server Remote Code Execution Vulnerability
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating...
CVE-2024-43582
Sin clasificar
Windows
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Added links to June 2026 Windows security updates. Microsoft recommends installing this updates as soon as possible.
CVE-2026-45585
Sin clasificar
Windows
CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
To comprehensively address the vulnerability identified by CVE-2020-17103, Microsoft recommends installing the June 2026 updates for your Windows operating systems.
CVE-2020-17103
Baja
Microsoft
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
Information published.
CVE-2026-27144
Sin clasificar
Microsoft
CVE-2026-32280 Unexpected work during chain building in crypto/x509
Information published.
CVE-2026-32280
Sin clasificar
Microsoft
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Information published.
CVE-2026-27143
Sin clasificar
Microsoft
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
Information published.
CVE-2026-27140
Sin clasificar
Microsoft
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template
Information published.
CVE-2026-27142
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Sin clasificar
Microsoft
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-39833
Sin clasificar
Microsoft
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Information published.
CVE-2026-42250
Sin clasificar
Microsoft
CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory
Information published.
CVE-2026-42496
Sin clasificar
Microsoft
CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification
Information published.
CVE-2026-42790
Sin clasificar
Microsoft
CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
Information published.
CVE-2026-48962
Baja
Microsoft
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Information published.
CVE-2026-25243
Baja
Microsoft
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
Information published.
CVE-2026-23631
Baja
Microsoft
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution
Information published.
CVE-2026-23479
Sin clasificar
Microsoft
CVE-2026-33811 Crash when handling long CNAME response in net
Information published.
CVE-2026-33811
Sin clasificar
Microsoft
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Information published.
CVE-2026-39820
Sin clasificar
Windows
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Information published.
CVE-2026-39836
Sin clasificar
Microsoft
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Information published.
CVE-2026-42499
Sin clasificar
Microsoft
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Information published.
CVE-2026-42501
Sin clasificar
Microsoft
CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c
Information published.
CVE-2026-40528
Baja
Microsoft
CVE-2026-40510 OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c
Information published.
CVE-2026-40510
Media
Microsoft
CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation
Information published.
CVE-2026-42789
Sin clasificar
Microsoft
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
Information published.
CVE-2025-15649
Baja
Microsoft
CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward
Information published.
CVE-2026-48959
Sin clasificar
Microsoft
CVE-2026-46250 MIPS: Work around LLVM bug when gp is used as global register variable
Information published.
CVE-2026-46250
Sin clasificar
Microsoft
CVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime
Information published.
CVE-2026-42504
Sin clasificar
Microsoft
CVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,
Information published.
CVE-2026-50219
Baja
Microsoft
CVE-2026-10722 cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow
Information published.
CVE-2026-10722
Baja
Microsoft
CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service
Information published.
CVE-2026-43958
Sin clasificar
Microsoft
CVE-2026-11463 USCiLab Cereal Shared Pointer type confusion
Information published.
CVE-2026-11463
Sin clasificar
Microsoft
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service
Information published.
CVE-2026-49975
Sin clasificar
Microsoft
CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body
Information published.
CVE-2026-40930
Baja
Microsoft
CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders
Information published.
CVE-2026-10879
Baja
Microsoft
CVE-2026-50256 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch
Information published.
CVE-2026-50256
Sin clasificar
Microsoft
CVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes
Information published.
CVE-2026-50262
Sin clasificar
Microsoft
CVE-2026-50260 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()
Information published.
CVE-2026-50260
Sin clasificar
Microsoft
CVE-2026-50257 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()
Information published.
CVE-2026-50257
Baja
Microsoft
CVE-2026-50258 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels
Information published.
CVE-2026-50258
Sin clasificar
Microsoft
CVE-2026-50263 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()
Information published.
CVE-2026-50263
Sin clasificar
Microsoft
CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory
Information published.
CVE-2026-8643
Baja
Microsoft
CVE-2026-50031 ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Two subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" were found to have exploitable buffer overflows on response messages.
Information published.
CVE-2026-50031
Sin clasificar
Microsoft
CVE-2026-46272 coresight: tmc-etr: Fix race condition between sysfs and perf mode
Information published.
CVE-2026-46272
Sin clasificar
Microsoft
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto
Information published.
CVE-2026-42507
Sin clasificar
Microsoft
CVE-2026-50292 In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution
Information published.
CVE-2026-50292
Sin clasificar
Microsoft
CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509
Information published.
CVE-2026-27145
Baja
Microsoft
CVE-2026-37460 Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Information published.
CVE-2026-37460
Baja
Microsoft
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
Information published.
CVE-2026-7774
Sin clasificar
Microsoft
CVE-2026-50265 Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292
Information published.
CVE-2026-50265
CVE-2026-50292
Sin clasificar
Microsoft
CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()
Information published.
CVE-2026-50261
Baja
Microsoft
CVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing
Information published.
CVE-2026-50259
Sin clasificar
Microsoft Edge
CVE-2026-35429 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-35429
Sin clasificar
Microsoft Edge
CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-33118
Sin clasificar
Microsoft
CVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime
Information published.
CVE-2026-42504
Sin clasificar
Microsoft
CVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,
Information published.
CVE-2026-50219
Baja
Microsoft
CVE-2026-10722 cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow
Information published.
CVE-2026-10722
Baja
Microsoft
CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service
Information published.
CVE-2026-43958
Sin clasificar
Microsoft
CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory
Information published.
CVE-2026-8643
Sin clasificar
Microsoft
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto
Information published.
CVE-2026-42507
Sin clasificar
Microsoft
CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509
Information published.
CVE-2026-27145
Sin clasificar
Microsoft
CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution
Information published.
CVE-2026-11332
Baja
Microsoft
CVE-2026-37460 Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Information published.
CVE-2026-37460
Sin clasificar
Microsoft
CVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal
Information published.
CVE-2026-5419
Sin clasificar
Microsoft
CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities
Information published.
CVE-2026-8829
Sin clasificar
Microsoft
CVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()
Information published.
CVE-2026-3276
Baja
Microsoft
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
Information published.
CVE-2026-7774
Sin clasificar
Windows
CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-33841
Sin clasificar
Windows
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
This CVE was updated to fix the download link for .NET Framework 3.8 & 4.81 for Windows 2025
CVE-2026-32177
Sin clasificar
Windows
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
This CVE was updated to fix the download link for .NET Framework 3.8 & 4.81 for Windows 2025
CVE-2026-35433
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Sin clasificar
Microsoft
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
CVE-2026-25680
Baja
Azure
CVE-2026-48567 Azure HorizonDB Elevation of Privilege Vulnerability
Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-48567
Baja
Microsoft
CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-42824
Baja
Microsoft
CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
CVE-2026-45497
Baja
Microsoft Edge
CVE-2026-47644 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
CVE-2026-47644
Baja
Microsoft
CVE-2026-47655 Microsoft Graph Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network.
CVE-2026-47655
Baja
Microsoft
CVE-2026-48579 Microsoft Exchange Online Information Disclosure Vulnerability
Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.
CVE-2026-48579
Sin clasificar
Microsoft
CVE-2025-1149 GNU Binutils ld xmalloc.c xstrdup memory leak
Information published.
CVE-2025-1149
Sin clasificar
Microsoft
CVE-2026-35414 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
Information published.
CVE-2026-35414
Sin clasificar
Microsoft
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
Information published.
CVE-2026-41140
Sin clasificar
Microsoft
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42506
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Information published.
CVE-2026-27136
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Information published.
CVE-2026-39828
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Baja
Microsoft
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Information published.
CVE-2026-9150
Baja
Microsoft
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
Information published.
CVE-2026-9149
Baja
Microsoft
CVE-2026-43964 Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
Information published.
CVE-2026-43964
Sin clasificar
Microsoft
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
CVE-2026-25680
Sin clasificar
Microsoft
CVE-2024-7598 Network restriction bypass via race condition during namespace termination
Information published.
CVE-2024-7598
Baja
Microsoft
CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
Information published.
CVE-2025-29923
Baja
Microsoft
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve
Information published.
CVE-2026-25541
Baja
Microsoft
CVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).
Information published.
CVE-2025-60876
Sin clasificar
Microsoft
CVE-2020-8561 Webhook redirect in kube-apiserver
Information published.
CVE-2020-8561
Sin clasificar
Microsoft
CVE-2021-25740 Holes in EndpointSlice Validation Enable Host Network Hijack
Information published.
CVE-2021-25740
Sin clasificar
Microsoft
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Information published.
CVE-2025-61729
Sin clasificar
Microsoft
CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Information published.
CVE-2025-61727
Sin clasificar
Microsoft
CVE-2025-5791 Users: `root` appended to group listings
Information published.
CVE-2025-5791
Sin clasificar
Microsoft
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion
Information published.
CVE-2025-9403
Sin clasificar
Microsoft
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
Information published.
CVE-2025-58160
Sin clasificar
Microsoft
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Information published.
CVE-2025-58188
Sin clasificar
Microsoft
CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Information published.
CVE-2025-58183
Sin clasificar
Microsoft
CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
Information published.
CVE-2025-61725
Sin clasificar
Microsoft
CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Information published.
CVE-2025-58186
Sin clasificar
Microsoft
CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
Information published.
CVE-2025-61724
Sin clasificar
Microsoft
CVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
Information published.
CVE-2025-46327
Sin clasificar
Microsoft
CVE-2024-58251 In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.
Information published.
CVE-2024-58251
Sin clasificar
Microsoft
CVE-2025-46394 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
Information published.
CVE-2025-46394
Sin clasificar
Microsoft
CVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leak
Information published.
CVE-2025-3198
Baja
Microsoft
CVE-2013-1633 easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
Information published.
CVE-2013-1633
Baja
Microsoft
CVE-2024-58266 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
Information published.
CVE-2024-58266
Sin clasificar
Microsoft
CVE-2023-27043 The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
Information published.
CVE-2023-27043
Baja
Microsoft
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
Information published.
CVE-2025-1176
Sin clasificar
Microsoft
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
Information published.
CVE-2025-1178
Sin clasificar
Microsoft
CVE-2025-1151 GNU Binutils ld xmemdup.c xmemdup memory leak
Information published.
CVE-2025-1151
Sin clasificar
Microsoft
CVE-2025-1150 GNU Binutils ld libbfd.c bfd_malloc memory leak
Information published.
CVE-2025-1150
Sin clasificar
Microsoft
CVE-2025-1180 GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption
Information published.
CVE-2025-1180
Sin clasificar
Microsoft
CVE-2025-1152 GNU Binutils ld xstrdup.c xstrdup memory leak
Information published.
CVE-2025-1152
Sin clasificar
Microsoft
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Information published.
CVE-2026-29181
Baja
Microsoft
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
Information published.
CVE-2026-27144
Sin clasificar
Microsoft
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
Information published.
CVE-2026-32282
Sin clasificar
Microsoft
CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
Information published.
CVE-2026-40226
Baja
Microsoft
CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal
Information published.
CVE-2026-5928
Sin clasificar
Microsoft
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Information published.
CVE-2026-6357
Sin clasificar
Microsoft
CVE-2026-41607 Apache Thrift: C++ JSON OOB read
Information published.
CVE-2026-41607
Crítica
Microsoft
CVE-2026-41526 In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.
Information published.
CVE-2026-41526
Baja
Microsoft
CVE-2026-40356 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
Information published.
CVE-2026-40356
Sin clasificar
Windows
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
Information published.
CVE-2026-3087
Sin clasificar
Microsoft
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Information published.
CVE-2026-6842
Sin clasificar
Microsoft
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Information published.
CVE-2026-39882
Sin clasificar
Microsoft
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Information published.
CVE-2026-32288
Sin clasificar
Microsoft
CVE-2026-32281 Inefficient policy validation in crypto/x509
Information published.
CVE-2026-32281
Sin clasificar
Microsoft
CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template
Information published.
CVE-2026-32289
Sin clasificar
Microsoft
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
Information published.
CVE-2026-32283
Sin clasificar
Microsoft
CVE-2026-32280 Unexpected work during chain building in crypto/x509
Information published.
CVE-2026-32280
Sin clasificar
Microsoft
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Information published.
CVE-2026-27143
Sin clasificar
Microsoft
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
Information published.
CVE-2026-27140
Sin clasificar
Microsoft
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Information published.
CVE-2026-1502
Sin clasificar
Microsoft
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Information published.
CVE-2026-6100
Sin clasificar
Microsoft
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Information published.
CVE-2026-4786
CVE-2026-4519
Baja
Microsoft
CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal
Information published.
CVE-2026-5358
Baja
Microsoft
CVE-2026-5450 scanf %mc off-by-one heap buffer overflow
Information published.
CVE-2026-5450
Sin clasificar
Microsoft
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Information published.
CVE-2026-3219
Sin clasificar
Microsoft
CVE-2026-40225 In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
Information published.
CVE-2026-40225
Baja
Microsoft
CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path
Information published.
CVE-2026-5435
Sin clasificar
Microsoft
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters
Information published.
CVE-2026-6019
Sin clasificar
Microsoft
CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field
Information published.
CVE-2026-6238
Baja
Microsoft
CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow
Information published.
CVE-2026-41606
Sin clasificar
Microsoft
CVE-2026-40355 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
Information published.
CVE-2026-40355
Sin clasificar
Microsoft
CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file
Information published.
CVE-2026-6845
Sin clasificar
Microsoft
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
Information published.
CVE-2026-6843
Baja
Microsoft
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
Information published.
CVE-2026-3832
Sin clasificar
Microsoft
CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation
Information published.
CVE-2026-6383
Baja
Microsoft
CVE-2024-30896 InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API.
Information published.
CVE-2024-30896
Sin clasificar
Microsoft
CVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on drop
Information published.
CVE-2025-4574
Sin clasificar
Microsoft
CVE-2019-11254 Kubernetes API Server denial of service vulnerability from malicious YAML payloads
Information published.
CVE-2019-11254
Sin clasificar
Microsoft
CVE-2023-1386 Qemu: 9pfs: suid/sgid bits not dropped on file write
Information published.
CVE-2023-1386
Sin clasificar
Microsoft
CVE-2026-2297 SourcelessFileLoader does not use io.open_code()
Information published.
CVE-2026-2297
Sin clasificar
Microsoft
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template
Information published.
CVE-2026-27142
Baja
Microsoft
CVE-2026-4224 Stack overflow parsing XML with deeply nested DTD content models
Information published.
CVE-2026-4224
Sin clasificar
Microsoft
CVE-2026-3644 Incomplete control character validation in http.cookies
Information published.
CVE-2026-3644
Sin clasificar
Microsoft
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
Information published.
CVE-2026-4948
Baja
Microsoft
CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow
Information published.
CVE-2026-3713
Sin clasificar
Microsoft
CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
Information published.
CVE-2025-13462
Sin clasificar
Microsoft
CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message
Information published.
CVE-2026-0968
Baja
Microsoft
CVE-2026-37457 An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.
Information published.
CVE-2026-37457
Sin clasificar
Azure
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Information published.
CVE-2026-42151
Baja
Microsoft
CVE-2026-33846 Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly
Information published.
CVE-2026-33846
Sin clasificar
Microsoft
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Information published.
CVE-2026-33814
Sin clasificar
Microsoft
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Information published.
CVE-2026-39823
Sin clasificar
Microsoft
CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals
Information published.
CVE-2026-41889
Baja
Microsoft
CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro
Information published.
CVE-2026-43894
Baja
Microsoft
CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge
Information published.
CVE-2026-43896
Sin clasificar
Microsoft
CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
Information published.
CVE-2026-43895
Baja
Microsoft
CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains
Information published.
CVE-2026-40612
Sin clasificar
Microsoft
CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f
Information published.
CVE-2026-41256
Sin clasificar
Microsoft
CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences
Information published.
CVE-2026-8177
Baja
Microsoft
CVE-2026-44777 jq: stack overflow in module loading on mutual `include`
Information published.
CVE-2026-44777
Sin clasificar
Microsoft
CVE-2026-4873 connection reuse ignores TLS requirement
Information published.
CVE-2026-4873
Sin clasificar
Microsoft
CVE-2026-6429 netrc credential leak with reused proxy connection
Information published.
CVE-2026-6429
Sin clasificar
Microsoft
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
Information published.
CVE-2026-5545
Sin clasificar
Microsoft
CVE-2026-6253 proxy credentials leak over redirect-to proxy
Information published.
CVE-2026-6253
Sin clasificar
Microsoft
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Information published.
CVE-2026-42304
Sin clasificar
Microsoft
CVE-2026-4893 CVE-2026-4893
Information published.
CVE-2026-4893
Sin clasificar
Microsoft
CVE-2026-2291 CVE-2026-2291
Information published.
CVE-2026-2291
Sin clasificar
Microsoft
CVE-2026-5172 CVE-2026-5172
Information published.
CVE-2026-5172
Sin clasificar
Microsoft
CVE-2026-4890 CVE-2026-4890
Information published.
CVE-2026-4890
Sin clasificar
Microsoft
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
Information published.
CVE-2026-34956
Sin clasificar
Microsoft
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Information published.
CVE-2026-7210
Sin clasificar
Microsoft
CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
Information published.
CVE-2026-43969
Baja
Microsoft
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
Information published.
CVE-2026-45803
Sin clasificar
Microsoft
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
Information published.
CVE-2026-42009
Sin clasificar
Microsoft
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42506
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Information published.
CVE-2026-27136
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39829
Sin clasificar
Microsoft
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
Information published.
CVE-2026-39830
Baja
Microsoft
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Information published.
CVE-2026-46597
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
Information published.
CVE-2026-39834
Sin clasificar
Microsoft
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Information published.
CVE-2026-39828
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Sin clasificar
Microsoft
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-39833
Sin clasificar
Microsoft
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Information published.
CVE-2026-5222
Baja
Microsoft
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Information published.
CVE-2026-25243
Baja
Microsoft
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
Information published.
CVE-2026-23631
Baja
Microsoft
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution
Information published.
CVE-2026-23479
Sin clasificar
Microsoft
CVE-2026-33811 Crash when handling long CNAME response in net
Information published.
CVE-2026-33811
Sin clasificar
Microsoft
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Information published.
CVE-2026-39817
Baja
Microsoft
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Information published.
CVE-2026-39819
Sin clasificar
Microsoft
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Information published.
CVE-2026-39820
Sin clasificar
Microsoft
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Information published.
CVE-2026-39825
Sin clasificar
Microsoft
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Information published.
CVE-2026-39826
Sin clasificar
Windows
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Information published.
CVE-2026-39836
Sin clasificar
Microsoft
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Information published.
CVE-2026-42499
Sin clasificar
Microsoft
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Information published.
CVE-2026-42501
Baja
Microsoft
CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)
Information published.
CVE-2026-41257
Sin clasificar
Microsoft
CVE-2026-6276 stale custom cookie host causes cookie leak
Information published.
CVE-2026-6276
Sin clasificar
Microsoft
CVE-2026-7168 cross-proxy Digest auth state leak
Information published.
CVE-2026-7168
Sin clasificar
Microsoft
CVE-2026-4891 CVE-2026-4891
Information published.
CVE-2026-4891
Sin clasificar
Microsoft
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username
Information published.
CVE-2026-42010
Sin clasificar
Microsoft
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
Information published.
CVE-2026-7790
Sin clasificar
Microsoft
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Information published.
CVE-2026-43968
Sin clasificar
Microsoft
CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects
Information published.
CVE-2026-8368
Sin clasificar
Microsoft
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
Information published.
CVE-2026-8328
Sin clasificar
Microsoft
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Information published.
CVE-2026-39821
Sin clasificar
Microsoft
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
CVE-2026-25680
Sin clasificar
Microsoft
CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
Information published.
CVE-2026-8466
Sin clasificar
Microsoft
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Information published.
CVE-2026-5223
Sin clasificar
Microsoft
CVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directive
Information published.
CVE-2026-44896
Sin clasificar
Microsoft
CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability
Information published.
CVE-2026-44899
Baja
Microsoft
CVE-2025-55551 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
Information published.
CVE-2025-55551
Baja
Microsoft
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
Information published.
CVE-2025-11083
Baja
Microsoft
CVE-2025-55554 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
Information published.
CVE-2025-55554
Sin clasificar
Microsoft
CVE-2026-40361 Microsoft Outlook and Word Remote Code Execution Vulnerability
Updated CVE title. This is an informational change only.
CVE-2026-40361
Sin clasificar
Microsoft
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference
Information published.
CVE-2025-15504
Sin clasificar
Microsoft
CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
Information published.
CVE-2017-3736
Baja
Microsoft
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Information published.
CVE-2026-31789
Sin clasificar
Microsoft
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
CVE-2026-28387
Sin clasificar
Microsoft
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Information published.
CVE-2026-28388
Sin clasificar
Microsoft
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Information published.
CVE-2026-34757
Sin clasificar
Microsoft
CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
Information published.
CVE-2026-41080
Sin clasificar
Microsoft
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Information published.
CVE-2026-28389
Sin clasificar
Microsoft
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
CVE-2026-28390
Baja
Microsoft
CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
Information published.
CVE-2026-34875
Baja
Microsoft
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Information published.
CVE-2026-34874
Baja
Microsoft
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Information published.
CVE-2026-34876
Sin clasificar
Microsoft
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Information published.
CVE-2026-25835
Sin clasificar
Microsoft
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Information published.
CVE-2025-66442
Sin clasificar
Microsoft
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Information published.
CVE-2026-34873
Sin clasificar
Microsoft
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Information published.
CVE-2026-34871
Sin clasificar
Microsoft
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Information published.
CVE-2026-34872
Baja
Microsoft
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Information published.
CVE-2026-25834
Baja
Microsoft
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Information published.
CVE-2026-25833
Baja
Microsoft
CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`.
This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.
The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.
Impact:
* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
Information published.
CVE-2025-23167
Sin clasificar
Microsoft
CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.
The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.
This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
Information published.
CVE-2026-21717
Sin clasificar
Microsoft
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Information published.
CVE-2026-2673
Sin clasificar
Microsoft
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Information published.
CVE-2026-33671
Sin clasificar
Microsoft
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Information published.
CVE-2026-33672
Baja
Microsoft
CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.
As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.
This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.
Information published.
CVE-2026-21711
Sin clasificar
Microsoft
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
Information published.
CVE-2026-35579
Sin clasificar
Microsoft
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault
Information published.
CVE-2026-7261
Baja
Microsoft
CVE-2026-7568 Signed integer overflow in metaphone()
Information published.
CVE-2026-7568
Sin clasificar
Microsoft
CVE-2026-3592 Amplification vulnerabilities via self-pointed glue records
Information published.
CVE-2026-3592
Sin clasificar
Microsoft
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
Information published.
CVE-2026-42009
Sin clasificar
Microsoft
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Information published.
CVE-2026-8723
Baja
Microsoft
CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading
Information published.
CVE-2025-14575
Sin clasificar
Microsoft
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42506
Baja
Windows
CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows
Information published.
CVE-2026-39824
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Information published.
CVE-2026-27136
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39829
Sin clasificar
Microsoft
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
Information published.
CVE-2026-39830
Baja
Microsoft
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Information published.
CVE-2026-46597
Sin clasificar
Microsoft
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
Information published.
CVE-2026-39831
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
Information published.
CVE-2026-39834
Sin clasificar
Microsoft
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Information published.
CVE-2026-39828
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Sin clasificar
Microsoft
CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
Information published.
CVE-2026-46595
Sin clasificar
Microsoft
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-39833
Sin clasificar
Microsoft
CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
Information published.
CVE-2026-42508
Sin clasificar
Microsoft
CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Information published.
CVE-2026-6402
Sin clasificar
Microsoft
CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments
Information published.
CVE-2026-44844
Sin clasificar
Microsoft
CVE-2026-44708 Mistune Math Plugin XSS Escape Bypass
Information published.
CVE-2026-44708
Sin clasificar
Microsoft
CVE-2026-44897 Mistune Heading ID Attribute Injection XSS
Information published.
CVE-2026-44897
Sin clasificar
Microsoft
CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()
Information published.
CVE-2026-47104
Sin clasificar
Microsoft
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Information published.
CVE-2026-42250
Sin clasificar
Microsoft
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
Information published.
CVE-2026-46232
Media
Microsoft
CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups
Information published.
CVE-2026-46235
Sin clasificar
Microsoft
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
Information published.
CVE-2026-46157
Baja
Microsoft
CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Information published.
CVE-2026-9538
Baja
Microsoft
CVE-2026-10028 Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain
Information published.
CVE-2026-10028
Sin clasificar
Microsoft
CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error
Information published.
CVE-2026-6324
Baja
Microsoft
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Information published.
CVE-2026-7598
Sin clasificar
Microsoft
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD
Information published.
CVE-2026-7258
Sin clasificar
Microsoft
CVE-2026-6722 Use-After-Free in SOAP using Apache map
Information published.
CVE-2026-6722
Sin clasificar
Microsoft
CVE-2026-6735 XSS within PHP-FPM status endpoint
Information published.
CVE-2026-6735
Sin clasificar
Microsoft
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing
Information published.
CVE-2026-7262
Sin clasificar
Microsoft
CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings
Information published.
CVE-2025-14179
Sin clasificar
Microsoft
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
Information published.
CVE-2026-7259
Sin clasificar
Microsoft
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Information published.
CVE-2026-39821
Sin clasificar
Microsoft
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
CVE-2026-25680
Sin clasificar
Microsoft
CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-39832
Sin clasificar
Microsoft
CVE-2026-44898 Mistune TOC Anchor Injection XSS
Information published.
CVE-2026-44898
Sin clasificar
Microsoft
CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()
Information published.
CVE-2026-23679
Sin clasificar
Microsoft
CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually
Information published.
CVE-2026-46148
Sin clasificar
Microsoft
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback
Information published.
CVE-2026-46194
Baja
Microsoft
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams
Information published.
CVE-2026-46179
Sin clasificar
Microsoft
CVE-2026-46143 ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens
Information published.
CVE-2026-46143
Sin clasificar
Microsoft
CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size
Information published.
CVE-2026-46169
Sin clasificar
Microsoft
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
Information published.
CVE-2026-46121
Sin clasificar
Microsoft
CVE-2026-46184 sound: ua101: fix division by zero at probe
Information published.
CVE-2026-46184
Sin clasificar
Microsoft
CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs
Information published.
CVE-2026-41184
Sin clasificar
Microsoft
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling
Information published.
CVE-2026-42015
Sin clasificar
Microsoft
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
Information published.
CVE-2025-15649
Baja
Microsoft
CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI
Information published.
CVE-2026-44839
Baja
Microsoft
CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward
Information published.
CVE-2026-48959
Sin clasificar
Microsoft Edge
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-45495
Sin clasificar
Microsoft Edge
CVE-2026-45494 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-45494
Sin clasificar
Windows
CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability
Updated Hotpatch links. This is in informational change only.
CVE-2026-42825
Sin clasificar
Microsoft
CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption
Updated Hotpatch links. This is in informational change only.
CVE-2025-54518
Sin clasificar
Visual Studio
CVE-2025-6965 Integer Truncation on SQLite
Added Visual Studio software to the Security Updates table. Customers that are running supported version of Visual Studio are encouraged to update to the indicated version to be protected from this vulnerability.
CVE-2025-6965
Sin clasificar
Microsoft
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39829
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Information published.
CVE-2026-39821
Baja
Microsoft
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Information published.
Baja
Microsoft
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Information published.
Baja
Microsoft
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Information published.
Sin clasificar
Microsoft
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference
Information published.
CVE-2025-15504
Baja
Microsoft
CVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.
Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.
Information published.
CVE-2024-36137
Baja
Microsoft
CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.
This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.
This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
Information published.
CVE-2024-22018
Sin clasificar
Microsoft
CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
Information published.
CVE-2017-3736
Baja
Microsoft
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Information published.
CVE-2026-31789
Sin clasificar
Microsoft
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
CVE-2026-28387
Sin clasificar
Microsoft
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Information published.
CVE-2026-28388
Sin clasificar
Microsoft
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Information published.
CVE-2026-28389
Sin clasificar
Microsoft
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
CVE-2026-28390
Baja
Microsoft
CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
Information published.
CVE-2026-34875
Baja
Microsoft
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Information published.
CVE-2026-34874
Baja
Microsoft
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Information published.
CVE-2026-34876
Sin clasificar
Microsoft
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Information published.
CVE-2026-25835
Sin clasificar
Microsoft
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Information published.
CVE-2025-66442
Sin clasificar
Microsoft
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Information published.
CVE-2026-34873
Sin clasificar
Microsoft
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Information published.
CVE-2026-34871
Sin clasificar
Microsoft
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Information published.
CVE-2026-34872
Baja
Microsoft
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Information published.
CVE-2026-25834
Baja
Microsoft
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Information published.
CVE-2026-25833
Baja
Microsoft
CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`.
This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.
The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.
Impact:
* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
Information published.
CVE-2025-23167
Sin clasificar
Microsoft
CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.
The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.
This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
Information published.
CVE-2026-21717
Sin clasificar
Microsoft
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Information published.
CVE-2026-2673
Sin clasificar
Microsoft
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Information published.
CVE-2026-33671
Sin clasificar
Microsoft
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Information published.
CVE-2026-33672
Baja
Microsoft
CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.
As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.
This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.
Information published.
CVE-2026-21711
Sin clasificar
Microsoft
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Information published.
CVE-2026-42250
Sin clasificar
Microsoft
CVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAF
Information published.
CVE-2026-46242
Sin clasificar
Microsoft
CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification
Information published.
CVE-2026-42790
Sin clasificar
Microsoft
CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans
Information published.
CVE-2026-42012
Sin clasificar
Microsoft
CVE-2026-9804 Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read
Information published.
CVE-2026-9804
Baja
Microsoft
CVE-2026-48864 Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data
Information published.
CVE-2026-48864
Sin clasificar
Microsoft
CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
Information published.
CVE-2026-48962
Sin clasificar
Microsoft
CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule
Information published.
CVE-2026-40034
Sin clasificar
Microsoft
CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c
Information published.
CVE-2026-40528
Baja
Microsoft
CVE-2026-40510 OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c
Information published.
CVE-2026-40510
Media
Microsoft
CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation
Information published.
CVE-2026-42789
Sin clasificar
Microsoft
CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name
Information published.
CVE-2026-42013
Sin clasificar
Microsoft
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling
Information published.
CVE-2026-42015
Sin clasificar
Microsoft
CVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchange
Information published.
CVE-2026-5260
Baja
Microsoft
CVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability
Information published.
CVE-2026-7374
Sin clasificar
Microsoft
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
Information published.
CVE-2025-15649
Baja
Microsoft
CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI
Information published.
CVE-2026-44839
Sin clasificar
Microsoft
CVE-2026-46219 spi: mpc52xx: fix use-after-free on unbind
Information published.
CVE-2026-46219
Sin clasificar
Microsoft
CVE-2026-46214 vsock/virtio: fix accept queue count leak on transport mismatch
Information published.
CVE-2026-46214
Sin clasificar
Microsoft
CVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-race
Information published.
CVE-2026-46137
Sin clasificar
Microsoft
CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length
Information published.
CVE-2026-46186
Sin clasificar
Microsoft
CVE-2026-46172 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()
Information published.
CVE-2026-46172
Sin clasificar
Microsoft
CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt
Information published.
CVE-2026-46168
Sin clasificar
Microsoft
CVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX path
Information published.
CVE-2026-46163
Baja
Microsoft
CVE-2026-46131 KVM: x86: check for nEPT/nNPT in slow flush hypercalls
Information published.
CVE-2026-46131
Sin clasificar
Microsoft
CVE-2026-46128 ipmi: Check event message buffer response for bad data
Information published.
CVE-2026-46128
Sin clasificar
Microsoft
CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails
Information published.
CVE-2026-46191
Sin clasificar
Microsoft
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
Information published.
CVE-2026-46232
Sin clasificar
Microsoft
CVE-2026-46220 drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
Information published.
CVE-2026-46220
Baja
Microsoft
CVE-2026-46107 dm-thin: fix metadata refcount underflow
Information published.
CVE-2026-46107
Sin clasificar
Microsoft
CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
Information published.
CVE-2026-46149
Sin clasificar
Microsoft
CVE-2026-46116 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
Information published.
CVE-2026-46116
Media
Microsoft
CVE-2026-46236 media: rc: xbox_remote: heed DMA restrictions
Information published.
CVE-2026-46236
Media
Microsoft
CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups
Information published.
CVE-2026-46235
Sin clasificar
Microsoft
CVE-2026-46177 ipmi: Add limits to event and receive message requests
Information published.
CVE-2026-46177
Sin clasificar
Microsoft
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
Information published.
CVE-2026-46157
Sin clasificar
Microsoft
CVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if last
Information published.
CVE-2026-46170
Sin clasificar
Microsoft
CVE-2026-46230 drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg
Information published.
CVE-2026-46230
Sin clasificar
Microsoft
CVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_put
Information published.
CVE-2026-46123
Sin clasificar
Microsoft
CVE-2026-46108 ipmi:si: Return state to normal if message allocation fails
Information published.
CVE-2026-46108
Sin clasificar
Microsoft
CVE-2026-46152 wifi: mac80211: drop stray 'static' from fast-RX rx_result
Information published.
CVE-2026-46152
Sin clasificar
Microsoft
CVE-2026-46112 RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
Information published.
CVE-2026-46112
Sin clasificar
Microsoft
CVE-2026-46114 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads
Information published.
CVE-2026-46114
Sin clasificar
Microsoft
CVE-2026-46125 wifi: mac80211: remove station if connection prep fails
Information published.
CVE-2026-46125
Sin clasificar
Microsoft
CVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
Information published.
CVE-2026-46227
Sin clasificar
Microsoft
CVE-2026-46153 8021q: delete cleared egress QoS mappings
Information published.
CVE-2026-46153
Sin clasificar
Microsoft
CVE-2026-46150 fanotify: fix false positive on permission events
Information published.
CVE-2026-46150
Sin clasificar
Microsoft
CVE-2026-46241 spi: mpc52xx: fix use-after-free on registration failure
Information published.
CVE-2026-46241
Sin clasificar
Microsoft
CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()
Information published.
CVE-2026-46147
Sin clasificar
Microsoft
CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown
Information published.
CVE-2026-46135
Sin clasificar
Microsoft
CVE-2026-46189 RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
Information published.
CVE-2026-46189
Sin clasificar
Microsoft
CVE-2026-46199 drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg
Information published.
CVE-2026-46199
Sin clasificar
Microsoft
CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response
Information published.
CVE-2026-46151
Sin clasificar
Microsoft
CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget
Information published.
CVE-2026-46124
Sin clasificar
Microsoft
CVE-2026-46106 eventfs: Hold eventfs_mutex and SRCU when remount walks events
Information published.
CVE-2026-46106
Sin clasificar
Microsoft
CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
Information published.
CVE-2026-46181
Sin clasificar
Microsoft
CVE-2026-46178 RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()
Information published.
CVE-2026-46178
Sin clasificar
Microsoft
CVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insert
Information published.
CVE-2026-46231
Sin clasificar
Microsoft
CVE-2026-46200 spi: mpc52xx: fix controller deregistration
Information published.
CVE-2026-46200
Sin clasificar
Microsoft
CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
Information published.
CVE-2026-46209
Sin clasificar
Microsoft
CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually
Information published.
CVE-2026-46148
Baja
Microsoft
CVE-2026-46198 batman-adv: fix integer overflow on buff_pos
Information published.
CVE-2026-46198
Sin clasificar
Microsoft
CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync
Information published.
CVE-2026-46111
Sin clasificar
Microsoft
CVE-2026-46195 smb: client: validate dacloffset before building DACL pointers
Information published.
CVE-2026-46195
Sin clasificar
Microsoft
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback
Information published.
CVE-2026-46194
Sin clasificar
Microsoft
CVE-2026-46109 usb: ulpi: fix memory leak on ulpi_register() error paths
Information published.
CVE-2026-46109
Sin clasificar
Microsoft
CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
Information published.
CVE-2026-46229
Sin clasificar
Microsoft
CVE-2026-46173 exit: prevent preemption of oopsing TASK_DEAD task
Information published.
CVE-2026-46173
Sin clasificar
Microsoft
CVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directory
Information published.
CVE-2026-46160
Sin clasificar
Microsoft
CVE-2026-46180 wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task
Information published.
CVE-2026-46180
Sin clasificar
Microsoft
CVE-2026-46185 smb/client: fix out-of-bounds read in symlink_data()
Information published.
CVE-2026-46185
Sin clasificar
Microsoft
CVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
Information published.
CVE-2026-46161
Sin clasificar
Microsoft
CVE-2026-46212 batman-adv: bla: prevent use-after-free when deleting claims
Information published.
CVE-2026-46212
Sin clasificar
Microsoft
CVE-2026-46234 vsock: fix buffer size clamping order
Information published.
CVE-2026-46234
Baja
Microsoft
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams
Information published.
CVE-2026-46179
Sin clasificar
Microsoft
CVE-2026-46196 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()
Information published.
CVE-2026-46196
Sin clasificar
Microsoft
CVE-2026-46133 RDMA/rxe: Reject unknown opcodes before ICRC processing
Information published.
CVE-2026-46133
Sin clasificar
Microsoft
CVE-2026-46129 btrfs: fix double free in create_space_info() error path
Information published.
CVE-2026-46129
Sin clasificar
Microsoft
CVE-2026-46204 drm/amdgpu/vcn4: Prevent OOB reads when parsing IB
Information published.
CVE-2026-46204
Sin clasificar
Microsoft
CVE-2026-46156 LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()
Information published.
CVE-2026-46156
Sin clasificar
Microsoft
CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt
Information published.
CVE-2026-46138
Sin clasificar
Microsoft
CVE-2026-46187 wifi: rsi: fix kthread lifetime race between self-exit and external-stop
Information published.
CVE-2026-46187
Sin clasificar
Microsoft
CVE-2026-46167 usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl
Information published.
CVE-2026-46167
Sin clasificar
Microsoft
CVE-2026-46113 KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
Information published.
CVE-2026-46113
Sin clasificar
Microsoft
CVE-2026-46206 batman-adv: reject new tp_meter sessions during teardown
Information published.
CVE-2026-46206
Sin clasificar
Microsoft
CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3)
Information published.
CVE-2026-46130
Sin clasificar
Microsoft
CVE-2026-46119 libceph: Fix slab-out-of-bounds access in auth message processing
Information published.
CVE-2026-46119
Sin clasificar
Microsoft
CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size
Information published.
CVE-2026-46169
Sin clasificar
Microsoft
CVE-2026-46142 net: libwx: fix VF illegal register access
Information published.
CVE-2026-46142
Sin clasificar
Microsoft
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
Information published.
CVE-2026-46121
Sin clasificar
Microsoft
CVE-2026-46144 RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()
Information published.
CVE-2026-46144
Sin clasificar
Microsoft
CVE-2026-46184 sound: ua101: fix division by zero at probe
Information published.
CVE-2026-46184
Sin clasificar
Microsoft
CVE-2026-46174 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache
Information published.
CVE-2026-46174
Sin clasificar
Microsoft
CVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacks
Information published.
CVE-2026-46193
Sin clasificar
Microsoft
CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs
Information published.
CVE-2026-41184
Sin clasificar
Windows
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-26168
Sin clasificar
Windows
CVE-2026-24293 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-24293
Sin clasificar
Windows
CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-41088
Sin clasificar
Dynamics
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Updated an acknowledgement. This is an informational change only.
CVE-2026-42898
Baja
Microsoft
CVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary check
Information published.
CVE-2026-46062
Sin clasificar
Microsoft
CVE-2026-45930 net: mctp: ensure our nlmsg responses are initialised
Information published.
CVE-2026-45930
Sin clasificar
Microsoft
CVE-2026-46021 thermal: core: Fix thermal zone governor cleanup issues
Information published.
CVE-2026-46021
Sin clasificar
Microsoft
CVE-2026-46084 RDMA/mana_ib: Disable RX steering on RSS QP destroy
Information published.
CVE-2026-46084
Sin clasificar
Microsoft
CVE-2026-46004 ALSA: caiaq: Handle probe errors properly
Information published.
CVE-2026-46004
Sin clasificar
Microsoft
CVE-2026-46080 ocfs2: split transactions in dio completion to avoid credit exhaustion
Information published.
CVE-2026-46080
Sin clasificar
Microsoft
CVE-2026-45894 iommu/vt-d: Clear Present bit before tearing down PASID entry
Information published.
CVE-2026-45894
Sin clasificar
Microsoft
CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies
Information published.
CVE-2026-45840
Sin clasificar
Microsoft
CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks
Information published.
CVE-2026-46054
Sin clasificar
Microsoft
CVE-2026-45991 udf: fix partition descriptor append bookkeeping
Information published.
CVE-2026-45991
Sin clasificar
Microsoft
CVE-2026-46053 net: rds: fix MR cleanup on copy error
Information published.
CVE-2026-46053
Sin clasificar
Microsoft
CVE-2026-45835 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()
Information published.
CVE-2026-45835
Sin clasificar
Microsoft
CVE-2026-45834 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()
Information published.
CVE-2026-45834
Sin clasificar
Microsoft
CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given
Information published.
CVE-2026-45932
Sin clasificar
Microsoft
CVE-2026-45839 bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()
Information published.
CVE-2026-45839
Sin clasificar
Microsoft
CVE-2026-45940 net: stmmac: fix oops when split header is enabled
Information published.
CVE-2026-45940
Sin clasificar
Microsoft
CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory
Information published.
CVE-2026-45893
Sin clasificar
Microsoft
CVE-2026-46017 mm: fix deferred split queue races during migration
Information published.
CVE-2026-46017
Sin clasificar
Microsoft
CVE-2026-45986 crypto: ccree - fix a memory leak in cc_mac_digest()
Information published.
CVE-2026-45986
Sin clasificar
Microsoft
CVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()
Information published.
CVE-2026-46047
Sin clasificar
Microsoft
CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks
Information published.
CVE-2026-45850
Sin clasificar
Microsoft
CVE-2026-46052 ceph: only d_add() negative dentries when they are unhashed
Information published.
CVE-2026-46052
Sin clasificar
Microsoft
CVE-2026-46009 PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown
Information published.
CVE-2026-46009
Sin clasificar
Microsoft
CVE-2026-46043 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
Information published.
CVE-2026-46043
Sin clasificar
Microsoft
CVE-2026-46069 wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()
Information published.
CVE-2026-46069
Sin clasificar
Microsoft
CVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation
Information published.
CVE-2026-45859
Sin clasificar
Microsoft
CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT
Information published.
CVE-2026-46032
Sin clasificar
Microsoft
CVE-2026-46086 net: bridge: use a stable FDB dst snapshot in RCU readers
Information published.
CVE-2026-46086
Sin clasificar
Microsoft
CVE-2026-45861 gfs2: Fix slab-use-after-free in qd_put
Information published.
CVE-2026-45861
Sin clasificar
Microsoft
CVE-2026-46056 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
Information published.
CVE-2026-46056
Sin clasificar
Microsoft
CVE-2026-45998 rxrpc: Fix potential UAF after skb_unshare() failure
Information published.
CVE-2026-45998
Baja
Microsoft
CVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()
Information published.
CVE-2026-46023
Baja
Microsoft
CVE-2026-46006 drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
Information published.
CVE-2026-46006
Sin clasificar
Microsoft
CVE-2026-46219 spi: mpc52xx: fix use-after-free on unbind
Information published.
CVE-2026-46219
Sin clasificar
Microsoft
CVE-2026-46214 vsock/virtio: fix accept queue count leak on transport mismatch
Information published.
CVE-2026-46214
Sin clasificar
Microsoft
CVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-race
Information published.
CVE-2026-46137
Sin clasificar
Microsoft
CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length
Information published.
CVE-2026-46186
Sin clasificar
Microsoft
CVE-2026-46172 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()
Information published.
CVE-2026-46172
Sin clasificar
Microsoft
CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt
Information published.
CVE-2026-46168
Sin clasificar
Microsoft
CVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX path
Information published.
CVE-2026-46163
Baja
Microsoft
CVE-2026-46131 KVM: x86: check for nEPT/nNPT in slow flush hypercalls
Information published.
CVE-2026-46131
Sin clasificar
Microsoft
CVE-2026-46110 net: stmmac: Prevent NULL deref when RX memory exhausted
Information published.
CVE-2026-46110
Sin clasificar
Microsoft
CVE-2026-46128 ipmi: Check event message buffer response for bad data
Information published.
CVE-2026-46128
Sin clasificar
Microsoft
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Information published.
CVE-2026-42250
Sin clasificar
Microsoft
CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails
Information published.
CVE-2026-46191
Sin clasificar
Microsoft
CVE-2026-46159 btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak
Information published.
CVE-2026-46159
Sin clasificar
Microsoft
CVE-2026-46226 spi: fsl: fix controller deregistration
Information published.
CVE-2026-46226
Sin clasificar
Microsoft
CVE-2026-46165 openvswitch: vport: fix self-deadlock on release of tunnel ports
Information published.
CVE-2026-46165
Sin clasificar
Microsoft
CVE-2026-46158 mptcp: pm: ADD_ADDR rtx: always decrease sk refcount
Information published.
CVE-2026-46158
Sin clasificar
Microsoft
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
Information published.
CVE-2026-46232
Sin clasificar
Microsoft
CVE-2026-46197 drm/amdkfd: validate SVM ioctl nattr against buffer size
Information published.
CVE-2026-46197
Sin clasificar
Microsoft
CVE-2026-46220 drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
Information published.
CVE-2026-46220
Baja
Microsoft
CVE-2026-46107 dm-thin: fix metadata refcount underflow
Information published.
CVE-2026-46107
Sin clasificar
Microsoft
CVE-2026-46176 RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()
Information published.
CVE-2026-46176
Sin clasificar
Microsoft
CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
Information published.
CVE-2026-46149
Sin clasificar
Microsoft
CVE-2026-46208 batman-adv: stop tp_meter sessions during mesh teardown
Information published.
CVE-2026-46208
Sin clasificar
Microsoft
CVE-2026-46116 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
Information published.
CVE-2026-46116
Sin clasificar
Microsoft
CVE-2026-46225 spi: rspi: fix controller deregistration
Information published.
CVE-2026-46225
Media
Microsoft
CVE-2026-46236 media: rc: xbox_remote: heed DMA restrictions
Information published.
CVE-2026-46236
Sin clasificar
Microsoft
CVE-2026-46164 btrfs: fix double free in create_space_info_sub_group() error path
Information published.
CVE-2026-46164
Media
Microsoft
CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups
Information published.
CVE-2026-46235
Sin clasificar
Microsoft
CVE-2026-46127 RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()
Information published.
CVE-2026-46127
Sin clasificar
Microsoft
CVE-2026-46177 ipmi: Add limits to event and receive message requests
Information published.
CVE-2026-46177
Sin clasificar
Microsoft
CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()
Information published.
CVE-2026-46155
Sin clasificar
Microsoft
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
Information published.
CVE-2026-46157
Baja
Microsoft
CVE-2026-46136 wifi: mt76: mt7921: fix a potential clc buffer length underflow
Information published.
CVE-2026-46136
Sin clasificar
Microsoft
CVE-2026-46132 net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo
Information published.
CVE-2026-46132
Sin clasificar
Microsoft
CVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if last
Information published.
CVE-2026-46170
Sin clasificar
Microsoft
CVE-2026-46190 mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
Information published.
CVE-2026-46190
Sin clasificar
Microsoft
CVE-2026-46230 drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg
Information published.
CVE-2026-46230
Sin clasificar
Microsoft
CVE-2026-46175 f2fs: fix fsck inconsistency caused by FGGC of node block
Information published.
CVE-2026-46175
Sin clasificar
Microsoft
CVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_put
Information published.
CVE-2026-46123
Sin clasificar
Microsoft
CVE-2026-46238 batman-adv: stop caching unowned originator pointers in BAT IV
Information published.
CVE-2026-46238
Sin clasificar
Microsoft
CVE-2026-46120 ip6_gre: Use cached t->net in ip6erspan_changelink().
Information published.
CVE-2026-46120
Sin clasificar
Microsoft
CVE-2026-46108 ipmi:si: Return state to normal if message allocation fails
Information published.
CVE-2026-46108
Sin clasificar
Microsoft
CVE-2026-46152 wifi: mac80211: drop stray 'static' from fast-RX rx_result
Information published.
CVE-2026-46152
Sin clasificar
Microsoft
CVE-2026-46112 RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
Information published.
CVE-2026-46112
Sin clasificar
Microsoft
CVE-2026-46114 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads
Information published.
CVE-2026-46114
Sin clasificar
Microsoft
CVE-2026-46122 wifi: b43: enforce bounds check on firmware key index in b43_rx()
Information published.
CVE-2026-46122
Sin clasificar
Microsoft
CVE-2026-46146 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()
Information published.
CVE-2026-46146
Sin clasificar
Microsoft
CVE-2026-46125 wifi: mac80211: remove station if connection prep fails
Information published.
CVE-2026-46125
Sin clasificar
Microsoft
CVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
Information published.
CVE-2026-46227
Sin clasificar
Microsoft
CVE-2026-46153 8021q: delete cleared egress QoS mappings
Information published.
CVE-2026-46153
Sin clasificar
Microsoft
CVE-2026-46150 fanotify: fix false positive on permission events
Information published.
CVE-2026-46150
Sin clasificar
Microsoft
CVE-2026-46241 spi: mpc52xx: fix use-after-free on registration failure
Information published.
CVE-2026-46241
Sin clasificar
Microsoft
CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()
Information published.
CVE-2026-46147
Sin clasificar
Microsoft
CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown
Information published.
CVE-2026-46135
Sin clasificar
Microsoft
CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory
Information published.
CVE-2026-42496
Sin clasificar
Microsoft
CVE-2026-46189 RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
Information published.
CVE-2026-46189
Baja
Microsoft
CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Information published.
CVE-2026-9538
Sin clasificar
Microsoft
CVE-2026-46199 drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg
Information published.
CVE-2026-46199
Sin clasificar
Microsoft
CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response
Information published.
CVE-2026-46151
Sin clasificar
Microsoft
CVE-2026-42497 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory
Information published.
CVE-2026-42497
Sin clasificar
Microsoft
CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget
Information published.
CVE-2026-46124
Sin clasificar
Microsoft
CVE-2026-46106 eventfs: Hold eventfs_mutex and SRCU when remount walks events
Information published.
CVE-2026-46106
Sin clasificar
Microsoft
CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
Information published.
CVE-2026-46181
Sin clasificar
Microsoft
CVE-2026-46178 RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()
Information published.
CVE-2026-46178
Sin clasificar
Microsoft
CVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()
Information published.
CVE-2026-45989
Media
Microsoft
CVE-2026-46091 media: rc: igorplugusb: heed coherency rules
Information published.
CVE-2026-46091
Sin clasificar
Microsoft
CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()
Information published.
CVE-2026-45846
Sin clasificar
Microsoft
CVE-2026-46089 zram: do not forget to endio for partial discard requests
Information published.
CVE-2026-46089
Sin clasificar
Microsoft
CVE-2026-46033 crypto: authencesn - reject short ahash digests during instance creation
Information published.
CVE-2026-46033
Sin clasificar
Microsoft
CVE-2026-46044 ipmi:ssif: Clean up kthread on errors
Information published.
CVE-2026-46044
Sin clasificar
Microsoft
CVE-2026-46072 ntfs3: add buffer boundary checks to run_unpack()
Information published.
CVE-2026-46072
Sin clasificar
Microsoft
CVE-2026-46099 net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
Information published.
CVE-2026-46099
Sin clasificar
Microsoft
CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation
Information published.
CVE-2026-45934
Sin clasificar
Microsoft
CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop
Information published.
CVE-2026-46090
Sin clasificar
Microsoft
CVE-2026-45993 LoongArch: Add spectre boundry for syscall dispatch table
Information published.
CVE-2026-45993
Sin clasificar
Microsoft
CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
Information published.
CVE-2026-46076
Sin clasificar
Microsoft
CVE-2026-46094 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access
Information published.
CVE-2026-46094
Sin clasificar
Microsoft
CVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insert
Information published.
CVE-2026-46231
Sin clasificar
Microsoft
CVE-2026-46200 spi: mpc52xx: fix controller deregistration
Information published.
CVE-2026-46200
Sin clasificar
Microsoft
CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
Information published.
CVE-2026-46209
Sin clasificar
Microsoft
CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually
Information published.
CVE-2026-46148
Baja
Microsoft
CVE-2026-46198 batman-adv: fix integer overflow on buff_pos
Information published.
CVE-2026-46198
Sin clasificar
Microsoft
CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync
Information published.
CVE-2026-46111
Sin clasificar
Microsoft
CVE-2026-46195 smb: client: validate dacloffset before building DACL pointers
Information published.
CVE-2026-46195
Sin clasificar
Microsoft
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback
Information published.
CVE-2026-46194
Sin clasificar
Microsoft
CVE-2026-46109 usb: ulpi: fix memory leak on ulpi_register() error paths
Information published.
CVE-2026-46109
Sin clasificar
Microsoft
CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
Information published.
CVE-2026-46229
Sin clasificar
Microsoft
CVE-2026-46173 exit: prevent preemption of oopsing TASK_DEAD task
Information published.
CVE-2026-46173
Sin clasificar
Microsoft
CVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directory
Information published.
CVE-2026-46160
Sin clasificar
Microsoft
CVE-2026-46180 wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task
Information published.
CVE-2026-46180
Sin clasificar
Microsoft
CVE-2026-46115 block: add pgmap check to biovec_phys_mergeable
Information published.
CVE-2026-46115
Sin clasificar
Microsoft
CVE-2026-46185 smb/client: fix out-of-bounds read in symlink_data()
Information published.
CVE-2026-46185
Sin clasificar
Microsoft
CVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
Information published.
CVE-2026-46161
Sin clasificar
Microsoft
CVE-2026-46212 batman-adv: bla: prevent use-after-free when deleting claims
Information published.
CVE-2026-46212
Media
Microsoft
CVE-2026-46205 staging: media: atomisp: Disallow all private IOCTLs
Information published.
CVE-2026-46205
Sin clasificar
Microsoft
CVE-2026-46234 vsock: fix buffer size clamping order
Information published.
CVE-2026-46234
Sin clasificar
Microsoft
CVE-2026-46171 riscv: kvm: fix vector context allocation leak
Information published.
CVE-2026-46171
Baja
Microsoft
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams
Information published.
CVE-2026-46179
Sin clasificar
Microsoft
CVE-2026-46196 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()
Information published.
CVE-2026-46196
Sin clasificar
Microsoft
CVE-2026-46143 ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens
Information published.
CVE-2026-46143
Sin clasificar
Microsoft
CVE-2026-46145 RDMA/mana: Validate rx_hash_key_len
Information published.
CVE-2026-46145
Sin clasificar
Microsoft
CVE-2026-46133 RDMA/rxe: Reject unknown opcodes before ICRC processing
Information published.
CVE-2026-46133
Sin clasificar
Microsoft
CVE-2026-46129 btrfs: fix double free in create_space_info() error path
Information published.
CVE-2026-46129
Sin clasificar
Microsoft
CVE-2026-46218 drm/amdgpu: Add bounds checking to ib_{get,set}_value
Information published.
CVE-2026-46218
Sin clasificar
Microsoft
CVE-2026-46204 drm/amdgpu/vcn4: Prevent OOB reads when parsing IB
Information published.
CVE-2026-46204
Sin clasificar
Microsoft
CVE-2026-46233 batman-adv: bla: only purge non-released claims
Information published.
CVE-2026-46233
Sin clasificar
Microsoft
CVE-2026-46156 LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()
Information published.
CVE-2026-46156
Sin clasificar
Microsoft
CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt
Information published.
CVE-2026-46138
Sin clasificar
Microsoft
CVE-2026-46187 wifi: rsi: fix kthread lifetime race between self-exit and external-stop
Information published.
CVE-2026-46187
Sin clasificar
Microsoft
CVE-2026-46167 usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl
Information published.
CVE-2026-46167
Sin clasificar
Microsoft
CVE-2026-46113 KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
Information published.
CVE-2026-46113
Sin clasificar
Microsoft
CVE-2026-46206 batman-adv: reject new tp_meter sessions during teardown
Information published.
CVE-2026-46206
Sin clasificar
Microsoft
CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3)
Information published.
CVE-2026-46130
Sin clasificar
Microsoft
CVE-2026-46119 libceph: Fix slab-out-of-bounds access in auth message processing
Information published.
CVE-2026-46119
Sin clasificar
Microsoft
CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size
Information published.
CVE-2026-46169
Sin clasificar
Microsoft
CVE-2026-46142 net: libwx: fix VF illegal register access
Information published.
CVE-2026-46142
Sin clasificar
Microsoft
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
Information published.
CVE-2026-46121
Sin clasificar
Microsoft
CVE-2026-46144 RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()
Information published.
CVE-2026-46144
Sin clasificar
Microsoft
CVE-2026-46184 sound: ua101: fix division by zero at probe
Information published.
CVE-2026-46184
Sin clasificar
Microsoft
CVE-2026-46174 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache
Information published.
CVE-2026-46174
Sin clasificar
Microsoft
CVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacks
Information published.
CVE-2026-46193
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Information published.
CVE-2026-27136
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Baja
Microsoft
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Information published.
CVE-2026-46597
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Information published.
CVE-2026-39828
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Baja
Microsoft
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Information published.
CVE-2026-9150
Baja
Microsoft
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
Information published.
CVE-2026-9149
Sin clasificar
Microsoft
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Information published.
CVE-2026-5222
Sin clasificar
Microsoft
CVE-2026-46050 md/raid10: fix deadlock with check operation and nowait requests
Information published.
CVE-2026-46050
Media
Microsoft
CVE-2026-46011 media: mtk-jpeg: fix use-after-free in release path due to uncancelled work
Information published.
CVE-2026-46011
Sin clasificar
Microsoft
CVE-2026-45877 HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients
Information published.
CVE-2026-45877
Sin clasificar
Microsoft
CVE-2026-45917 ipvs: do not keep dest_dst if dev is going down
Information published.
CVE-2026-45917
Sin clasificar
Microsoft
CVE-2026-45841 netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO
Information published.
CVE-2026-45841
Baja
Microsoft
CVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary check
Information published.
CVE-2026-46062
Sin clasificar
Microsoft
CVE-2026-46005 xfs: fix a resource leak in xfs_alloc_buftarg()
Information published.
CVE-2026-46005
Sin clasificar
Microsoft
CVE-2026-45930 net: mctp: ensure our nlmsg responses are initialised
Information published.
CVE-2026-45930
Sin clasificar
Microsoft
CVE-2026-46021 thermal: core: Fix thermal zone governor cleanup issues
Information published.
CVE-2026-46021
Sin clasificar
Microsoft
CVE-2026-46037 ipv4: icmp: validate reply type before using icmp_pointers
Information published.
CVE-2026-46037
Sin clasificar
Microsoft
CVE-2026-46084 RDMA/mana_ib: Disable RX steering on RSS QP destroy
Information published.
CVE-2026-46084
Sin clasificar
Microsoft
CVE-2026-46012 rxrpc: Fix memory leaks in rxkad_verify_response()
Information published.
CVE-2026-46012
Sin clasificar
Microsoft
CVE-2026-46085 rxrpc: Fix rxkad crypto unalignment handling
Information published.
CVE-2026-46085
Sin clasificar
Microsoft
CVE-2026-46059 KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN
Information published.
CVE-2026-46059
Sin clasificar
Microsoft
CVE-2026-46004 ALSA: caiaq: Handle probe errors properly
Information published.
CVE-2026-46004
Sin clasificar
Microsoft
CVE-2026-45901 netfilter: nf_tables: revert commit_mutex usage in reset path
Information published.
CVE-2026-45901
Sin clasificar
Microsoft
CVE-2026-46080 ocfs2: split transactions in dio completion to avoid credit exhaustion
Information published.
CVE-2026-46080
Sin clasificar
Microsoft
CVE-2026-45894 iommu/vt-d: Clear Present bit before tearing down PASID entry
Information published.
CVE-2026-45894
Sin clasificar
Microsoft
CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies
Information published.
CVE-2026-45840
Sin clasificar
Microsoft
CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks
Information published.
CVE-2026-46054
Sin clasificar
Microsoft
CVE-2026-45991 udf: fix partition descriptor append bookkeeping
Information published.
CVE-2026-45991
Sin clasificar
Microsoft
CVE-2026-46027 net/smc: avoid early lgr access in smc_clc_wait_msg
Information published.
CVE-2026-46027
Sin clasificar
Microsoft
CVE-2026-46088 ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()
Information published.
CVE-2026-46088
Sin clasificar
Microsoft
CVE-2026-46051 md/raid5: fix soft lockup in retry_aligned_read()
Information published.
CVE-2026-46051
Sin clasificar
Microsoft
CVE-2026-46053 net: rds: fix MR cleanup on copy error
Information published.
CVE-2026-46053
Sin clasificar
Microsoft
CVE-2026-46018 ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES
Information published.
CVE-2026-46018
Sin clasificar
Microsoft
CVE-2026-45835 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()
Information published.
CVE-2026-45835
Sin clasificar
Microsoft
CVE-2026-45834 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()
Information published.
CVE-2026-45834
Sin clasificar
Microsoft
CVE-2026-45944 iommu/vt-d: Clear Present bit before tearing down context entry
Information published.
CVE-2026-45944
Sin clasificar
Microsoft
CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given
Information published.
CVE-2026-45932
Sin clasificar
Microsoft
CVE-2026-45836 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()
Information published.
CVE-2026-45836
Sin clasificar
Microsoft
CVE-2026-45961 gfs2: fix memory leaks in gfs2_fill_super error path
Information published.
CVE-2026-45961
Sin clasificar
Microsoft
CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments
Information published.
CVE-2026-44844
Sin clasificar
Microsoft
CVE-2026-45839 bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()
Information published.
CVE-2026-45839
Sin clasificar
Microsoft
CVE-2026-45940 net: stmmac: fix oops when split header is enabled
Information published.
CVE-2026-45940
Sin clasificar
Microsoft
CVE-2026-44708 Mistune Math Plugin XSS Escape Bypass
Information published.
CVE-2026-44708
Sin clasificar
Microsoft
CVE-2026-44897 Mistune Heading ID Attribute Injection XSS
Information published.
CVE-2026-44897
Sin clasificar
Microsoft
CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory
Information published.
CVE-2026-45893
Sin clasificar
Microsoft
CVE-2026-45943 erofs: fix inline data read failure for ztailpacking pclusters
Information published.
CVE-2026-45943
Sin clasificar
Microsoft
CVE-2026-46017 mm: fix deferred split queue races during migration
Information published.
CVE-2026-46017
Sin clasificar
Microsoft
CVE-2026-45897 netfilter: nft_counter: serialize reset with spinlock
Information published.
CVE-2026-45897
Sin clasificar
Microsoft
CVE-2026-45997 scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails
Information published.
CVE-2026-45997
Sin clasificar
Microsoft
CVE-2026-45986 crypto: ccree - fix a memory leak in cc_mac_digest()
Information published.
CVE-2026-45986
Sin clasificar
Microsoft
CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()
Information published.
CVE-2026-47104
Sin clasificar
Microsoft
CVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()
Information published.
CVE-2026-46047
Sin clasificar
Microsoft
CVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directories
Information published.
CVE-2026-45571
Sin clasificar
Microsoft
CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks
Information published.
CVE-2026-45850
Sin clasificar
Microsoft
CVE-2026-46052 ceph: only d_add() negative dentries when they are unhashed
Information published.
CVE-2026-46052
Sin clasificar
Microsoft
CVE-2026-46009 PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown
Information published.
CVE-2026-46009
Sin clasificar
Microsoft
CVE-2026-46070 md/raid5: validate payload size before accessing journal metadata
Information published.
CVE-2026-46070
Sin clasificar
Microsoft
CVE-2026-46043 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
Information published.
CVE-2026-46043
Sin clasificar
Microsoft
CVE-2026-45994 ibmasm: fix OOB reads in command_file_write due to missing size checks
Information published.
CVE-2026-45994
Sin clasificar
Microsoft
CVE-2026-46069 wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()
Information published.
CVE-2026-46069
Sin clasificar
Microsoft
CVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation
Information published.
CVE-2026-45859
Sin clasificar
Microsoft
CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT
Information published.
CVE-2026-46032
Sin clasificar
Microsoft
CVE-2026-46101 netfilter: reject zero shift in nft_bitwise
Information published.
CVE-2026-46101
Sin clasificar
Microsoft
CVE-2026-46014 KVM: SVM: Add missing save/restore handling of LBR MSRs
Information published.
CVE-2026-46014
Sin clasificar
Microsoft
CVE-2026-45845 net/sched: taprio: fix NULL pointer dereference in class dump
Information published.
CVE-2026-45845
Sin clasificar
Microsoft
CVE-2026-46086 net: bridge: use a stable FDB dst snapshot in RCU readers
Information published.
CVE-2026-46086
Sin clasificar
Microsoft
CVE-2026-46065 fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info
Information published.
CVE-2026-46065
Sin clasificar
Microsoft
CVE-2026-46098 net: caif: clear client service pointer on teardown
Information published.
CVE-2026-46098
Sin clasificar
Microsoft
CVE-2026-45861 gfs2: Fix slab-use-after-free in qd_put
Information published.
CVE-2026-45861
Sin clasificar
Microsoft
CVE-2026-46077 crypto: atmel-tdes - fix DMA sync direction
Information published.
CVE-2026-46077
Sin clasificar
Microsoft
CVE-2026-46063 x86/shstk: Prevent deadlock during shstk sigreturn
Information published.
CVE-2026-46063
Sin clasificar
Microsoft
CVE-2026-46056 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
Information published.
CVE-2026-46056
Sin clasificar
Microsoft
CVE-2026-45956 drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()
Information published.
CVE-2026-45956
Sin clasificar
Microsoft
CVE-2026-46068 crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
Information published.
CVE-2026-46068
Sin clasificar
Microsoft
CVE-2026-45843 slip: bound decode() reads against the compressed packet length
Information published.
CVE-2026-45843
Sin clasificar
Microsoft
CVE-2026-46024 libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()
Information published.
CVE-2026-46024
Sin clasificar
Microsoft
CVE-2026-45963 ASoC: nau8821: Cancel delayed work on component remove
Information published.
CVE-2026-45963
Sin clasificar
Microsoft
CVE-2026-45998 rxrpc: Fix potential UAF after skb_unshare() failure
Information published.
CVE-2026-45998
Baja
Microsoft
CVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()
Information published.
CVE-2026-46023
Sin clasificar
Microsoft
CVE-2026-45844 netfilter: arp_tables: fix IEEE1394 ARP payload parsing
Information published.
CVE-2026-45844
Sin clasificar
Microsoft
CVE-2026-45892 ext4: drop extent cache after doing PARTIAL_VALID1 zeroout
Information published.
CVE-2026-45892
Sin clasificar
Microsoft
CVE-2026-46022 misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()
Information published.
CVE-2026-46022
Sin clasificar
Microsoft
CVE-2026-46102 net: strparser: fix skb_head leak in strp_abort_strp()
Information published.
CVE-2026-46102
Sin clasificar
Microsoft
CVE-2026-46016 remoteproc: xlnx: Only access buffer information if IPI is buffered
Information published.
CVE-2026-46016
Sin clasificar
Microsoft
CVE-2026-46000 rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
Information published.
CVE-2026-46000
Sin clasificar
Microsoft
CVE-2025-71305 drm/display/dp_mst: Add protection against 0 vcpi
Information published.
CVE-2025-71305
Baja
Microsoft
CVE-2026-46006 drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
Information published.
CVE-2026-46006
Sin clasificar
Microsoft
CVE-2026-46003 net: qrtr: ns: Limit the total number of nodes
Information published.
CVE-2026-46003
Sin clasificar
Microsoft
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
CVE-2026-25680
Sin clasificar
Microsoft
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Information published.
CVE-2026-5223
Sin clasificar
Microsoft
CVE-2026-46048 ALSA: caiaq: fix usb_dev refcount leak on probe failure
Information published.
CVE-2026-46048
Sin clasificar
Microsoft
CVE-2026-46002 ext2: reject inodes with zero i_nlink and valid mode in ext2_iget()
Information published.
CVE-2026-46002
Sin clasificar
Microsoft
CVE-2026-46078 erofs: fix the out-of-bounds nameoff handling for trailing dirents
Information published.
CVE-2026-46078
Sin clasificar
Microsoft
CVE-2026-46064 ibmasm: fix heap over-read in ibmasm_send_i2o_message()
Information published.
CVE-2026-46064
Sin clasificar
Microsoft
CVE-2026-46075 crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path
Information published.
CVE-2026-46075
Sin clasificar
Microsoft
CVE-2026-45973 RDMA/mlx5: Fix UMR hang in LAG error state unload
Information published.
CVE-2026-45973
Sin clasificar
Microsoft
CVE-2026-45838 bpf: fix end-of-list detection in cgroup_storage_get_next_key()
Information published.
CVE-2026-45838
Sin clasificar
Microsoft
CVE-2026-45899 ext4: drop extent cache when splitting extent fails
Information published.
CVE-2026-45899
Sin clasificar
Microsoft
CVE-2026-46071 KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12
Information published.
CVE-2026-46071
Sin clasificar
Microsoft
CVE-2026-46049 ALSA: ctxfi: Add fallback to default RSR for S/PDIF
Information published.
CVE-2026-46049
Sin clasificar
Microsoft
CVE-2026-46066 ceph: fix num_ops off-by-one when crypto allocation fails
Information published.
CVE-2026-46066
Sin clasificar
Microsoft
CVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()
Information published.
CVE-2026-45989
Sin clasificar
Microsoft
CVE-2026-45855 ata: libata-scsi: avoid Non-NCQ command starvation
Information published.
CVE-2026-45855
Media
Microsoft
CVE-2026-46058 media: amphion: Fix race between m2m job_abort and device_run
Information published.
CVE-2026-46058
Sin clasificar
Microsoft
CVE-2026-46031 net: ks8851: Reinstate disabling of BHs around IRQ handler
Information published.
CVE-2026-46031
Sin clasificar
Microsoft
CVE-2026-45912 ext4: don't cache extent during splitting extent
Information published.
CVE-2026-45912
Baja
Microsoft
CVE-2026-45999 erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()
Information published.
CVE-2026-45999
Sin clasificar
Microsoft
CVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directive
Information published.
CVE-2026-44896
Media
Microsoft
CVE-2026-46091 media: rc: igorplugusb: heed coherency rules
Information published.
CVE-2026-46091
Sin clasificar
Microsoft
CVE-2026-45958 drm/exynos: vidi: fix to avoid directly dereferencing user pointer
Information published.
CVE-2026-45958
Sin clasificar
Microsoft
CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()
Information published.
CVE-2026-45846
Sin clasificar
Microsoft
CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability
Information published.
CVE-2026-44899
Sin clasificar
Microsoft
CVE-2026-44898 Mistune TOC Anchor Injection XSS
Information published.
CVE-2026-44898
Sin clasificar
Microsoft
CVE-2026-46089 zram: do not forget to endio for partial discard requests
Information published.
CVE-2026-46089
Sin clasificar
Microsoft
CVE-2026-46033 crypto: authencesn - reject short ahash digests during instance creation
Information published.
CVE-2026-46033
Sin clasificar
Microsoft
CVE-2026-46046 ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()
Information published.
CVE-2026-46046
Sin clasificar
Microsoft
CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()
Information published.
CVE-2026-23679
Sin clasificar
Microsoft
CVE-2026-45570 go-git: Improper single-quote escaping in go-git SSH transport
Information published.
CVE-2026-45570
Sin clasificar
Microsoft
CVE-2026-46038 net: qrtr: ns: Free the node during ctrl_cmd_bye()
Information published.
CVE-2026-46038
Sin clasificar
Microsoft
CVE-2026-46040 inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails
Information published.
CVE-2026-46040
Sin clasificar
Microsoft
CVE-2026-45988 rxrpc: Fix re-decryption of RESPONSE packets
Information published.
CVE-2026-45988
Sin clasificar
Microsoft
CVE-2026-45996 spi: imx: fix use-after-free on unbind
Information published.
CVE-2026-45996
Sin clasificar
Microsoft
CVE-2026-45942 ext4: fix e4b bitmap inconsistency reports
Information published.
CVE-2026-45942
Sin clasificar
Microsoft
CVE-2026-46019 crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup
Information published.
CVE-2026-46019
Sin clasificar
Microsoft
CVE-2026-46103 can: ucan: fix devres lifetime
Information published.
CVE-2026-46103
Sin clasificar
Microsoft
CVE-2026-46092 wifi: rtw88: check for PCI upstream bridge existence
Information published.
CVE-2026-46092
Sin clasificar
Microsoft
CVE-2026-45842 slip: reject VJ receive packets on instances with no rstate array
Information published.
CVE-2026-45842
Sin clasificar
Microsoft
CVE-2026-45949 hwrng: core - use RCU and work_struct to fix race condition
Information published.
CVE-2026-45949
Sin clasificar
Microsoft
CVE-2026-46044 ipmi:ssif: Clean up kthread on errors
Information published.
CVE-2026-46044
Sin clasificar
Microsoft
CVE-2026-46072 ntfs3: add buffer boundary checks to run_unpack()
Information published.
CVE-2026-46072
Sin clasificar
Microsoft
CVE-2026-46079 rbd: fix null-ptr-deref when device_add_disk() fails
Information published.
CVE-2026-46079
Sin clasificar
Microsoft
CVE-2026-46099 net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
Information published.
CVE-2026-46099
Sin clasificar
Microsoft
CVE-2026-46083 spi: fix resource leaks on device setup failure
Information published.
CVE-2026-46083
Sin clasificar
Microsoft
CVE-2026-45987 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2
Information published.
CVE-2026-45987
Sin clasificar
Microsoft
CVE-2026-46015 tcp: call sk_data_ready() after listener migration
Information published.
CVE-2026-46015
Sin clasificar
Microsoft
CVE-2026-45858 ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1
Information published.
CVE-2026-45858
Sin clasificar
Microsoft
CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation
Information published.
CVE-2026-45934
Sin clasificar
Microsoft
CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop
Information published.
CVE-2026-46090
Sin clasificar
Microsoft
CVE-2026-46082 KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0
Information published.
CVE-2026-46082
Sin clasificar
Microsoft
CVE-2026-45993 LoongArch: Add spectre boundry for syscall dispatch table
Information published.
CVE-2026-45993
Sin clasificar
Microsoft
CVE-2026-46026 net: qrtr: ns: Limit the maximum number of lookups
Information published.
CVE-2026-46026
Sin clasificar
Microsoft
CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
Information published.
CVE-2026-46076
Sin clasificar
Microsoft
CVE-2026-46094 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access
Information published.
CVE-2026-46094
Sin clasificar
Microsoft
CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
Information published.
CVE-2026-40226
Sin clasificar
Microsoft
CVE-2026-40225 In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
Information published.
CVE-2026-40225
Sin clasificar
Microsoft
CVE-2026-4893 CVE-2026-4893
Information published.
CVE-2026-4893
Sin clasificar
Microsoft
CVE-2026-2291 CVE-2026-2291
Information published.
CVE-2026-2291
Sin clasificar
Microsoft
CVE-2026-5172 CVE-2026-5172
Information published.
CVE-2026-5172
Sin clasificar
Microsoft
CVE-2026-4890 CVE-2026-4890
Information published.
CVE-2026-4890
Sin clasificar
Microsoft
CVE-2026-43503 net: skbuff: propagate shared-frag marker through frag-transfer helpers
Information published.
CVE-2026-43503
Sin clasificar
Microsoft
CVE-2026-46300 net: skbuff: preserve shared-frag marker during coalescing
Information published.
CVE-2026-46300
Sin clasificar
Microsoft
CVE-2026-41401 libyang - Heap Use-After-Free Write in XML Metadata Parsing
Information published.
CVE-2026-41401
Sin clasificar
Microsoft
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42506
Baja
Windows
CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows
Information published.
CVE-2026-39824
Sin clasificar
Microsoft
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Information published.
CVE-2026-42502
Sin clasificar
Microsoft
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Information published.
CVE-2026-27136
Sin clasificar
Microsoft
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Information published.
CVE-2026-25681
Sin clasificar
Microsoft
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39829
Sin clasificar
Microsoft
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
Information published.
CVE-2026-39830
Baja
Microsoft
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Information published.
CVE-2026-46597
Sin clasificar
Microsoft
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
Information published.
CVE-2026-39831
Sin clasificar
Microsoft
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Information published.
CVE-2026-39827
Sin clasificar
Microsoft
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
CVE-2026-39835
Sin clasificar
Microsoft
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
Information published.
CVE-2026-39834
Sin clasificar
Microsoft
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Information published.
CVE-2026-39828
Sin clasificar
Microsoft
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-46598
Sin clasificar
Microsoft
CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
Information published.
CVE-2026-46595
Sin clasificar
Microsoft
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-39833
Sin clasificar
Microsoft
CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
Information published.
CVE-2026-42508
Baja
Microsoft
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Information published.
CVE-2026-9150
Baja
Microsoft
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
Information published.
CVE-2026-9149
Sin clasificar
Microsoft
CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability
Information published.
CVE-2026-9256
Sin clasificar
Microsoft
CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Information published.
CVE-2026-6402
Sin clasificar
Microsoft
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Information published.
CVE-2026-5222
Sin clasificar
Microsoft
CVE-2026-4891 CVE-2026-4891
Information published.
CVE-2026-4891
Sin clasificar
Microsoft
CVE-2026-8711 NGINX JavaScript vulnerability
Information published.
CVE-2026-8711
Baja
Microsoft
CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds
Information published.
CVE-2026-8376
Sin clasificar
Microsoft
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Information published.
CVE-2026-39821
Sin clasificar
Microsoft
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Information published.
CVE-2026-25680
Sin clasificar
Microsoft
CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
Information published.
CVE-2026-39832
Sin clasificar
Microsoft
CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
Information published.
CVE-2026-8466
Sin clasificar
Microsoft
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Information published.
CVE-2026-5223
Sin clasificar
Microsoft Edge
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CWE added. Informational change only.
CVE-2026-45495
Sin clasificar
Defender
CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability
CWE added. Informational change only.
CVE-2026-45498
Sin clasificar
Defender
CVE-2026-41091 Microsoft Defender Elevation of Privilege Vulnerability
In the Security Updates table, added links to the Release Notes. This is an informational change only.
CVE-2026-41091
Sin clasificar
Defender
CVE-2026-45584 Microsoft Defender Remote Code Execution Vulnerability
In the Security Updates table, added links to the Release Notes. This is an informational change only.
CVE-2026-45584
Sin clasificar
SharePoint
CVE-2026-45659 Microsoft SharePoint Remote Code Execution Vulnerability
Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who ha...
CVE-2026-45659
Sin clasificar
Microsoft
CVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leak
Information published.
CVE-2025-3198
Baja
Microsoft
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
Information published.
CVE-2025-1176
Sin clasificar
Microsoft
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
Information published.
CVE-2025-1178
Sin clasificar
Microsoft
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Information published.
CVE-2026-1502
Sin clasificar
Microsoft
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Information published.
CVE-2026-33814
Sin clasificar
Microsoft
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
Information published.
CVE-2026-7790
Sin clasificar
Microsoft
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Information published.
CVE-2026-43968
Sin clasificar
Microsoft
CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks
Information published.
CVE-2026-44283
Sin clasificar
Microsoft
CVE-2026-43029 mptcp: fix soft lockup in mptcp_recvmsg()
Information published.
CVE-2026-43029
Sin clasificar
Microsoft
CVE-2026-43414 scsi: qla2xxx: Completely fix fcport double free
Information published.
CVE-2026-43414
Sin clasificar
Microsoft
CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit
Information published.
CVE-2026-41054
Sin clasificar
Microsoft
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
Information published.
CVE-2025-68768
Sin clasificar
Microsoft
CVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW error
Information published.
CVE-2025-38096
Baja
Microsoft
CVE-2025-51480 Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.
Information published.
CVE-2025-51480
Sin clasificar
Microsoft
CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs
Information published.
CVE-2025-38140
Sin clasificar
Microsoft
CVE-2026-41035 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
Information published.
CVE-2026-41035
Sin clasificar
Microsoft
CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
Information published.
CVE-2026-7246
Baja
Microsoft
CVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflow
Information published.
CVE-2026-44673
Sin clasificar
Microsoft
CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls
Information published.
CVE-2026-43619
Baja
Microsoft
CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure
Information published.
CVE-2026-43618
Sin clasificar
Microsoft
CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
Information published.
CVE-2026-43620
Sin clasificar
Microsoft
CVE-2026-32792 Packet of death with DNSCrypt
Information published.
CVE-2026-32792
Sin clasificar
Microsoft
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section
Information published.
CVE-2026-42960
Sin clasificar
Microsoft
CVE-2026-42959 Crash during DNSSEC validation of malicious content
Information published.
CVE-2026-42959
Sin clasificar
Microsoft
CVE-2026-44608 Use after free and crash under special conditions in RPZ code
Information published.
CVE-2026-44608
Sin clasificar
Microsoft
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation
Information published.
CVE-2026-33278
Sin clasificar
Microsoft
CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations
Information published.
CVE-2026-42923
Sin clasificar
Microsoft
CVE-2026-3039 BIND 9 server memory exhaustion during GSS-API TKEY negotiation
Information published.
CVE-2026-3039
Sin clasificar
Microsoft
CVE-2026-3592 Amplification vulnerabilities via self-pointed glue records
Information published.
CVE-2026-3592
Sin clasificar
Microsoft
CVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
Information published.
CVE-2026-3593
Sin clasificar
Microsoft
CVE-2026-5946 Invalid handling of CLASS != IN
Information published.
CVE-2026-5946
Sin clasificar
Microsoft
CVE-2026-5950 Unbounded resend loop in BIND 9 resolver
Information published.
CVE-2026-5950
Sin clasificar
Microsoft
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
Information published.
CVE-2026-42009
Sin clasificar
Microsoft
CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit
Information published.
CVE-2026-41054
Sin clasificar
Microsoft
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Information published.
CVE-2026-8723
Baja
Microsoft
CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading
Information published.
CVE-2025-14575
Sin clasificar
Microsoft
CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution
Information published.
CVE-2026-43617
Sin clasificar
Microsoft
CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy
Information published.
CVE-2026-45232
Baja
Microsoft
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
Information published.
CVE-2026-29518
Sin clasificar
Microsoft
CVE-2026-41292 Long list of incoming EDNS options degrades performance
Information published.
CVE-2026-41292
Sin clasificar
Microsoft
CVE-2026-42534 Jostle logic bypass degrades resolution performance
Information published.
CVE-2026-42534
Sin clasificar
Microsoft
CVE-2026-40622 Another 'ghost domain names' attack variant
Information published.
CVE-2026-40622
Baja
Microsoft
CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options
Information published.
CVE-2026-42944
Sin clasificar
Microsoft
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service
Information published.
CVE-2026-44390
Sin clasificar
Microsoft
CVE-2026-5947 SIG(0) validation during query flood may lead to undefined behavior
Information published.
CVE-2026-5947
Sin clasificar
Microsoft
CVE-2026-8711 NGINX JavaScript vulnerability
Information published.
CVE-2026-8711
Sin clasificar
Azure
CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
The executive summary has been updated to include additional details about this vulnerability. This change does not affect the available security updates. Customers should install the recommended updates to remain pro...
CVE-2026-33117
Sin clasificar
Windows
CVE-2026-34336 Windows DWM Core Library Elevation of Privilege Vulnerability
The security impact for this CVE has been revised based on a re-assessment of the vulnerability. The original classification of Information Disclosure (ID) has been updated to Elevation of Privilege (EoP).
CVE-2026-34336
Sin clasificar
Microsoft
CVE-2023-6606 Kernel: out-of-bounds read vulnerability in smbcalcsize
Information published.
CVE-2023-6606
Sin clasificar
Microsoft
CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Information published.
CVE-2025-21825
Sin clasificar
Microsoft
CVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM type
Information published.
CVE-2025-21888
Sin clasificar
Microsoft
CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().
Information published.
CVE-2025-40139
Sin clasificar
Microsoft
CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown
Information published.
CVE-2025-40146
Sin clasificar
Microsoft
CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().
Information published.
CVE-2025-40168
Sin clasificar
Microsoft
CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()
Information published.
CVE-2025-40170
Sin clasificar
Microsoft
CVE-2025-40158 ipv6: use RCU in ip6_output()
Information published.
CVE-2025-40158
Sin clasificar
Microsoft
CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
Information published.
CVE-2025-40180
Sin clasificar
Microsoft
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work
Information published.
CVE-2025-68822
Sin clasificar
Microsoft
CVE-2025-71073 Input: lkkbd - disable pending work before freeing device
Information published.
CVE-2025-71073
Sin clasificar
Microsoft
CVE-2025-71072 shmem: fix recovery on rename failures
Information published.
CVE-2025-71072
Sin clasificar
Microsoft
CVE-2026-23214 btrfs: reject new transactions if the fs is fully read-only
Information published.
CVE-2026-23214
Sin clasificar
Microsoft
CVE-2026-23229 crypto: virtio - Add spinlock protection with virtqueue notification
Information published.
CVE-2026-23229
Sin clasificar
Microsoft
CVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
Information published.
CVE-2026-23213
Sin clasificar
Microsoft
CVE-2025-71225 md: suspend array while updating raid_disks via sysfs
Information published.
CVE-2025-71225
Sin clasificar
Microsoft
CVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channels
Information published.
CVE-2025-71227
Sin clasificar
Microsoft
CVE-2026-23223 xfs: fix UAF in xchk_btree_check_block_owner
Information published.
CVE-2026-23223
Sin clasificar
Microsoft
CVE-2026-23225 sched/mmcid: Don't assume CID is CPU owned on mode switch
Information published.
CVE-2026-23225
Sin clasificar
Microsoft
CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler
Information published.
CVE-2026-23207
Sin clasificar
Microsoft
CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes
Information published.
CVE-2025-38041
Sin clasificar
Microsoft
CVE-2025-38029 kasan: avoid sleepable page allocation from atomic context
Information published.
CVE-2025-38029
Sin clasificar
Microsoft
CVE-2025-38064 virtio: break and reset virtio devices on device_shutdown()
Information published.
CVE-2025-38064
Sin clasificar
Microsoft
CVE-2025-68201 drm/amdgpu: remove two invalid BUG_ON()s
Information published.
CVE-2025-68201
Sin clasificar
Microsoft
CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough
Information published.
CVE-2025-68230
Sin clasificar
Microsoft
CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition
Information published.
CVE-2025-68174
Sin clasificar
Microsoft
CVE-2025-40355 sysfs: check visibility before changing group attribute ownership
Information published.
CVE-2025-40355
Sin clasificar
Microsoft
CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side
Information published.
CVE-2025-68304
Sin clasificar
Microsoft
CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work
Information published.
CVE-2025-68324
Sin clasificar
Microsoft
CVE-2025-68736 landlock: Fix handling of disconnected directories
Information published.
CVE-2025-68736
Sin clasificar
Microsoft
CVE-2025-68745 scsi: qla2xxx: Clear cmds after chip reset
Information published.
CVE-2025-68745
Sin clasificar
Microsoft
CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved
Information published.
CVE-2025-40339
Sin clasificar
Microsoft
CVE-2025-68190 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()
Information published.
CVE-2025-68190
Sin clasificar
Microsoft
CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
Information published.
CVE-2025-68188
Sin clasificar
Microsoft
CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
Information published.
CVE-2025-68296
Sin clasificar
Microsoft
CVE-2025-68356 gfs2: Prevent recursive memory reclaim
Information published.
CVE-2025-68356
Sin clasificar
Microsoft
CVE-2025-68374 md: fix rcu protection in md_wakeup_thread
Information published.
CVE-2025-68374
Sin clasificar
Microsoft
CVE-2024-53133 drm/amd/display: Handle dml allocation failure to avoid crash
Information published.
CVE-2024-53133
Sin clasificar
Microsoft
CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string
Information published.
CVE-2025-38660
Sin clasificar
Microsoft
CVE-2025-38636 rv: Use strings in da monitors tracepoints
Information published.
CVE-2025-38636
Sin clasificar
Microsoft
CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields
Information published.
CVE-2025-38591
Media
Microsoft
CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
Information published.
CVE-2025-38585
Sin clasificar
Microsoft
CVE-2025-38584 padata: Fix pd UAF once and for all
Information published.
CVE-2025-38584
Sin clasificar
Microsoft
CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port
Information published.
CVE-2024-38595
Sin clasificar
Microsoft
CVE-2024-44951 serial: sc16is7xx: fix TX fifo corruption
Information published.
CVE-2024-44951
Sin clasificar
Microsoft
CVE-2025-39932 smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work)
Information published.
CVE-2025-39932
Sin clasificar
Microsoft
CVE-2025-40064 smc: Fix use-after-free in __pnet_find_base_ndev().
Information published.
CVE-2025-40064
Sin clasificar
Microsoft
CVE-2025-39927 ceph: fix race condition validating r_parent before applying state
Information published.
CVE-2025-39927
Sin clasificar
Microsoft
CVE-2025-39901 i40e: remove read access to debugfs files
Information published.
CVE-2025-39901
Sin clasificar
Microsoft
CVE-2025-39905 net: phylink: add lock for serializing concurrent pl->phydev writes with resolver
Information published.
CVE-2025-39905
Baja
Microsoft
CVE-2025-39940 dm-stripe: fix a possible integer overflow
Information published.
CVE-2025-39940
Sin clasificar
Microsoft
CVE-2025-39990 bpf: Check the helper function is valid in get_helper_proto
Information published.
CVE-2025-39990
Sin clasificar
Microsoft
CVE-2025-40003 net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work
Information published.
CVE-2025-40003
Sin clasificar
Microsoft
CVE-2025-40074 ipv4: start using dst_dev_rcu()
Information published.
CVE-2025-40074
Sin clasificar
Microsoft
CVE-2025-40065 RISC-V: KVM: Write hgatp register with valid mode bits
Information published.
CVE-2025-40065
Sin clasificar
Microsoft
CVE-2025-40075 tcp_metrics: use dst_dev_net_rcu()
Information published.
CVE-2025-40075
Sin clasificar
Microsoft
CVE-2025-40057 ptp: Add a upper bound on max_vclocks
Information published.
CVE-2025-40057
Sin clasificar
Microsoft
CVE-2025-40102 KVM: arm64: Prevent access to vCPU events before init
Information published.
CVE-2025-40102
Sin clasificar
Microsoft
CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying
Information published.
CVE-2025-22113
Sin clasificar
Microsoft
CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
Information published.
CVE-2025-21927
Sin clasificar
Microsoft
CVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folio
Information published.
CVE-2025-21907
Sin clasificar
Microsoft
CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
Information published.
CVE-2025-22124
Sin clasificar
Microsoft
CVE-2025-38333 f2fs: fix to bail out in get_new_segment()
Information published.
CVE-2025-38333
Sin clasificar
Microsoft
CVE-2025-38264 nvme-tcp: sanitize request list handling
Information published.
CVE-2025-38264
Sin clasificar
Microsoft
CVE-2025-38340 firmware: cs_dsp: Fix OOB memory read access in KUnit test
Information published.
CVE-2025-38340
Sin clasificar
Microsoft
CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping
Information published.
CVE-2025-38279
Sin clasificar
Microsoft
CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
Information published.
CVE-2025-38269
Sin clasificar
Microsoft
CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed
Information published.
CVE-2024-42317
Sin clasificar
Microsoft
CVE-2024-41008 drm/amdgpu: change vm->task_info handling
Information published.
CVE-2024-41008
Sin clasificar
Microsoft
CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly
Information published.
CVE-2024-41067
Sin clasificar
Microsoft
CVE-2024-41023 sched/deadline: Fix task_struct reference leak
Information published.
CVE-2024-41023
Sin clasificar
Microsoft
CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
Information published.
CVE-2024-50217
Sin clasificar
Microsoft
CVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
Information published.
CVE-2025-21768
Sin clasificar
Microsoft
CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed
Information published.
CVE-2024-57976
Sin clasificar
Microsoft
CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool
Information published.
CVE-2025-21786
Sin clasificar
Microsoft
CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug
Information published.
CVE-2025-21693
Sin clasificar
Microsoft
CVE-2025-21714 RDMA/mlx5: Fix implicit ODP use after free
Information published.
CVE-2025-21714
Sin clasificar
Microsoft
CVE-2024-56775 drm/amd/display: Fix handling of plane refcount
Information published.
CVE-2024-56775
Sin clasificar
Microsoft
CVE-2024-57857 RDMA/siw: Remove direct link to net_device
Information published.
CVE-2024-57857
Sin clasificar
Microsoft
CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()
Information published.
CVE-2026-31419
Sin clasificar
Microsoft
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Information published.
CVE-2026-31493
Sin clasificar
Microsoft
CVE-2026-31557 nvmet: move async event work off nvmet-wq
Information published.
CVE-2026-31557
Sin clasificar
Microsoft
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use
Information published.
CVE-2026-31606
Sin clasificar
Microsoft
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
Information published.
CVE-2026-31663
Sin clasificar
Microsoft
CVE-2026-31645 net: lan966x: fix page pool leak in error paths
Information published.
CVE-2026-31645
Sin clasificar
Microsoft
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output
Information published.
CVE-2026-31630
Sin clasificar
Microsoft
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Information published.
CVE-2026-31592
Sin clasificar
Microsoft
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Information published.
CVE-2026-6357
Sin clasificar
Microsoft
CVE-2026-31487 spi: use generic driver_override infrastructure
Information published.
CVE-2026-31487
Sin clasificar
Microsoft
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
Information published.
CVE-2026-31516
Sin clasificar
Microsoft
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation
Information published.
CVE-2026-31488
Sin clasificar
Microsoft
CVE-2026-31506 net: bcmasp: fix double free of WoL irq
Information published.
CVE-2026-31506
Sin clasificar
Microsoft
CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory
Information published.
CVE-2026-31440
Sin clasificar
Microsoft
CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
Information published.
CVE-2026-31505
Sin clasificar
Microsoft
CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes
Information published.
CVE-2026-31449
Sin clasificar
Microsoft
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Information published.
CVE-2026-31536
Sin clasificar
Microsoft
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response
Information published.
CVE-2026-31613
Sin clasificar
Microsoft
CVE-2026-31688 driver core: enforce device_lock for driver_match_device()
Information published.
CVE-2026-31688
Sin clasificar
Microsoft
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns
Information published.
CVE-2026-31692
Sin clasificar
Microsoft
CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly
Information published.
CVE-2024-35808
Sin clasificar
Microsoft
CVE-2024-26944 btrfs: zoned: fix use-after-free in do_zone_finish()
Information published.
CVE-2024-26944
Sin clasificar
Microsoft
CVE-2024-35794 dm-raid: really frozen sync_thread during suspend
Information published.
CVE-2024-35794
Sin clasificar
Microsoft
CVE-2025-37907 accel/ivpu: Fix locking order in ivpu_job_submit
Information published.
CVE-2025-37907
Sin clasificar
Microsoft
CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio
Information published.
CVE-2025-37834
Sin clasificar
Microsoft
CVE-2025-37877 iommu: Clear iommu-dma ops on cleanup
Information published.
CVE-2025-37877
Sin clasificar
Microsoft
CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
Information published.
CVE-2025-37826
Sin clasificar
Microsoft
CVE-2025-37856 btrfs: harden block_group::bg_list against list_del() races
Information published.
CVE-2025-37856
Sin clasificar
Microsoft
CVE-2025-37882 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
Information published.
CVE-2025-37882
Sin clasificar
Microsoft
CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
Information published.
CVE-2025-37861
Sin clasificar
Microsoft
CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap
Information published.
CVE-2025-37807
Sin clasificar
Microsoft
CVE-2025-37747 perf: Fix hang while freeing sigtrap event
Information published.
CVE-2025-37747
Sin clasificar
Microsoft
CVE-2025-37750 smb: client: fix UAF in decryption with multichannel
Information published.
CVE-2025-37750
Sin clasificar
Microsoft
CVE-2026-23241 audit: add missing syscalls to read class
Information published.
CVE-2026-23241
Sin clasificar
Microsoft
CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements
Information published.
CVE-2026-23278
Sin clasificar
Microsoft
CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion
Information published.
CVE-2026-23272
Sin clasificar
Microsoft
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz
Information published.
CVE-2026-23377
Sin clasificar
Microsoft
CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
Information published.
CVE-2026-23383
Sin clasificar
Microsoft
CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.
Information published.
CVE-2026-23394
Sin clasificar
Microsoft
CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()
Information published.
CVE-2026-23240
Sin clasificar
Microsoft
CVE-2026-23248 perf/core: Fix refcount bug and potential UAF in perf_mmap
Information published.
CVE-2026-23248
Sin clasificar
Microsoft
CVE-2026-23247 tcp: secure_seq: add back ports to TS offset
Information published.
CVE-2026-23247
Sin clasificar
Microsoft
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
Information published.
CVE-2026-23361
Sin clasificar
Microsoft
CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()
Information published.
CVE-2026-23346
Sin clasificar
Microsoft
CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message
Information published.
CVE-2026-0968
Sin clasificar
Microsoft
CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'
Information published.
CVE-2024-26672
Sin clasificar
Microsoft
CVE-2024-26757 md: Don't ignore read-only array in md_check_recovery()
Information published.
CVE-2024-26757
Sin clasificar
Microsoft
CVE-2024-26758 md: Don't ignore suspended array in md_check_recovery()
Information published.
CVE-2024-26758
Sin clasificar
Microsoft
CVE-2024-26756 md: Don't register sync_thread for reshape directly
Information published.
CVE-2024-26756
Sin clasificar
Microsoft
CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq
Information published.
CVE-2023-52586
Sin clasificar
Microsoft
CVE-2023-52624 drm/amd/display: Wake DMCUB before executing GPINT commands
Information published.
CVE-2023-52624
Sin clasificar
Microsoft
CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()
Information published.
CVE-2026-31706
Sin clasificar
Microsoft
CVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()
Information published.
CVE-2026-31707
Sin clasificar
Microsoft
CVE-2026-43042 mpls: add seqcount to protect the platform_label{,s} pair
Information published.
CVE-2026-43042
Sin clasificar
Microsoft
CVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlers
Information published.
CVE-2026-31771
Sin clasificar
Microsoft
CVE-2026-43052 wifi: mac80211: check tdls flag in ieee80211_tdls_oper
Information published.
CVE-2026-43052
Sin clasificar
Microsoft
CVE-2026-31709 smb: client: validate the whole DACL before rewriting it in cifsacl
Information published.
CVE-2026-31709
Sin clasificar
Microsoft
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Information published.
CVE-2026-43248
Sin clasificar
Microsoft
CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex
Information published.
CVE-2026-43127
Sin clasificar
Microsoft
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Information published.
CVE-2026-43161
Sin clasificar
Microsoft
CVE-2026-43245 ntfs: ->d_compare() must not block
Information published.
CVE-2026-43245
Sin clasificar
Microsoft
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Information published.
CVE-2025-71273
Sin clasificar
Microsoft
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Information published.
CVE-2026-43153
Sin clasificar
Microsoft
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Information published.
CVE-2026-43116
Sin clasificar
Microsoft
CVE-2026-43331 x86/kexec: Disable KCOV instrumentation after load_segments()
Information published.
CVE-2026-43331
Sin clasificar
Microsoft
CVE-2026-43319 spi: spidev: fix lock inversion between spi_lock and buf_lock
Information published.
CVE-2026-43319
Sin clasificar
Microsoft
CVE-2026-43303 mm/page_alloc: clear page->private in free_pages_prepare()
Information published.
CVE-2026-43303
Sin clasificar
Microsoft
CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode
Information published.
CVE-2026-31767
Sin clasificar
Microsoft
CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls
Information published.
CVE-2026-43249
Sin clasificar
Microsoft
CVE-2026-43490 ksmbd: validate inherited ACE SID length
Information published.
CVE-2026-43490
Sin clasificar
Microsoft
CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests
Information published.
CVE-2026-43493
Sin clasificar
Microsoft
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node
Information published.
CVE-2026-43491
Sin clasificar
Microsoft
CVE-2026-43465 net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ
Information published.
CVE-2026-43465
Sin clasificar
Microsoft
CVE-2026-43499 rtmutex: Use waiter::task instead of current in remove_waiter()
Information published.
CVE-2026-43499
Sin clasificar
Microsoft
CVE-2026-43497 fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free
Information published.
CVE-2026-43497
Sin clasificar
Microsoft
CVE-2026-43502 net/rds: handle zerocopy send cleanup before the message is queued
Information published.
CVE-2026-43502
Sin clasificar
Microsoft
CVE-2026-43501 ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
Information published.
CVE-2026-43501
Sin clasificar
Microsoft
CVE-2026-43496 net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked
Information published.
CVE-2026-43496
Sin clasificar
Microsoft
CVE-2026-43048 HID: core: Mitigate potential OOB by removing bogus memset()
Information published.
CVE-2026-43048
Sin clasificar
Microsoft
CVE-2026-43049 HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure
Information published.
CVE-2026-43049
Sin clasificar
Microsoft
CVE-2026-31712 ksmbd: require minimum ACE size in smb_check_perm_dacl()
Information published.
CVE-2026-31712
Sin clasificar
Microsoft
CVE-2026-43019 Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
Information published.
CVE-2026-43019
Sin clasificar
Microsoft
CVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision tracking
Information published.
CVE-2026-43009
Sin clasificar
Microsoft
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function
Information published.
CVE-2026-43073
Sin clasificar
Microsoft
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Information published.
CVE-2026-43125
Sin clasificar
Microsoft
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Information published.
CVE-2026-43198
Sin clasificar
Microsoft
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Information published.
CVE-2026-43172
Sin clasificar
Microsoft
CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels
Information published.
CVE-2025-71285
Sin clasificar
Microsoft
CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay
Information published.
CVE-2026-43118
Sin clasificar
Microsoft
CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock
Information published.
CVE-2026-43109
Sin clasificar
Microsoft
CVE-2026-43258 alpha: fix user-space corruption during memory compaction
Information published.
CVE-2026-43258
Sin clasificar
Microsoft
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Information published.
CVE-2025-71289
Sin clasificar
Microsoft
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Information published.
CVE-2026-43250
Sin clasificar
Microsoft
CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports
Information published.
CVE-2026-43088
Sin clasificar
Microsoft
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Information published.
CVE-2026-43119
Sin clasificar
Microsoft
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Information published.
CVE-2026-43101
Sin clasificar
Microsoft
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Information published.
CVE-2026-43199
Sin clasificar
Microsoft
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Information published.
CVE-2026-43083
Sin clasificar
Microsoft
CVE-2026-43338 btrfs: reserve enough transaction items for qgroup ioctls
Information published.
CVE-2026-43338
Sin clasificar
Microsoft
CVE-2026-43318 drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify
Information published.
CVE-2026-43318
Sin clasificar
Microsoft
CVE-2026-43416 powerpc, perf: Check that current->mm is alive before getting user callchain
Information published.
CVE-2026-43416
Sin clasificar
Microsoft
CVE-2026-43298 drm/amdgpu: Skip vcn poison irq release on VF
Information published.
CVE-2026-43298
Baja
Microsoft
CVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()
Information published.
CVE-2026-43492
Sin clasificar
Microsoft
CVE-2026-45736 ws: Uninitialized memory disclosure
Information published.
CVE-2026-45736
Sin clasificar
Microsoft
CVE-2026-43464 net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ
Information published.
CVE-2026-43464
Sin clasificar
Microsoft
CVE-2026-43495 net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler
Information published.
CVE-2026-43495
Sin clasificar
Microsoft
CVE-2026-43494 net/rds: reset op_nents when zerocopy page pin fails
Information published.
CVE-2026-43494
Sin clasificar
Microsoft
CVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migration
Information published.
CVE-2025-39754
Sin clasificar
Microsoft
CVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliable
Information published.
CVE-2025-39746
Sin clasificar
Microsoft
CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer
Information published.
CVE-2025-39833
Sin clasificar
Microsoft
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
Information published.
CVE-2025-39850
Sin clasificar
Microsoft
CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal
Information published.
CVE-2025-39677
Sin clasificar
Microsoft
CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
Information published.
CVE-2025-39707
Sin clasificar
Microsoft
CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown
Information published.
CVE-2025-39810
Sin clasificar
Microsoft
CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object
Information published.
CVE-2025-39851
Sin clasificar
Microsoft
CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart
Information published.
CVE-2025-39862
Sin clasificar
Microsoft
CVE-2024-58241 Bluetooth: hci_core: Disable works on hci_unregister_dev
Information published.
CVE-2024-58241
Sin clasificar
Windows
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Fixed a typographical error. This is an information change only.
CVE-2026-45585
Sin clasificar
Windows
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Added a script to implement a mitigation and removed the manual mitigations. Please read the information to decide if you need to run the provided script.
CVE-2026-45585
Sin clasificar
Microsoft
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node
Information published.
CVE-2026-43491
Sin clasificar
Microsoft
CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls
Information published.
CVE-2026-43619
Baja
Microsoft
CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure
Information published.
CVE-2026-43618
Sin clasificar
Microsoft
CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
Information published.
CVE-2026-43620
Sin clasificar
Microsoft
CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.
Information published.
CVE-2026-47784
Sin clasificar
Microsoft
CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
Information published.
CVE-2026-47783
Sin clasificar
Microsoft
CVE-2026-32792 Packet of death with DNSCrypt
Information published.
CVE-2026-32792
Sin clasificar
Microsoft
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section
Information published.
CVE-2026-42960
Sin clasificar
Microsoft
CVE-2026-42959 Crash during DNSSEC validation of malicious content
Information published.
CVE-2026-42959
Sin clasificar
Microsoft
CVE-2026-44608 Use after free and crash under special conditions in RPZ code
Information published.
CVE-2026-44608
Sin clasificar
Microsoft
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation
Information published.
CVE-2026-33278
Sin clasificar
Microsoft
CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations
Information published.
CVE-2026-42923
Baja
Microsoft
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
Information published.
CVE-2026-45803
Baja
Microsoft
CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
Information published.
CVE-2026-43970
Sin clasificar
Microsoft
CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic
Information published.
CVE-2026-46333
Sin clasificar
Microsoft
CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution
Information published.
CVE-2026-43617
Sin clasificar
Microsoft
CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy
Information published.
CVE-2026-45232
Baja
Microsoft
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
Information published.
CVE-2026-29518
Sin clasificar
Microsoft
CVE-2026-41292 Long list of incoming EDNS options degrades performance
Information published.
CVE-2026-41292
Sin clasificar
Microsoft
CVE-2026-42534 Jostle logic bypass degrades resolution performance
Information published.
CVE-2026-42534
Sin clasificar
Microsoft
CVE-2026-40622 Another 'ghost domain names' attack variant
Information published.
CVE-2026-40622
Baja
Microsoft
CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options
Information published.
CVE-2026-42944
Sin clasificar
Microsoft
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service
Information published.
CVE-2026-44390
Sin clasificar
Microsoft
CVE-2026-45736 ws: Uninitialized memory disclosure
Information published.
CVE-2026-45736
Sin clasificar
Microsoft
CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
Today's changes were made in error and have been reverted. This is an informational change only.
CVE-2026-40367
Crítica
Microsoft
CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
The security impact for this vulnerability has been revised from Critical to Important. In addition, the CVSS vector and FAQs were modified. This change does not affect the available security updates. Customers shoul...
CVE-2026-40367
Sin clasificar
Microsoft
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
Information published.
CVE-2026-34956
Sin clasificar
Microsoft
CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests
Information published.
CVE-2026-43493
Sin clasificar
Microsoft
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node
Information published.
CVE-2026-43491
Sin clasificar
Microsoft
CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
Information published.
CVE-2026-46483
Baja
Microsoft
CVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()
Information published.
CVE-2026-43492
Baja
Windows
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best p...
CVE-2026-45585
Sin clasificar
Microsoft
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
Information published.
CVE-2025-8224
Baja
Microsoft
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
Information published.
CVE-2025-1176
Sin clasificar
Microsoft
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
Information published.
CVE-2025-1178
Sin clasificar
Microsoft
CVE-2025-0665 eventfd double close
Information published.
CVE-2025-0665
Sin clasificar
Microsoft
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Information published.
CVE-2026-34757
Sin clasificar
Microsoft
CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
Information published.
CVE-2026-41080
Sin clasificar
Microsoft
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Information published.
CVE-2026-6357
Sin clasificar
Windows
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
Information published.
CVE-2026-3087
Sin clasificar
Microsoft
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Information published.
CVE-2026-3219
Sin clasificar
Microsoft
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
Information published.
CVE-2026-28808
Sin clasificar
Microsoft
CVE-2026-41604 Apache Thrift: Swift Range crash in skip()
Information published.
CVE-2026-41604
Baja
Microsoft
CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow
Information published.
CVE-2026-40170
Sin clasificar
Microsoft
CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison
Information published.
CVE-2026-3833
Baja
Microsoft
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Information published.
CVE-2026-34874
Baja
Microsoft
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Information published.
CVE-2026-34876
Sin clasificar
Microsoft
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Information published.
CVE-2026-25835
Sin clasificar
Microsoft
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Information published.
CVE-2025-66442
Sin clasificar
Microsoft
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Information published.
CVE-2026-34873
Sin clasificar
Microsoft
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Information published.
CVE-2026-34871
Sin clasificar
Microsoft
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Information published.
CVE-2026-34872
Baja
Microsoft
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Information published.
CVE-2026-25834
Baja
Microsoft
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Information published.
CVE-2026-25833
Sin clasificar
Microsoft
CVE-2026-41082 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
Information published.
CVE-2026-41082
Sin clasificar
Microsoft
CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
Information published.
CVE-2026-7246
Sin clasificar
Microsoft
CVE-2026-31723 usb: gadget: f_subset: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31723
Sin clasificar
Microsoft
CVE-2026-31724 usb: gadget: f_eem: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31724
Sin clasificar
Microsoft
CVE-2026-31721 usb: gadget: f_hid: move list and spinlock inits from bind to alloc
Information published.
CVE-2026-31721
Baja
Microsoft
CVE-2026-31704 ksmbd: use check_add_overflow() to prevent u16 DACL size overflow
Information published.
CVE-2026-31704
Sin clasificar
Microsoft
CVE-2026-31702 f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()
Information published.
CVE-2026-31702
Sin clasificar
Microsoft
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
Information published.
CVE-2026-43185
Sin clasificar
Microsoft
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
Information published.
CVE-2025-71272
Sin clasificar
Microsoft
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
Information published.
CVE-2026-41673
Sin clasificar
Microsoft
CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
Information published.
CVE-2026-43443
Media
Microsoft
CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC
Information published.
CVE-2026-43310
Sin clasificar
Microsoft
CVE-2026-43421 usb: gadget: f_ncm: Fix net_device lifecycle with device_move
Information published.
CVE-2026-43421
Baja
Microsoft
CVE-2026-37458 Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.
Information published.
CVE-2026-37458
Sin clasificar
Microsoft
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Information published.
CVE-2026-33814
Sin clasificar
Microsoft
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Information published.
CVE-2026-39823
Sin clasificar
Microsoft
CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication
Information published.
CVE-2026-42256
Sin clasificar
Microsoft
CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing
Information published.
CVE-2026-42246
Media
Microsoft
CVE-2026-45186 In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
Information published.
CVE-2026-45186
Baja
Microsoft
CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
Information published.
CVE-2026-6210
Sin clasificar
Microsoft
CVE-2026-4873 connection reuse ignores TLS requirement
Information published.
CVE-2026-4873
Sin clasificar
Microsoft
CVE-2026-6429 netrc credential leak with reused proxy connection
Information published.
CVE-2026-6429
Sin clasificar
Microsoft
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
Information published.
CVE-2026-5545
Sin clasificar
Microsoft
CVE-2026-6253 proxy credentials leak over redirect-to proxy
Information published.
CVE-2026-6253
Sin clasificar
Microsoft
CVE-2026-5773 wrong reuse of SMB connection
Information published.
CVE-2026-5773
Sin clasificar
Microsoft
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling
Information published.
CVE-2026-42011
Sin clasificar
Microsoft
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Information published.
CVE-2026-7210
Sin clasificar
SQL Server
CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound
Information published.
CVE-2026-6473
Sin clasificar
Microsoft
CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
Information published.
CVE-2026-6477
Baja
Microsoft
CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
Information published.
CVE-2026-44662
Sin clasificar
Microsoft
CVE-2026-31777 ALSA: ctxfi: Check the error for index mapping
Information published.
CVE-2026-31777
Sin clasificar
Microsoft
CVE-2026-31722 usb: gadget: f_rndis: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31722
Sin clasificar
Microsoft
CVE-2026-31725 usb: gadget: f_ecm: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31725
Sin clasificar
Microsoft
CVE-2026-31729 usb: typec: ucsi: validate connector number in ucsi_notify_common()
Information published.
CVE-2026-31729
Sin clasificar
Microsoft
CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
Information published.
CVE-2026-31715
Baja
Microsoft
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Information published.
CVE-2026-7598
Media
Microsoft
CVE-2026-43058 media: vidtv: fix pass-by-value structs causing MSAN warnings
Information published.
CVE-2026-43058
Sin clasificar
Microsoft
CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE
Information published.
CVE-2026-43176
Sin clasificar
Microsoft
CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams
Information published.
CVE-2026-43204
Sin clasificar
Microsoft
CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints
Information published.
CVE-2026-43126
Sin clasificar
Microsoft
CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU
Information published.
CVE-2026-43115
Sin clasificar
Microsoft
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet
Information published.
CVE-2026-43219
Sin clasificar
Microsoft
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report
Information published.
CVE-2026-43213
Sin clasificar
Microsoft
CVE-2026-43228 hfs: Replace BUG_ON with error handling for CNID count checks
Information published.
CVE-2026-43228
Sin clasificar
Microsoft
CVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon tracking
Information published.
CVE-2026-43267
Sin clasificar
Microsoft
CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability
Information published.
CVE-2026-43870
Sin clasificar
Microsoft
CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
Information published.
CVE-2026-43868
CVE-2020-13949
Sin clasificar
Microsoft
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification
Information published.
CVE-2026-43869
Sin clasificar
Microsoft
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
Information published.
CVE-2026-41672
Sin clasificar
Microsoft
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization
Information published.
CVE-2026-41674
Sin clasificar
Microsoft
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization
Information published.
CVE-2026-41675
Sin clasificar
Microsoft
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Information published.
CVE-2026-31717
Sin clasificar
Microsoft
CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue
Information published.
CVE-2026-43352
Sin clasificar
Microsoft
CVE-2026-43317 most: core: fix leak on early registration failure
Information published.
CVE-2026-43317
Sin clasificar
Microsoft
CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue
Information published.
CVE-2026-43353
Baja
Microsoft
CVE-2026-37459 An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Information published.
CVE-2026-37459
Sin clasificar
Microsoft
CVE-2026-33811 Crash when handling long CNAME response in net
Information published.
CVE-2026-33811
Sin clasificar
Microsoft
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Information published.
CVE-2026-39817
Baja
Microsoft
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Information published.
CVE-2026-39819
Sin clasificar
Microsoft
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Information published.
CVE-2026-39820
Sin clasificar
Microsoft
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Information published.
CVE-2026-39825
Sin clasificar
Microsoft
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Information published.
CVE-2026-39826
Sin clasificar
Windows
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Information published.
CVE-2026-39836
Sin clasificar
Microsoft
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Information published.
CVE-2026-42499
Sin clasificar
Microsoft
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Information published.
CVE-2026-42501
Sin clasificar
Microsoft
CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands
Information published.
CVE-2026-42257
Sin clasificar
Microsoft
CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs
Information published.
CVE-2026-42258
Sin clasificar
Microsoft
CVE-2026-6276 stale custom cookie host causes cookie leak
Information published.
CVE-2026-6276
Sin clasificar
Microsoft
CVE-2026-7168 cross-proxy Digest auth state leak
Information published.
CVE-2026-7168
Baja
Microsoft
CVE-2026-8295 Integer overflow in simdjson
Information published.
CVE-2026-8295
Sin clasificar
Microsoft
CVE-2026-4892 CVE-2026-4892
Information published.
CVE-2026-4892
Sin clasificar
Microsoft
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
Information published.
CVE-2026-8328
Media
Microsoft
CVE-2026-32185 Microsoft Teams Spoofing Vulnerability
The security update for Microsoft Teams for Android is not immediately available. Customers running affected Microsoft Teams for would need to install the update to be protected from this vulnerability, once the updat...
CVE-2026-32185
Sin clasificar
Exchange Server
CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability
Updated FAQ information. This is an informational change only.
CVE-2026-42897
Baja
Azure
CVE-2026-42822 Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability
Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-42822
Sin clasificar
Microsoft
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Update the Security Updates table to remove incorrectly added software
CVE-2026-32177
Sin clasificar
Microsoft
CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
Information published.
CVE-2026-43308
Sin clasificar
Microsoft
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Information published.
CVE-2026-7210
Sin clasificar
Microsoft
CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
Information published.
CVE-2026-46483
Sin clasificar
Microsoft
CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks
Information published.
CVE-2026-44283
Sin clasificar
Microsoft
CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects
Information published.
CVE-2026-8368
Sin clasificar
Microsoft
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
Information published.
CVE-2026-8328
Baja
Microsoft
CVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflow
Information published.
CVE-2026-44673
Sin clasificar
Microsoft
CVE-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channel
Information published.
CVE-2026-6478
Sin clasificar
SQL Server
CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound
Information published.
CVE-2026-6473
Baja
Microsoft
CVE-2026-6638 PostgreSQL REFRESH PUBLICATION allows SQL injection via table name
Information published.
CVE-2026-6638
Baja
Microsoft
CVE-2026-6637 PostgreSQL refint allows stack buffer overflow and SQL injection
Information published.
CVE-2026-6637
Sin clasificar
Microsoft
CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
Information published.
CVE-2026-6477
Sin clasificar
Microsoft
CVE-2026-40460 NGINX ngx_quic_module vulnerability
Information published.
CVE-2026-40460
Sin clasificar
Microsoft
CVE-2026-42934 NGINX ngx_http_charset_module vulnerability
Information published.
CVE-2026-42934
Sin clasificar
Microsoft
CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability
Information published.
CVE-2026-42946
Baja
Microsoft
CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
Information published.
CVE-2026-44662
Baja
Microsoft
CVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
Information published.
CVE-2026-44431
Sin clasificar
Microsoft
CVE-2026-43490 ksmbd: validate inherited ACE SID length
Information published.
CVE-2026-43490
Sin clasificar
Microsoft
CVE-2026-6475 PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice
Information published.
CVE-2026-6475
Sin clasificar
Microsoft
CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory
Information published.
CVE-2026-6474
Sin clasificar
Microsoft
CVE-2026-6472 PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
Information published.
CVE-2026-6472
Sin clasificar
Microsoft
CVE-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
Information published.
CVE-2026-6479
Sin clasificar
Microsoft
CVE-2026-40701 NGINX ngx_http_ssl_module vulnerability
Information published.
CVE-2026-40701
Sin clasificar
Microsoft
CVE-2026-42945 NGINX ngx_http_rewrite_module vulnerability
Information published.
CVE-2026-42945
Sin clasificar
Microsoft
CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic
Information published.
CVE-2026-46333
Sin clasificar
Azure
CVE-2026-40379 Azure Entra ID Spoofing Vulnerability
Corrected CVE title. This is an informational change only.
CVE-2026-40379
Sin clasificar
Windows
CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
Updated Hotpatch links. This is in informational change only.
CVE-2026-32161
Sin clasificar
Windows
CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability
Updated Hotpatch links. This is in informational change only.
CVE-2026-32170
Sin clasificar
Windows
CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
Updated Hotpatch links. This is in informational change only.
CVE-2026-21530
Sin clasificar
Microsoft
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Information published.
CVE-2026-29181
Sin clasificar
Microsoft
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Information published.
CVE-2026-33814
Sin clasificar
Microsoft
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Information published.
CVE-2026-42304
Sin clasificar
Microsoft
CVE-2026-4893 CVE-2026-4893
Information published.
CVE-2026-4893
Sin clasificar
Microsoft
CVE-2026-2291 CVE-2026-2291
Information published.
CVE-2026-2291
Sin clasificar
Microsoft
CVE-2026-5172 CVE-2026-5172
Information published.
CVE-2026-5172
Sin clasificar
Microsoft
CVE-2026-4890 CVE-2026-4890
Information published.
CVE-2026-4890
Sin clasificar
Microsoft
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling
Information published.
CVE-2026-42011
Sin clasificar
Microsoft
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
Information published.
CVE-2026-34956
Sin clasificar
Microsoft
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Information published.
CVE-2026-7210
Sin clasificar
Microsoft
CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
Information published.
CVE-2026-43969
Baja
Microsoft
CVE-2026-8295 Integer overflow in simdjson
Information published.
CVE-2026-8295
Sin clasificar
Microsoft
CVE-2026-4891 CVE-2026-4891
Information published.
CVE-2026-4891
Sin clasificar
Microsoft
CVE-2026-4892 CVE-2026-4892
Information published.
CVE-2026-4892
Sin clasificar
Microsoft
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username
Information published.
CVE-2026-42010
Sin clasificar
Microsoft
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
Information published.
CVE-2026-7790
Sin clasificar
Microsoft
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Information published.
CVE-2026-43968
Sin clasificar
Microsoft
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
New .NET Framework Packages have been added
CVE-2026-32177
Sin clasificar
Microsoft
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
New .NET Framework Packages have been added
CVE-2026-35433
Baja
Microsoft
CVE-2026-41615 Microsoft Authenticator Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.
CVE-2026-41615
Baja
Exchange Server
CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-42897
Baja
Microsoft
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve
Information published.
CVE-2026-25541
Sin clasificar
Dynamics
CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Updated the fixed version number. This is an informational change only.
CVE-2026-42833
Sin clasificar
Dynamics
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Acknowledgement Updated
CVE-2026-42898
Sin clasificar
Dynamics
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Updated the fixed version number. This is an informational change only.
CVE-2026-42898
Sin clasificar
Azure
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Information published.
CVE-2026-42151
Baja
Microsoft
CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload
Information published.
CVE-2026-42154
Sin clasificar
Microsoft
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Information published.
CVE-2026-33814
Sin clasificar
Microsoft
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Information published.
CVE-2026-39823
Sin clasificar
Microsoft
CVE-2026-45186
Information published.
CVE-2026-45186
Baja
Microsoft
CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro
Information published.
CVE-2026-43894
Baja
Microsoft
CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge
Information published.
CVE-2026-43896
Sin clasificar
Microsoft
CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
Information published.
CVE-2026-43895
Baja
Microsoft
CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains
Information published.
CVE-2026-40612
Sin clasificar
Microsoft
CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f
Information published.
CVE-2026-41256
Sin clasificar
Microsoft
CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode
Information published.
CVE-2026-31767
Sin clasificar
Microsoft
CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls
Information published.
CVE-2026-43249
Sin clasificar
Microsoft
CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences
Information published.
CVE-2026-8177
Baja
Microsoft
CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
Information published.
CVE-2026-6210
Baja
Microsoft
CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing
Information published.
CVE-2026-6664
Baja
Microsoft
CVE-2026-6665 PgBouncer buffer overflow in SCRAM
Information published.
CVE-2026-6665
Sin clasificar
Microsoft
CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command
Information published.
CVE-2026-6667
Sin clasificar
Microsoft
CVE-2026-6666 PgBouncer crash in kill_pool_logins_server_error
Information published.
CVE-2026-6666
Baja
Microsoft
CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading
Information published.
CVE-2026-45130
Sin clasificar
Microsoft
CVE-2026-44656 Vim: OS Command Injection via 'path' completion
Information published.
CVE-2026-44656
Sin clasificar
Microsoft
CVE-2026-33811 Crash when handling long CNAME response in net
Information published.
CVE-2026-33811
Sin clasificar
Microsoft
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Information published.
CVE-2026-39817
Baja
Microsoft
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Information published.
CVE-2026-39819
Sin clasificar
Microsoft
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Information published.
CVE-2026-39820
Sin clasificar
Microsoft
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Information published.
CVE-2026-39825
Sin clasificar
Microsoft
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Information published.
CVE-2026-39826
Sin clasificar
Windows
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Information published.
CVE-2026-39836
Sin clasificar
Microsoft
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Information published.
CVE-2026-42499
Sin clasificar
Microsoft
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Information published.
CVE-2026-42501
Baja
Microsoft
CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)
Information published.
CVE-2026-41257
Sin clasificar
Microsoft
CVE-2026-35469 SpdyStream: DOS on CRI
Information published.
CVE-2026-35469
Sin clasificar
Microsoft
CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification
Information published.
CVE-2026-41603
Sin clasificar
Microsoft
CVE-2026-41636 Apache Thrift: Node.js skip() recursion
Information published.
CVE-2026-41636
Sin clasificar
Microsoft
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.
Information published.
CVE-2025-48431
Baja
Microsoft
CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow
Information published.
CVE-2026-41602
Baja
Microsoft
CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow
Information published.
CVE-2026-41605
Baja
Azure
CVE-2026-32204 Azure Monitor Agent Elevation of Privilege Vulnerability
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32204
Baja
Microsoft
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32177
Baja
Windows
CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
CVE-2026-21530
Baja
Azure
CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-33117
Baja
Windows
CVE-2026-33834 Windows Event Logging Service Elevation of Privilege Vulnerability
Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.
CVE-2026-33834
Baja
Windows
CVE-2026-33839 Win32k Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-33839
Baja
Windows
CVE-2026-33840 Win32k Elevation of Privilege Vulnerability
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-33840
Baja
Windows
CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-33841
Baja
Windows
CVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-34329
Baja
Windows
CVE-2026-34330 Win32k Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34330
Baja
Windows
CVE-2026-34331 Win32k Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34331
Baja
Windows
CVE-2026-34333 Windows Win32k Elevation of Privilege Vulnerability
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34333
Baja
Windows
CVE-2026-34342 Windows Print Spooler Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-34342
Baja
Windows
CVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2026-34343
Baja
Windows
CVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34344
Baja
Windows
CVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34345
Baja
Windows
CVE-2026-34347 Windows Win32k Elevation of Privilege Vulnerability
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34347
Baja
Windows
CVE-2026-34350 Windows Storport Miniport Driver Denial of Service Vulnerability
Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.
CVE-2026-34350
Baja
Windows
CVE-2026-34351 Windows TCP/IP Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34351
Baja
Windows
CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-35415
Baja
Windows
CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-35416
Baja
Windows
CVE-2026-35417 Windows Win32k Elevation of Privilege Vulnerability
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-35417
Baja
Windows
CVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-35418
Baja
Windows
CVE-2026-35419 Windows DWM Core Library Information Disclosure Vulnerability
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-35419
Baja
Windows
CVE-2026-35420 Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-35420
Baja
Windows
CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-35421
Baja
Windows
CVE-2026-35422 Windows TCP/IP Driver Security Feature Bypass Vulnerability
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
CVE-2026-35422
Baja
Windows
CVE-2026-35423 Windows 11 Telnet Client Information Disclosure Vulnerability
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
CVE-2026-35423
Baja
Windows
CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-35424
Baja
Microsoft
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-35433
Baja
Windows
CVE-2026-35438 Windows Admin Center Elevation of Privilege Vulnerability
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-35438
Baja
Microsoft Office
CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35439
Baja
Microsoft Office
CVE-2026-35440 Microsoft Word Information Disclosure Vulnerability
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-35440
Baja
Microsoft Office
CVE-2026-40360 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40360
Baja
Microsoft Office
CVE-2026-40363 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40363
Baja
Microsoft Office
CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40364
Baja
Microsoft Office
CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40366
Baja
Microsoft Office
CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40368
Baja
Microsoft
CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2026-40374
Baja
Windows
CVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-40377
Baja
Windows
CVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution Vulnerability
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
CVE-2026-40380
Baja
Windows
CVE-2026-40399 Windows TCP/IP Elevation of Privilege Vulnerability
Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-40399
Baja
Windows
CVE-2026-40405 Windows TCP/IP Denial of Service Vulnerability
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
CVE-2026-40405
Baja
Windows
CVE-2026-40406 Windows TCP/IP Information Disclosure Vulnerability
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
CVE-2026-40406
Baja
Windows
CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40407
Baja
Windows
CVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege Vulnerability
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-40408
Baja
Windows
CVE-2026-40410 Windows SMB Client Elevation of Privilege Vulnerability
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
CVE-2026-40410
Baja
Windows
CVE-2026-40414 Windows TCP/IP Denial of Service Vulnerability
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
CVE-2026-40414
Baja
Windows
CVE-2026-40415 Windows TCP/IP Remote Code Execution Vulnerability
Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2026-40415
Baja
Dynamics
CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
CVE-2026-40417
Baja
Microsoft Office
CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40419
Baja
Microsoft Office
CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability
External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.
CVE-2026-40421
Baja
Windows
CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-41088
Baja
Windows
CVE-2026-41089 Windows Netlogon Remote Code Execution Vulnerability
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
CVE-2026-41089
Baja
Microsoft
CVE-2026-41094 Microsoft Data Formulator Remote Code Execution Vulnerability
Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.
CVE-2026-41094
Baja
Microsoft
CVE-2026-41095 Data Deduplication Elevation of Privilege Vulnerability
Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.
CVE-2026-41095
Baja
Windows
CVE-2026-41096 Windows DNS Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
CVE-2026-41096
Baja
Microsoft 365
CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-41100
Baja
Microsoft Office
CVE-2026-41101 Microsoft Word for Android Spoofing Vulnerability
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
CVE-2026-41101
Baja
Microsoft Office
CVE-2026-41102 Microsoft PowerPoint for Android Spoofing Vulnerability
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
CVE-2026-41102
Baja
Visual Studio
CVE-2026-41610 Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-41610
Baja
Visual Studio
CVE-2026-41611 Visual Studio Code Remote Code Execution Vulnerability
Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
CVE-2026-41611
Baja
Visual Studio
CVE-2026-41612 Visual Studio Code Information Disclosure Vulnerability
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
CVE-2026-41612
Baja
Microsoft
CVE-2026-41614 M365 Copilot for Desktop Spoofing Vulnerability
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
CVE-2026-41614
Baja
Windows
CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-32161
Baja
Windows
CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability
Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.
CVE-2026-32170
Baja
Microsoft
CVE-2026-32185 Microsoft Teams Spoofing Vulnerability
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVE-2026-32185
Baja
Microsoft Office
CVE-2026-42831 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-42831
Sin clasificar
Microsoft
CVE-2026-32175 .NET Core Tampering Vulnerability
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on...
CVE-2026-32175
Baja
Windows
CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-42825
Sin clasificar
Microsoft
ADV990001 Latest Servicing Stack Updates
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
Baja
Windows
CVE-2026-42896 Windows DWM Core Library Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42896
Baja
Dynamics
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42898
Baja
Microsoft
CVE-2026-42899 ASP.NET Core Denial of Service Vulnerability
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-42899
Baja
Microsoft Office
CVE-2026-33110 Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-33110
Baja
Microsoft Office
CVE-2026-33112 Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-33112
Baja
Azure
CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33833
Baja
Windows
CVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-33835
Baja
Windows
CVE-2026-33837 Windows TCP/IP Local Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-33837
Baja
Windows
CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
CVE-2026-33838
Baja
Windows
CVE-2026-34332 Windows Kernel-Mode Driver Remote Code Execution Vulnerability
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
CVE-2026-34332
Baja
Windows
CVE-2026-34334 Windows TCP/IP Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34334
Baja
Windows
CVE-2026-34336 Windows DWM Core Library Information Disclosure Vulnerability
Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-34336
Baja
Windows
CVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-34337
Baja
Windows
CVE-2026-34338 Windows Telephony Service Elevation of Privilege Vulnerability
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-34338
Baja
Windows
CVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
CVE-2026-34339
Baja
Windows
CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-34340
Baja
Windows
CVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability
Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
CVE-2026-34341
Baja
Microsoft Office
CVE-2026-40357 Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40357
Baja
Microsoft Office
CVE-2026-40358 Microsoft Office Remote Code Execution Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40358
Baja
Microsoft Office
CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40359
Baja
Microsoft Office
CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40361
Baja
Microsoft Office
CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40362
Baja
Microsoft Office
CVE-2026-40365 Microsoft SharePoint Server Remote Code Execution Vulnerability
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40365
Baja
Microsoft Office
CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40367
Baja
SQL Server
CVE-2026-40370 SQL Server Remote Code Execution Vulnerability
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-40370
Baja
Windows
CVE-2026-40369 Windows Kernel Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-40369
Baja
Windows
CVE-2026-40382 Windows Telephony Service Elevation of Privilege Vulnerability
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-40382
Baja
Windows
CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40397
Baja
Windows
CVE-2026-32209 Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
CVE-2026-32209
Baja
Windows
CVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-40398
Baja
Windows
CVE-2026-40401 Windows TCP/IP Denial of Service Vulnerability
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
CVE-2026-40401
Baja
Windows
CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
CVE-2026-40402
Baja
Windows
CVE-2026-40403 Windows Graphics Component Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2026-40403
Baja
Windows
CVE-2026-40413 Windows TCP/IP Denial of Service Vulnerability
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
CVE-2026-40413
Baja
Microsoft Office
CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-40418
Baja
Microsoft Office
CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-35436
Baja
Microsoft Office
CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-40420
Baja
Windows
CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-41086
Baja
Windows
CVE-2026-41097 Secure Boot Security Feature Bypass Vulnerability
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-41097
Baja
Azure
CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-40381
Baja
Microsoft
CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41103
Baja
Visual Studio
CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41613
Baja
Azure
CVE-2026-42823 Azure Logic Apps Elevation of Privilege Vulnerability
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-42823
Baja
Azure
CVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-42830
Baja
Microsoft Office
CVE-2026-42832 Microsoft Office Spoofing Vulnerability
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
CVE-2026-42832
Baja
Dynamics
CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42833
Baja
Windows
CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption
This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible.
The vulnerability assigned...
CVE-2025-54518
Baja
Microsoft
CVE-2026-42893 Microsoft Outlook for iOS Tampering Vulnerability
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.
CVE-2026-42893
Sin clasificar
Microsoft
CVE-2025-6965 Integer Truncation on SQLite
Boletin publicado por Microsoft Security Response Center.
CVE-2025-6965
Sin clasificar
Microsoft
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Information published.
CVE-2026-29181
Sin clasificar
Microsoft
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Information published.
CVE-2026-39882
Sin clasificar
Microsoft
CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue
Information published.
CVE-2026-43353
Sin clasificar
Microsoft
CVE-2026-43500 rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
Information published.
CVE-2026-43500
Sin clasificar
Windows
CVE-2026-20841 Windows Notepad App Remote Code Execution Vulnerability
Added FAQ information. This is an informational change only.
CVE-2026-20841
Sin clasificar
Microsoft
CVE-2026-32226 .NET Framework Denial of Service Vulnerability
This CVE has been updated to include additional Security Updates for .NET Framework
CVE-2026-32226
Sin clasificar
Microsoft
CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Information published.
CVE-2025-21825
Sin clasificar
Microsoft
CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
Information published.
CVE-2024-58089
Baja
Microsoft
CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP
Information published.
CVE-2025-21892
Sin clasificar
Microsoft
CVE-2025-21885 RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers
Information published.
CVE-2025-21885
Sin clasificar
Microsoft
CVE-2025-21833 iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
Information published.
CVE-2025-21833
Sin clasificar
Microsoft
CVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM type
Information published.
CVE-2025-21888
Sin clasificar
Microsoft
CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
Information published.
CVE-2025-21870
Sin clasificar
Microsoft
CVE-2026-23214 btrfs: reject new transactions if the fs is fully read-only
Information published.
CVE-2026-23214
Sin clasificar
Microsoft
CVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
Information published.
CVE-2026-23213
Sin clasificar
Microsoft
CVE-2025-71225 md: suspend array while updating raid_disks via sysfs
Information published.
CVE-2025-71225
Sin clasificar
Microsoft
CVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channels
Information published.
CVE-2025-71227
Sin clasificar
Microsoft
CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler
Information published.
CVE-2026-23207
Sin clasificar
Microsoft
CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().
Information published.
CVE-2025-40139
Sin clasificar
Microsoft
CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown
Information published.
CVE-2025-40146
Sin clasificar
Microsoft
CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().
Information published.
CVE-2025-40168
Sin clasificar
Microsoft
CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()
Information published.
CVE-2025-40170
Sin clasificar
Microsoft
CVE-2025-40158 ipv6: use RCU in ip6_output()
Information published.
CVE-2025-40158
Sin clasificar
Microsoft
CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
Information published.
CVE-2025-40180
Sin clasificar
Microsoft
CVE-2025-68201 drm/amdgpu: remove two invalid BUG_ON()s
Information published.
CVE-2025-68201
Sin clasificar
Microsoft
CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough
Information published.
CVE-2025-68230
Sin clasificar
Microsoft
CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition
Information published.
CVE-2025-68174
Sin clasificar
Microsoft
CVE-2025-40355 sysfs: check visibility before changing group attribute ownership
Information published.
CVE-2025-40355
Sin clasificar
Microsoft
CVE-2025-68209 mlx5: Fix default values in create CQ
Information published.
CVE-2025-68209
Sin clasificar
Microsoft
CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side
Information published.
CVE-2025-68304
Sin clasificar
Microsoft
CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work
Information published.
CVE-2025-68324
Sin clasificar
Microsoft
CVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irq
Information published.
CVE-2025-68338
Sin clasificar
Microsoft
CVE-2025-68736 landlock: Fix handling of disconnected directories
Information published.
CVE-2025-68736
Sin clasificar
Microsoft
CVE-2025-68745 scsi: qla2xxx: Clear cmds after chip reset
Information published.
CVE-2025-68745
Sin clasificar
Microsoft
CVE-2025-40289 drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
Information published.
CVE-2025-40289
Sin clasificar
Microsoft
CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved
Information published.
CVE-2025-40339
Sin clasificar
Microsoft
CVE-2025-68190 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()
Information published.
CVE-2025-68190
Sin clasificar
Microsoft
CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
Information published.
CVE-2025-68188
Sin clasificar
Microsoft
CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
Information published.
CVE-2025-68296
Sin clasificar
Microsoft
CVE-2025-68356 gfs2: Prevent recursive memory reclaim
Information published.
CVE-2025-68356
Baja
Microsoft
CVE-2025-68378 bpf: Fix stackmap overflow check in __bpf_get_stackid()
Information published.
CVE-2025-68378
Sin clasificar
Microsoft
CVE-2025-68374 md: fix rcu protection in md_wakeup_thread
Information published.
CVE-2025-68374
Sin clasificar
Microsoft
CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes
Information published.
CVE-2025-38041
Sin clasificar
Microsoft
CVE-2025-38029 kasan: avoid sleepable page allocation from atomic context
Information published.
CVE-2025-38029
Sin clasificar
Microsoft
CVE-2025-38064 virtio: break and reset virtio devices on device_shutdown()
Information published.
CVE-2025-38064
Sin clasificar
Microsoft
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work
Information published.
CVE-2025-68822
Sin clasificar
Microsoft
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
Information published.
CVE-2025-68768
Sin clasificar
Microsoft
CVE-2025-71072 shmem: fix recovery on rename failures
Information published.
CVE-2025-71072
Sin clasificar
Microsoft
CVE-2024-53201 drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
Information published.
CVE-2024-53201
Sin clasificar
Microsoft
CVE-2024-56647 net: Fix icmp host relookup triggering ip_rt_bug
Information published.
CVE-2024-56647
Sin clasificar
Microsoft
CVE-2024-53114 x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
Information published.
CVE-2024-53114
Sin clasificar
Microsoft
CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO
Information published.
CVE-2024-53219
Sin clasificar
Microsoft
CVE-2024-56712 udmabuf: fix memory leak on last export_udmabuf() error path
Information published.
CVE-2024-56712
Sin clasificar
Microsoft
CVE-2024-56591 Bluetooth: hci_conn: Use disable_delayed_work_sync
Information published.
CVE-2024-56591
Sin clasificar
Microsoft
CVE-2024-53133 drm/amd/display: Handle dml allocation failure to avoid crash
Information published.
CVE-2024-53133
Sin clasificar
Microsoft
CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string
Information published.
CVE-2025-38660
Sin clasificar
Microsoft
CVE-2025-38636 rv: Use strings in da monitors tracepoints
Information published.
CVE-2025-38636
Sin clasificar
Microsoft
CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields
Information published.
CVE-2025-38591
Sin clasificar
Microsoft
CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
Information published.
CVE-2025-38656
Media
Microsoft
CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
Information published.
CVE-2025-38585
Sin clasificar
Microsoft
CVE-2025-38584 padata: Fix pd UAF once and for all
Information published.
CVE-2025-38584
Sin clasificar
Microsoft
CVE-2023-52485 drm/amd/display: Wake DMCUB before sending a command
Information published.
CVE-2023-52485
Sin clasificar
Microsoft
CVE-2024-25740 A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
Information published.
CVE-2024-25740
Baja
Microsoft
CVE-2024-1151 Kernel: stack overflow problem in open vswitch kernel module leading to dos
Information published.
CVE-2024-1151
Sin clasificar
Microsoft
CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta
Information published.
CVE-2024-47702
Baja
Microsoft
CVE-2024-49888 bpf: Fix a sdiv overflow issue
Information published.
CVE-2024-49888
Sin clasificar
Microsoft
CVE-2024-47662 drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection
Information published.
CVE-2024-47662
Baja
Microsoft
CVE-2024-49940 l2tp: prevent possible tunnel refcount underflow
Information published.
CVE-2024-49940
Sin clasificar
Microsoft
CVE-2024-49932 btrfs: don't readahead the relocation inode on RST
Information published.
CVE-2024-49932
Sin clasificar
Microsoft
CVE-2024-49893 drm/amd/display: Check stream_status before it is used
Information published.
CVE-2024-49893
Sin clasificar
Microsoft
CVE-2024-49885 mm, slub: avoid zeroing kmalloc redzone
Information published.
CVE-2024-49885
Sin clasificar
Microsoft
CVE-2024-49972 drm/amd/display: Deallocate DML memory if allocation fails
Information published.
CVE-2024-49972
Sin clasificar
Microsoft
CVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structure
Information published.
CVE-2024-49945
Sin clasificar
Microsoft
CVE-2024-49920 drm/amd/display: Check null pointers before multiple uses
Information published.
CVE-2024-49920
Baja
Microsoft
CVE-2024-47661 drm/amd/display: Avoid overflow from uint32_t to uint8_t
Information published.
CVE-2024-47661
Sin clasificar
Microsoft
CVE-2024-49904 drm/amdgpu: add list empty check to avoid null pointer issue
Information published.
CVE-2024-49904
Sin clasificar
Microsoft
CVE-2024-50028 thermal: core: Reference count the zone in thermal_zone_get_by_id()
Information published.
CVE-2024-50028
Sin clasificar
Microsoft
CVE-2024-49922 drm/amd/display: Check null pointers before using them
Information published.
CVE-2024-49922
Sin clasificar
Microsoft
CVE-2024-46870 drm/amd/display: Disable DMCUB timeout for DCN35
Information published.
CVE-2024-46870
Sin clasificar
Microsoft
CVE-2024-49971 drm/amd/display: Increase array size of dummy_boolean
Information published.
CVE-2024-49971
Sin clasificar
Microsoft
CVE-2024-49921 drm/amd/display: Check null pointers before used
Information published.
CVE-2024-49921
Sin clasificar
Microsoft
CVE-2024-38608 net/mlx5e: Fix netif state handling
Information published.
CVE-2024-38608
Sin clasificar
Microsoft
CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port
Information published.
CVE-2024-38595
Baja
Microsoft
CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.
Information published.
CVE-2022-4543
Sin clasificar
Microsoft
CVE-2024-46834 ethtool: fail closed if we can't get max channel used in indirection tables
Information published.
CVE-2024-46834
Sin clasificar
Microsoft
CVE-2024-44951 serial: sc16is7xx: fix TX fifo corruption
Information published.
CVE-2024-44951
Sin clasificar
Microsoft
CVE-2024-46730 drm/amd/display: Ensure array index tg_inst won't be -1
Information published.
CVE-2024-46730
Sin clasificar
Microsoft
CVE-2024-46727 drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update
Information published.
CVE-2024-46727
Sin clasificar
Microsoft
CVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.
Information published.
CVE-2024-46754
Baja
Microsoft
CVE-2025-21976 fbdev: hyperv_fb: Allow graceful removal of framebuffer
Information published.
CVE-2025-21976
Sin clasificar
Microsoft
CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying
Information published.
CVE-2025-22113
Sin clasificar
Microsoft
CVE-2025-22108 bnxt_en: Mask the bd_cnt field in the TX BD properly
Information published.
CVE-2025-22108
Sin clasificar
Microsoft
CVE-2025-22070 fs/9p: fix NULL pointer dereference on mkdir
Information published.
CVE-2025-22070
Sin clasificar
Microsoft
CVE-2025-21961 eth: bnxt: fix truesize for mb-xdp-pass case
Information published.
CVE-2025-21961
Sin clasificar
Microsoft
CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses
Information published.
CVE-2025-21985
Sin clasificar
Microsoft
CVE-2025-22115 btrfs: fix block group refcount race in btrfs_create_pending_block_groups()
Information published.
CVE-2025-22115
Sin clasificar
Microsoft
CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
Information published.
CVE-2025-21927
Sin clasificar
Microsoft
CVE-2025-21949 LoongArch: Set hugetlb mmap base address aligned with pmd size
Information published.
CVE-2025-21949
Sin clasificar
Microsoft
CVE-2025-23131 dlm: prevent NPD when writing a positive value to event_done
Information published.
CVE-2025-23131
Sin clasificar
Microsoft
CVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folio
Information published.
CVE-2025-21907
Sin clasificar
Microsoft
CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
Information published.
CVE-2025-22124
Sin clasificar
Microsoft
CVE-2025-23135 RISC-V: KVM: Teardown riscv specific bits after kvm_exit
Information published.
CVE-2025-23135
Sin clasificar
Microsoft
CVE-2025-22109 ax25: Remove broken autobind
Information published.
CVE-2025-22109
Sin clasificar
Microsoft
CVE-2025-40325 md/raid10: wait barrier before returning discard request with REQ_NOWAIT
Information published.
CVE-2025-40325
Sin clasificar
Microsoft
CVE-2025-37860 sfc: fix NULL dereferences in ef100_process_design_param()
Information published.
CVE-2025-37860
Sin clasificar
Microsoft
CVE-2024-43901 drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401
Information published.
CVE-2024-43901
Sin clasificar
Microsoft
CVE-2024-43872 RDMA/hns: Fix soft lockup under heavy CEQE load
Information published.
CVE-2024-43872
Sin clasificar
Microsoft
CVE-2024-43819 kvm: s390: Reject memory region operations for ucontrol VMs
Information published.
CVE-2024-43819
Sin clasificar
Microsoft
CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed
Information published.
CVE-2024-42317
Sin clasificar
Microsoft
CVE-2025-38333 f2fs: fix to bail out in get_new_segment()
Information published.
CVE-2025-38333
Sin clasificar
Microsoft
CVE-2025-38359 s390/mm: Fix in_atomic() handling in do_secure_storage_access()
Information published.
CVE-2025-38359
Sin clasificar
Microsoft
CVE-2025-38264 nvme-tcp: sanitize request list handling
Information published.
CVE-2025-38264
Sin clasificar
Microsoft
CVE-2025-38303 Bluetooth: eir: Fix possible crashes on eir_create_adv_data
Information published.
CVE-2025-38303
Sin clasificar
Microsoft
CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping
Information published.
CVE-2025-38279
Sin clasificar
Microsoft
CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
Information published.
CVE-2025-38269
Sin clasificar
Microsoft
CVE-2025-38272 net: dsa: b53: do not enable EEE on bcm63xx
Information published.
CVE-2025-38272
Sin clasificar
Microsoft
CVE-2025-38311 iavf: get rid of the crit lock
Information published.
CVE-2025-38311
Sin clasificar
Microsoft
CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs
Information published.
CVE-2025-38140
Sin clasificar
Microsoft
CVE-2024-42107 ice: Don't process extts if PTP is disabled
Information published.
CVE-2024-42107
Sin clasificar
Microsoft
CVE-2024-42064 drm/amd/display: Skip pipe if the pipe idx not set properly
Information published.
CVE-2024-42064
Sin clasificar
Microsoft
CVE-2024-42065 drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
Information published.
CVE-2024-42065
Baja
Microsoft
CVE-2024-42066 drm/xe: Fix potential integer overflow in page size calculation
Information published.
CVE-2024-42066
Sin clasificar
Microsoft
CVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_free
Information published.
CVE-2024-41045
Sin clasificar
Microsoft
CVE-2024-42151 bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
Information published.
CVE-2024-42151
Sin clasificar
Microsoft
CVE-2024-41008 drm/amdgpu: change vm->task_info handling
Information published.
CVE-2024-41008
Sin clasificar
Microsoft
CVE-2024-41082 nvme-fabrics: use reserved tag for reg read/write command
Information published.
CVE-2024-41082
Sin clasificar
Microsoft
CVE-2024-42134 virtio-pci: Check if is_avq is NULL
Information published.
CVE-2024-42134
Sin clasificar
Microsoft
CVE-2024-40999 net: ena: Add validation for completion descriptors consistency
Information published.
CVE-2024-40999
Sin clasificar
Microsoft
CVE-2024-42118 drm/amd/display: Do not return negative stream id for array
Information published.
CVE-2024-42118
Sin clasificar
Microsoft
CVE-2024-39478 crypto: starfive - Do not free stack buffer
Information published.
CVE-2024-39478
Sin clasificar
Microsoft
CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly
Information published.
CVE-2024-41067
Sin clasificar
Microsoft
CVE-2024-42081 drm/xe/xe_devcoredump: Check NULL before assignments
Information published.
CVE-2024-42081
Sin clasificar
Microsoft
CVE-2024-53050 drm/i915/hdcp: Add encoder check in hdcp2_get_capability
Information published.
CVE-2024-53050
Sin clasificar
Microsoft
CVE-2024-53090 afs: Fix lock recursion
Information published.
CVE-2024-53090
Sin clasificar
Microsoft
CVE-2024-53089 LoongArch: KVM: Mark hrtimer to expire in hard interrupt context
Information published.
CVE-2024-53089
Sin clasificar
Microsoft
CVE-2024-50177 drm/amd/display: fix a UBSAN warning in DML2.1
Information published.
CVE-2024-50177
Sin clasificar
Microsoft
CVE-2024-50277 dm: fix a crash if blk_alloc_disk fails
Information published.
CVE-2024-50277
Sin clasificar
Microsoft
CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
Information published.
CVE-2024-50217
Media
Microsoft
CVE-2024-23848 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
Information published.
CVE-2024-23848
Sin clasificar
Microsoft
CVE-2025-21696 mm: clear uffd-wp PTE/PMD state on mremap()
Information published.
CVE-2025-21696
Sin clasificar
Microsoft
CVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
Information published.
CVE-2025-21768
Sin clasificar
Microsoft
CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash
Information published.
CVE-2024-57974
Sin clasificar
Microsoft
CVE-2025-21801 net: ravb: Fix missing rtnl lock in suspend/resume path
Information published.
CVE-2025-21801
Sin clasificar
Microsoft
CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed
Information published.
CVE-2024-57976
Sin clasificar
Microsoft
CVE-2025-21732 RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error
Information published.
CVE-2025-21732
Sin clasificar
Microsoft
CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool
Information published.
CVE-2025-21786
Sin clasificar
Microsoft
CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug
Information published.
CVE-2025-21693
Sin clasificar
Microsoft
CVE-2024-58006 PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()
Information published.
CVE-2024-58006
Sin clasificar
Microsoft
CVE-2025-21723 scsi: mpi3mr: Fix possible crash when setting up bsg fails
Information published.
CVE-2025-21723
Sin clasificar
Microsoft
CVE-2025-21714 RDMA/mlx5: Fix implicit ODP use after free
Information published.
CVE-2025-21714
Sin clasificar
Microsoft
CVE-2024-57872 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
Information published.
CVE-2024-57872
Sin clasificar
Microsoft
CVE-2024-56775 drm/amd/display: Fix handling of plane refcount
Information published.
CVE-2024-56775
Sin clasificar
Microsoft
CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap
Information published.
CVE-2024-57875
Sin clasificar
Microsoft
CVE-2024-41932 sched: fix warning in sched_setaffinity
Information published.
CVE-2024-41932
Sin clasificar
Microsoft
CVE-2024-57804 scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs
Information published.
CVE-2024-57804
Sin clasificar
Microsoft
CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up
Information published.
CVE-2024-57898
Sin clasificar
Microsoft
CVE-2025-21635 rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
Information published.
CVE-2025-21635
Sin clasificar
Microsoft
CVE-2025-21649 net: hns3: fix kernel crash when 1588 is sent on HIP08 devices
Information published.
CVE-2025-21649
Sin clasificar
Microsoft
CVE-2025-21634 cgroup/cpuset: remove kernfs active break
Information published.
CVE-2025-21634
Sin clasificar
Microsoft
CVE-2024-57809 PCI: imx6: Fix suspend/resume support on i.MX6QDL
Information published.
CVE-2024-57809
Sin clasificar
Microsoft
CVE-2024-56782 ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()
Information published.
CVE-2024-56782
Sin clasificar
Microsoft
CVE-2024-47794 bpf: Prevent tailcall infinite loop caused by freplace
Information published.
CVE-2024-47794
Sin clasificar
Microsoft
CVE-2024-57857 RDMA/siw: Remove direct link to net_device
Information published.
CVE-2024-57857
Sin clasificar
Microsoft
CVE-2025-21672 afs: Fix merge preference rule failure condition
Information published.
CVE-2025-21672
Sin clasificar
Microsoft
CVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
Information published.
CVE-2026-23468
Sin clasificar
Microsoft
CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()
Information published.
CVE-2026-31419
Sin clasificar
Microsoft
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Information published.
CVE-2026-31493
Sin clasificar
Microsoft
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Information published.
CVE-2026-31531
Sin clasificar
Microsoft
CVE-2026-31557 nvmet: move async event work off nvmet-wq
Information published.
CVE-2026-31557
Sin clasificar
Microsoft
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use
Information published.
CVE-2026-31606
Sin clasificar
Microsoft
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
Information published.
CVE-2026-31663
Sin clasificar
Microsoft
CVE-2026-31645 net: lan966x: fix page pool leak in error paths
Information published.
CVE-2026-31645
Sin clasificar
Microsoft
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction
Information published.
CVE-2026-31560
Sin clasificar
Microsoft
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory
Information published.
CVE-2026-31568
Sin clasificar
Microsoft
CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation
Information published.
CVE-2026-31575
Sin clasificar
Microsoft
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
Information published.
CVE-2026-31579
Sin clasificar
Microsoft
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output
Information published.
CVE-2026-31630
Sin clasificar
Microsoft
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Information published.
CVE-2026-31592
Sin clasificar
Microsoft
CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN
Information published.
CVE-2026-23472
Sin clasificar
Microsoft
CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex
Information published.
CVE-2026-31486
Sin clasificar
Microsoft
CVE-2026-31487 spi: use generic driver_override infrastructure
Information published.
CVE-2026-31487
Sin clasificar
Microsoft
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
Information published.
CVE-2026-31516
Sin clasificar
Microsoft
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation
Information published.
CVE-2026-31488
Sin clasificar
Microsoft
CVE-2026-31506 net: bcmasp: fix double free of WoL irq
Information published.
CVE-2026-31506
Media
Microsoft
CVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse case
Information published.
CVE-2026-31462
Sin clasificar
Microsoft
CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory
Information published.
CVE-2026-31440
Sin clasificar
Microsoft
CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
Information published.
CVE-2026-31505
Sin clasificar
Microsoft
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path
Information published.
CVE-2026-31489
Sin clasificar
Microsoft
CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes
Information published.
CVE-2026-31449
Sin clasificar
Microsoft
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Information published.
CVE-2026-31536
Sin clasificar
Microsoft
CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag
Information published.
CVE-2026-31574
Sin clasificar
Microsoft
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response
Information published.
CVE-2026-31613
Sin clasificar
Microsoft
CVE-2026-31677 crypto: af_alg - limit RX SG extraction by receive buffer budget
Information published.
CVE-2026-31677
Sin clasificar
Microsoft
CVE-2026-31688 driver core: enforce device_lock for driver_match_device()
Information published.
CVE-2026-31688
Sin clasificar
Microsoft
CVE-2026-31499 Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()
Information published.
CVE-2026-31499
Sin clasificar
Microsoft
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns
Information published.
CVE-2026-31692
Sin clasificar
Microsoft
CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements
Information published.
CVE-2026-23278
Sin clasificar
Microsoft
CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion
Information published.
CVE-2026-23272
Sin clasificar
Microsoft
CVE-2026-23276 net: add xmit recursion limit to tunnel xmit functions
Information published.
CVE-2026-23276
Sin clasificar
Microsoft
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz
Information published.
CVE-2026-23377
Sin clasificar
Microsoft
CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
Information published.
CVE-2026-23383
Sin clasificar
Microsoft
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
Information published.
CVE-2026-23371
Sin clasificar
Microsoft
CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.
Information published.
CVE-2026-23394
Sin clasificar
Microsoft
CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()
Information published.
CVE-2026-23240
Sin clasificar
Microsoft
CVE-2026-23247 tcp: secure_seq: add back ports to TS offset
Information published.
CVE-2026-23247
Sin clasificar
Microsoft
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
Information published.
CVE-2026-23361
Sin clasificar
Microsoft
CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()
Information published.
CVE-2026-23346
Sin clasificar
Microsoft
CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly
Information published.
CVE-2024-35808
Sin clasificar
Microsoft
CVE-2024-35931 drm/amdgpu: Skip do PCI error slot reset during RAS recovery
Information published.
CVE-2024-35931
Baja
Microsoft
CVE-2024-36024 drm/amd/display: Disable idle reallow as part of command/gpint execution
Information published.
CVE-2024-36024
Sin clasificar
Microsoft
CVE-2024-35794 dm-raid: really frozen sync_thread during suspend
Information published.
CVE-2024-35794
Sin clasificar
Microsoft
CVE-2025-37907 accel/ivpu: Fix locking order in ivpu_job_submit
Information published.
CVE-2025-37907
Sin clasificar
Microsoft
CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio
Information published.
CVE-2025-37834
Sin clasificar
Microsoft
CVE-2025-37870 drm/amd/display: prevent hang on link training fail
Information published.
CVE-2025-37870
Sin clasificar
Microsoft
CVE-2025-37877 iommu: Clear iommu-dma ops on cleanup
Information published.
CVE-2025-37877
Sin clasificar
Microsoft
CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
Information published.
CVE-2025-37826
Sin clasificar
Microsoft
CVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
Information published.
CVE-2025-37745
Sin clasificar
Microsoft
CVE-2025-37856 btrfs: harden block_group::bg_list against list_del() races
Information published.
CVE-2025-37856
Sin clasificar
Microsoft
CVE-2025-37882 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
Information published.
CVE-2025-37882
Sin clasificar
Microsoft
CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
Information published.
CVE-2025-37861
Sin clasificar
Microsoft
CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap
Information published.
CVE-2025-37807
Sin clasificar
Microsoft
CVE-2025-37747 perf: Fix hang while freeing sigtrap event
Information published.
CVE-2025-37747
Sin clasificar
Microsoft
CVE-2025-37750 smb: client: fix UAF in decryption with multichannel
Information published.
CVE-2025-37750
Sin clasificar
Microsoft
CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq
Information published.
CVE-2023-52586
Sin clasificar
Microsoft
CVE-2023-52624 drm/amd/display: Wake DMCUB before executing GPINT commands
Information published.
CVE-2023-52624
Sin clasificar
Microsoft
CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()
Information published.
CVE-2026-31706
Sin clasificar
Microsoft
CVE-2026-31723 usb: gadget: f_subset: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31723
Sin clasificar
Microsoft
CVE-2026-31724 usb: gadget: f_eem: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31724
Sin clasificar
Microsoft
CVE-2026-43036 net: use skb_header_pointer() for TCPv4 GSO frag_off check
Information published.
CVE-2026-43036
Sin clasificar
Microsoft
CVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()
Information published.
CVE-2026-31707
Sin clasificar
Microsoft
CVE-2026-43042 mpls: add seqcount to protect the platform_label{,s} pair
Information published.
CVE-2026-43042
Sin clasificar
Microsoft
CVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlers
Information published.
CVE-2026-31771
Sin clasificar
Microsoft
CVE-2026-43052 wifi: mac80211: check tdls flag in ieee80211_tdls_oper
Information published.
CVE-2026-43052
Sin clasificar
Microsoft
CVE-2026-31709 smb: client: validate the whole DACL before rewriting it in cifsacl
Information published.
CVE-2026-31709
Sin clasificar
Microsoft
CVE-2026-43010 bpf: Reject sleepable kprobe_multi programs at attach time
Information published.
CVE-2026-43010
Sin clasificar
Microsoft
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Information published.
CVE-2026-43248
Sin clasificar
Microsoft
CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex
Information published.
CVE-2026-43127
Sin clasificar
Microsoft
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Information published.
CVE-2026-43161
Sin clasificar
Microsoft
CVE-2026-43245 ntfs: ->d_compare() must not block
Information published.
CVE-2026-43245
Sin clasificar
Microsoft
CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference
Information published.
CVE-2026-43137
Sin clasificar
Microsoft
CVE-2026-43234 team: avoid NETDEV_CHANGEMTU event when unregistering slave
Information published.
CVE-2026-43234
Sin clasificar
Microsoft
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
Information published.
CVE-2026-43185
Sin clasificar
Microsoft
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Information published.
CVE-2025-71273
Sin clasificar
Microsoft
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Information published.
CVE-2026-43153
Sin clasificar
Microsoft
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Information published.
CVE-2026-43116
Sin clasificar
Microsoft
CVE-2026-43244 kcm: fix zero-frag skb in frag_list on partial sendmsg error
Information published.
CVE-2026-43244
Sin clasificar
Microsoft
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
Information published.
CVE-2025-71272
Sin clasificar
Microsoft
CVE-2026-43474 fs: init flags_valid before calling vfs_fileattr_get
Information published.
CVE-2026-43474
Sin clasificar
Microsoft
CVE-2025-71302 drm/panthor: fix for dma-fence safe access rules
Information published.
CVE-2025-71302
Sin clasificar
Microsoft
CVE-2026-43309 md raid: fix hang when stopping arrays with metadata through dm-raid
Information published.
CVE-2026-43309
Sin clasificar
Microsoft
CVE-2026-43320 drm/amd/display: Fix dsc eDP issue
Information published.
CVE-2026-43320
Sin clasificar
Microsoft
CVE-2026-43300 drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()
Information published.
CVE-2026-43300
Sin clasificar
Microsoft
CVE-2026-43306 bpf: crypto: Use the correct destructor kfunc type
Information published.
CVE-2026-43306
Sin clasificar
Microsoft
CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
Information published.
CVE-2026-43443
Sin clasificar
Microsoft
CVE-2026-43319 spi: spidev: fix lock inversion between spi_lock and buf_lock
Information published.
CVE-2026-43319
Sin clasificar
Microsoft
CVE-2026-43344 perf/x86/intel/uncore: Fix die ID init and look up bugs
Information published.
CVE-2026-43344
Sin clasificar
Microsoft
CVE-2026-43305 drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path
Information published.
CVE-2026-43305
Media
Microsoft
CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC
Information published.
CVE-2026-43310
Sin clasificar
Microsoft
CVE-2026-43400 drm/amdgpu: add upper bound check on user inputs in signal ioctl
Information published.
CVE-2026-43400
Sin clasificar
Microsoft
CVE-2026-43292 mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node
Information published.
CVE-2026-43292
Sin clasificar
Microsoft
CVE-2026-43398 drm/amdgpu: add upper bound check on user inputs in wait ioctl
Information published.
CVE-2026-43398
Sin clasificar
Microsoft
CVE-2026-43311 soc/tegra: pmc: Fix unsafe generic_handle_irq() call
Information published.
CVE-2026-43311
Sin clasificar
Microsoft
CVE-2026-43421 usb: gadget: f_ncm: Fix net_device lifecycle with device_move
Information published.
CVE-2026-43421
Sin clasificar
Microsoft
CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
Information published.
CVE-2026-43308
Sin clasificar
Microsoft
CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication
Information published.
CVE-2026-42256
Sin clasificar
Microsoft
CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing
Information published.
CVE-2026-42246
Sin clasificar
Microsoft
CVE-2026-45186
Information published.
CVE-2026-45186
Sin clasificar
Microsoft
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault
Information published.
CVE-2026-7261
Baja
Microsoft
CVE-2026-7568 Signed integer overflow in metaphone()
Information published.
CVE-2026-7568
Sin clasificar
Microsoft
CVE-2026-43053 xfs: close crash window in attr dabtree inactivation
Information published.
CVE-2026-43053
Sin clasificar
Microsoft
CVE-2026-43048 HID: core: Mitigate potential OOB by removing bogus memset()
Information published.
CVE-2026-43048
Sin clasificar
Microsoft
CVE-2026-31777 ALSA: ctxfi: Check the error for index mapping
Information published.
CVE-2026-31777
Sin clasificar
Microsoft
CVE-2026-31722 usb: gadget: f_rndis: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31722
Sin clasificar
Microsoft
CVE-2026-31725 usb: gadget: f_ecm: Fix net_device lifecycle with device_move
Information published.
CVE-2026-31725
Sin clasificar
Microsoft
CVE-2026-43049 HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure
Information published.
CVE-2026-43049
Sin clasificar
Microsoft
CVE-2026-31712 ksmbd: require minimum ACE size in smb_check_perm_dacl()
Information published.
CVE-2026-31712
Sin clasificar
Microsoft
CVE-2026-43019 Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
Information published.
CVE-2026-43019
Sin clasificar
Microsoft
CVE-2026-31729 usb: typec: ucsi: validate connector number in ucsi_notify_common()
Information published.
CVE-2026-31729
Sin clasificar
Microsoft
CVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision tracking
Information published.
CVE-2026-43009
Sin clasificar
Microsoft
CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
Information published.
CVE-2026-31715
Sin clasificar
Microsoft
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function
Information published.
CVE-2026-43073
Sin clasificar
Microsoft
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Information published.
CVE-2026-43125
Sin clasificar
Microsoft
CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams
Information published.
CVE-2026-43204
Sin clasificar
Microsoft
CVE-2026-43131 drm/amd/pm: Fix null pointer dereference issue
Information published.
CVE-2026-43131
Sin clasificar
Microsoft
CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints
Information published.
CVE-2026-43126
Sin clasificar
Microsoft
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Information published.
CVE-2026-43198
Sin clasificar
Microsoft
CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU
Information published.
CVE-2026-43115
Sin clasificar
Microsoft
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Information published.
CVE-2026-43172
Sin clasificar
Microsoft
CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels
Information published.
CVE-2025-71285
Sin clasificar
Microsoft
CVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminated
Information published.
CVE-2026-43197
Sin clasificar
Microsoft
CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay
Information published.
CVE-2026-43118
Sin clasificar
Microsoft
CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock
Information published.
CVE-2026-43109
Sin clasificar
Microsoft
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM
Information published.
CVE-2026-43129
Sin clasificar
Microsoft
CVE-2026-43258 alpha: fix user-space corruption during memory compaction
Information published.
CVE-2026-43258
Sin clasificar
Microsoft
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Information published.
CVE-2025-71289
Sin clasificar
Microsoft
CVE-2026-43107 xfrm: account XFRMA_IF_ID in aevent size calculation
Information published.
CVE-2026-43107
Sin clasificar
Microsoft
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Information published.
CVE-2026-43250
Sin clasificar
Microsoft
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet
Information published.
CVE-2026-43219
Sin clasificar
Microsoft
CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports
Information published.
CVE-2026-43088
Sin clasificar
Microsoft
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report
Information published.
CVE-2026-43213
Sin clasificar
Microsoft
CVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp()
Information published.
CVE-2026-43216
Sin clasificar
Microsoft
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Information published.
CVE-2026-43119
Sin clasificar
Microsoft
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Information published.
CVE-2026-43101
Sin clasificar
Microsoft
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Information published.
CVE-2026-43199
Sin clasificar
Microsoft
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Information published.
CVE-2026-43083
Sin clasificar
Microsoft
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Information published.
CVE-2026-31717
Sin clasificar
Microsoft
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger
Information published.
CVE-2026-31718
Sin clasificar
Microsoft
CVE-2026-43338 btrfs: reserve enough transaction items for qgroup ioctls
Information published.
CVE-2026-43338
Sin clasificar
Microsoft
CVE-2026-43318 drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify
Information published.
CVE-2026-43318
Sin clasificar
Microsoft
CVE-2026-43416 powerpc, perf: Check that current->mm is alive before getting user callchain
Information published.
CVE-2026-43416
Sin clasificar
Microsoft
CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue
Information published.
CVE-2026-43352
Sin clasificar
Microsoft
CVE-2026-43284 xfrm: esp: avoid in-place decrypt on shared skb frags
Information published.
CVE-2026-43284
Sin clasificar
Microsoft
CVE-2025-71299 spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing
Information published.
CVE-2025-71299
Sin clasificar
Microsoft
CVE-2026-43317 most: core: fix leak on early registration failure
Information published.
CVE-2026-43317
Sin clasificar
Microsoft
CVE-2026-43321 bpf: Properly mark live registers for indirect jumps
Information published.
CVE-2026-43321
Sin clasificar
Microsoft
CVE-2026-43456 bonding: fix type confusion in bond_setup_by_slave()
Information published.
CVE-2026-43456
Sin clasificar
Microsoft
CVE-2026-43298 drm/amdgpu: Skip vcn poison irq release on VF
Information published.
CVE-2026-43298
Sin clasificar
Microsoft
CVE-2026-43299 btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()
Information published.
CVE-2026-43299
Sin clasificar
Microsoft
CVE-2026-43294 drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels
Information published.
CVE-2026-43294
Sin clasificar
Microsoft
CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue
Information published.
CVE-2026-43353
Sin clasificar
Microsoft
CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands
Information published.
CVE-2026-42257
Sin clasificar
Microsoft
CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs
Information published.
CVE-2026-42258
Sin clasificar
Microsoft
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD
Information published.
CVE-2026-7258
Sin clasificar
Microsoft
CVE-2026-6722 Use-After-Free in SOAP using Apache map
Information published.
CVE-2026-6722
Sin clasificar
Microsoft
CVE-2026-6735 XSS within PHP-FPM status endpoint
Information published.
CVE-2026-6735
Sin clasificar
Microsoft
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing
Information published.
CVE-2026-7262
Sin clasificar
Microsoft
CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings
Information published.
CVE-2025-14179
Sin clasificar
Microsoft
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
Information published.
CVE-2026-7259
Sin clasificar
Microsoft
CVE-2025-39779 btrfs: subpage: keep TOWRITE tag until folio is cleaned
Information published.
CVE-2025-39779
Sin clasificar
Microsoft
CVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migration
Information published.
CVE-2025-39754
Sin clasificar
Microsoft
CVE-2025-39762 drm/amd/display: add null check
Information published.
CVE-2025-39762
Sin clasificar
Microsoft
CVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliable
Information published.
CVE-2025-39746
Sin clasificar
Microsoft
CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup
Information published.
CVE-2025-39747
Sin clasificar
Microsoft
CVE-2025-39789 crypto: x86/aegis - Add missing error checks
Information published.
CVE-2025-39789
Sin clasificar
Microsoft
CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer
Information published.
CVE-2025-39833
Sin clasificar
Microsoft
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
Information published.
CVE-2025-39850
Sin clasificar
Microsoft
CVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog
Information published.
CVE-2025-39859
Sin clasificar
Microsoft
CVE-2025-38705 drm/amd/pm: fix null pointer access
Information published.
CVE-2025-38705
Sin clasificar
Microsoft
CVE-2025-38722 habanalabs: fix UAF in export_dmabuf()
Information published.
CVE-2025-38722
Sin clasificar
Microsoft
CVE-2025-38717 net: kcm: Fix race condition in kcm_unattach()
Information published.
CVE-2025-38717
Sin clasificar
Microsoft
CVE-2025-39705 drm/amd/display: fix a Null pointer dereference vulnerability
Information published.
CVE-2025-39705
Sin clasificar
Microsoft
CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal
Information published.
CVE-2025-39677
Sin clasificar
Microsoft
CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
Information published.
CVE-2025-39707
Sin clasificar
Microsoft
CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown
Information published.
CVE-2025-39810
Sin clasificar
Microsoft
CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object
Information published.
CVE-2025-39851
Sin clasificar
Microsoft
CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart
Information published.
CVE-2025-39862
Sin clasificar
Microsoft
CVE-2024-58241 Bluetooth: hci_core: Disable works on hci_unregister_dev
Information published.
CVE-2024-58241
Sin clasificar
Microsoft
CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'
Information published.
CVE-2024-26672
Sin clasificar
Microsoft
CVE-2024-26757 md: Don't ignore read-only array in md_check_recovery()
Information published.
CVE-2024-26757
Sin clasificar
Microsoft
CVE-2024-26758 md: Don't ignore suspended array in md_check_recovery()
Information published.
CVE-2024-26758
Sin clasificar
Microsoft
CVE-2024-26756 md: Don't register sync_thread for reshape directly
Information published.
CVE-2024-26756
Sin clasificar
Microsoft
CVE-2024-26914 drm/amd/display: fix incorrect mpc_combine array size
Information published.
CVE-2024-26914
Sin clasificar
Microsoft
CVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi module
Information published.
CVE-2024-24856
Sin clasificar
Microsoft
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Information published.
CVE-2026-33814
Sin clasificar
Microsoft
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Information published.
CVE-2026-39823
Sin clasificar
Microsoft
CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals
Information published.
CVE-2026-41889
Baja
Microsoft
CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing
Information published.
CVE-2026-6664
Baja
Microsoft
CVE-2026-6665 PgBouncer buffer overflow in SCRAM
Information published.
CVE-2026-6665
Sin clasificar
Microsoft
CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command
Information published.
CVE-2026-6667
Sin clasificar
Microsoft
CVE-2026-6666 PgBouncer crash in kill_pool_logins_server_error
Information published.
CVE-2026-6666
Baja
Microsoft
CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading
Information published.
CVE-2026-45130
Sin clasificar
Microsoft
CVE-2026-44656 Vim: OS Command Injection via 'path' completion
Information published.
CVE-2026-44656
Sin clasificar
Microsoft
CVE-2026-33811 Crash when handling long CNAME response in net
Information published.
CVE-2026-33811
Sin clasificar
Microsoft
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Information published.
CVE-2026-39817
Baja
Microsoft
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Information published.
CVE-2026-39819
Sin clasificar
Microsoft
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Information published.
CVE-2026-39820
Sin clasificar
Microsoft
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Information published.
CVE-2026-39825
Sin clasificar
Microsoft
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Information published.
CVE-2026-39826
Sin clasificar
Windows
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Information published.
CVE-2026-39836
Sin clasificar
Microsoft
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Information published.
CVE-2026-42499
Sin clasificar
Microsoft
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Information published.
CVE-2026-42501
Baja
Microsoft
CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles
Information published.
CVE-2026-33079
Sin clasificar
Microsoft
CVE-2026-41526
Information published.
CVE-2026-41526
Baja
Microsoft
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
Information published.
CVE-2026-3832
Sin clasificar
Microsoft
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
Information published.
CVE-2026-4948
Sin clasificar
Microsoft
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Information published.
CVE-2026-6842
Sin clasificar
Microsoft
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Information published.
CVE-2026-3219
Sin clasificar
Microsoft
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
Information published.
CVE-2026-6843
Sin clasificar
Microsoft
CVE-2026-37457
Information published.
CVE-2026-37457
Sin clasificar
Microsoft
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Information published.
CVE-2026-43248
Sin clasificar
Microsoft
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Information published.
CVE-2026-43161
Sin clasificar
Microsoft
CVE-2026-43245 ntfs: ->d_compare() must not block
Information published.
CVE-2026-43245
Sin clasificar
Microsoft
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Information published.
CVE-2025-71273
Sin clasificar
Microsoft
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Information published.
CVE-2026-43153
Sin clasificar
Microsoft
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Information published.
CVE-2026-43116
Sin clasificar
Microsoft
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
Information published.
CVE-2026-41673
Sin clasificar
Microsoft
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Information published.
CVE-2026-43125
Sin clasificar
Microsoft
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Information published.
CVE-2026-43198
Sin clasificar
Microsoft
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Information published.
CVE-2026-43172
Sin clasificar
Microsoft
CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()
Information published.
CVE-2026-43274
Sin clasificar
Microsoft
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Information published.
CVE-2025-71289
Sin clasificar
Microsoft
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Information published.
CVE-2026-43250
Sin clasificar
Microsoft
CVE-2026-43195 drm/amdgpu: validate user queue size constraints
Information published.
CVE-2026-43195
Sin clasificar
Microsoft
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Information published.
CVE-2026-43119
Sin clasificar
Microsoft
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Information published.
CVE-2026-43101
Sin clasificar
Microsoft
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Information published.
CVE-2026-43199
Sin clasificar
Microsoft
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Information published.
CVE-2026-43083
Sin clasificar
Microsoft
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification
Information published.
CVE-2026-43869
Sin clasificar
Microsoft
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
Information published.
CVE-2026-41672
Sin clasificar
Microsoft
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization
Information published.
CVE-2026-41674
Sin clasificar
Microsoft
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization
Information published.
CVE-2026-41675
Baja
Microsoft
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Information published.
CVE-2026-25243
Sin clasificar
Microsoft
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Information published.
CVE-2026-31717
Baja
Microsoft
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
Information published.
CVE-2026-23631
Sin clasificar
Microsoft
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger
Information published.
CVE-2026-31718
Baja
Microsoft
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution
Information published.
CVE-2026-23479
Baja
Microsoft
CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution
Information published.
CVE-2026-25588
Baja
Microsoft
CVE-2026-25589 RedisBloom RESTORE invalid memory access may allow remote code execution
Information published.
CVE-2026-25589
Baja
Microsoft
CVE-2026-26164 M365 Copilot Information Disclosure Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26164
Baja
Microsoft
CVE-2026-26129 M365 Copilot Information Disclosure Vulnerability
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26129
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8021 Script injection in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8021
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8022 Inappropriate implementation in MHTML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8022
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8019 Insufficient policy enforcement in WebApp
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8019
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8018 Insufficient policy enforcement in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8018
Media
Microsoft Edge
Chromium: CVE-2026-8017 Side-channel information leakage in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8017
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8014 Inappropriate implementation in Preload
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8014
Media
Microsoft Edge
Chromium: CVE-2026-8015 Inappropriate implementation in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8015
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8016 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8016
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8013 Insufficient validation of untrusted input in FedCM
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8013
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8012 Inappropriate implementation in MHTML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8012
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8011 Insufficient policy enforcement in Search
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8011
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8010 Insufficient validation of untrusted input in SiteIsolation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8010
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8009 Inappropriate implementation in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8009
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8008 Inappropriate implementation in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8008
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8007 Insufficient validation of untrusted input in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8007
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8004 Insufficient policy enforcement in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8004
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8006 Insufficient policy enforcement in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8006
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8005 Insufficient validation of untrusted input in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8005
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8002 Use after free in Audio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8002
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8003 Insufficient validation of untrusted input in TabGroups
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8003
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8001 Use after free in Printing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8001
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-8000 Insufficient validation of untrusted input in ChromeDriver
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-8000
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7999 Inappropriate implementation in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7999
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7994 Inappropriate implementation in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7994
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7997 Insufficient validation of untrusted input in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7997
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7998 Insufficient validation of untrusted input in Dialog
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7998
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7995 Out of bounds read in AdFilter
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7995
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7996 Insufficient validation of untrusted input in SSL
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7996
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7991 Use after free in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7991
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7988 Type Confusion in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7988
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7990 Insufficient validation of untrusted input in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7990
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7992 Insufficient validation of untrusted input in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7992
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7989 Insufficient data validation in DataTransfer
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7989
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7987 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7987
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7982 Uninitialized Use in WebCodecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7982
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7983 Out of bounds read in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7983
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7986 Insufficient policy enforcement in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7986
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7984 Use after free in ReadingMode
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7984
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7985 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7985
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7981 Out of bounds read in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7981
Media
Microsoft Edge
Chromium: CVE-2026-7979 Inappropriate implementation in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7979
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7980 Use after free in WebAudio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7980
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7978 Inappropriate implementation in Companion
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7978
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7977 Inappropriate implementation in Canvas
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7977
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7976 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7976
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7975 Use after free in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7975
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7974 Use after free in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7974
Baja
Microsoft Edge
Chromium: CVE-2026-7973 Integer overflow in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7973
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7972 Uninitialized Use in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7972
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7971 Inappropriate implementation in ORB
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7971
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7970 Use after free in TopChrome
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7970
Baja
Microsoft Edge
Chromium: CVE-2026-7969 Integer overflow in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7969
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7968 Insufficient validation of untrusted input in CORS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7968
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7966 Insufficient validation of untrusted input in SiteIsolation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7966
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7967 Insufficient validation of untrusted input in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7967
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7965 Insufficient validation of untrusted input in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7965
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7964 Insufficient validation of untrusted input in FileSystem
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7964
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7963 Inappropriate implementation in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7963
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7962 Insufficient policy enforcement in DirectSockets
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7962
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7961 Insufficient validation of untrusted input in Permissions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7961
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7960 Race in Speech
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7960
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7959 Inappropriate implementation in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7959
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7958 Inappropriate implementation in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7958
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7956 Use after free in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7956
Media
Microsoft Edge
Chromium: CVE-2026-7957 Out of bounds write in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7957
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7955 Uninitialized Use in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7955
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7954 Race in Shared Storage
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7954
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7953 Insufficient validation of untrusted input in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7953
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7952 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7952
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7951 Out of bounds write in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7951
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7950 Out of bounds read and write in GFX
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7950
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7949 Out of bounds read in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7949
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7947 Insufficient validation of untrusted input in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7947
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7946 Insufficient policy enforcement in WebUI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7946
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7948 Race in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7948
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7945 Insufficient validation of untrusted input in COOP
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7945
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cache
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7944
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7943 Insufficient validation of untrusted input in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7943
Baja
Microsoft Edge
Chromium: CVE-2026-7942 Integer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7942
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7940 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7940
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7938 Use after free in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7938
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7939 Inappropriate implementation in SanitizerAPI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7939
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7937 Insufficient policy enforcement in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7937
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7934 Insufficient validation of untrusted input in Popup Blocker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7934
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7935 Inappropriate implementation in Speech
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7935
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7936 Object lifecycle issue in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7936
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7933 Out of bounds read in WebCodecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7933
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7932 Insufficient policy enforcement in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7932
Media
Microsoft Edge
Chromium: CVE-2026-7929 Use after free in MediaRecording
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7929
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7930 Insufficient validation of untrusted input in Cookies
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7930
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7928 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7928
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7926 Use after free in PresentationAPI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7926
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7927 Type Confusion in Runtime
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7927
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7925 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7925
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7922 Use after free in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7922
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7924 Uninitialized Use in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7924
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7921 Use after free in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7921
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7923 Out of bounds write in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7923
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7920 Use after free in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7920
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7919 Use after free in Aura
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7919
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7918 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7918
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7916 Insufficient data validation in InterestGroups
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7916
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7917 Use after free in Fullscreen
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7917
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7914 Type Confusion in Accessibility
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7914
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7910 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7910
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7911 Use after free in Aura
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7911
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7909 Inappropriate implementation in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7909
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7908 Use after free in Fullscreen
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7908
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7907 Use after free in DOM
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7907
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7906 Use after free in SVG
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7906
Baja
Microsoft Edge
Chromium: CVE-2026-7903 Integer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7903
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7904 Out of bounds read in Fonts
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7904
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7902 Out of bounds memory access in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7902
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7901 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7901
Baja
Microsoft Edge
Chromium: CVE-2026-7900 Heap buffer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7900
Baja
Dynamics
CVE-2026-33821 Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
CVE-2026-33821
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7899 Out of bounds read and write in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7899
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7898 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7898
Baja
Microsoft Edge
Chromium: CVE-2026-7896 Integer overflow in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more informa...
CVE-2026-7896
Baja
Azure
CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-41105
Baja
Microsoft Edge
CVE-2026-33111 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
CVE-2026-33111
Baja
Azure
CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-33109
Baja
Azure
CVE-2026-40379 Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-40379
Baja
Azure
CVE-2026-32207 Azure Machine Learning Notebook Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32207
Baja
Microsoft
CVE-2026-33823 Microsoft Team Events Portal Information Disclosure Vulnerability
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
CVE-2026-33823
Baja
Azure
CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-33844
Baja
Microsoft
CVE-2026-34327 Microsoft Partner Center Spoofing Vulnerability
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-34327
Baja
Azure
CVE-2026-35435 Azure AI Foundry Elevation of Privilege Vulnerability
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-35435
Baja
Azure
CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-35428
Baja
Azure
CVE-2026-42826 Azure DevOps Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
CVE-2026-42826
Sin clasificar
Microsoft
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
Information published.
CVE-2025-68768
Sin clasificar
Microsoft
CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver
Information published.
CVE-2026-28810
Sin clasificar
Microsoft
CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount
Information published.
CVE-2026-31455
Sin clasificar
Microsoft
CVE-2026-34318
Information published.
CVE-2026-34318
Sin clasificar
Microsoft
CVE-2026-34317
Information published.
CVE-2026-34317
Sin clasificar
Microsoft
CVE-2026-34319
Information published.
CVE-2026-34319
Sin clasificar
Microsoft
CVE-2026-33845 Gnutls: gnutls: denial of service via dtls zero-length fragment
Information published.
CVE-2026-33845
Sin clasificar
Microsoft
CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison
Information published.
CVE-2026-3833
Baja
Microsoft
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
Information published.
CVE-2026-3832
Sin clasificar
Microsoft
CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation
Information published.
CVE-2026-6383
Sin clasificar
Microsoft
CVE-2026-34875
Information published.
CVE-2026-34875
Sin clasificar
Microsoft
CVE-2026-34874
Information published.
CVE-2026-34874
Sin clasificar
Microsoft
CVE-2026-34876
Information published.
CVE-2026-34876
Sin clasificar
Microsoft
CVE-2026-25835
Information published.
CVE-2026-25835
Sin clasificar
Microsoft
CVE-2025-66442
Information published.
CVE-2025-66442
Sin clasificar
Microsoft
CVE-2026-34873
Information published.
CVE-2026-34873
Sin clasificar
Microsoft
CVE-2026-34871
Information published.
CVE-2026-34871
Sin clasificar
Microsoft
CVE-2026-34872
Information published.
CVE-2026-34872
Sin clasificar
Microsoft
CVE-2026-25834
Information published.
CVE-2026-25834
Sin clasificar
Microsoft
CVE-2026-25833
Information published.
CVE-2026-25833
Sin clasificar
Microsoft
CVE-2026-41082
Information published.
CVE-2026-41082
Sin clasificar
Microsoft
CVE-2026-33190 CoreDNS TSIG authentication bypass on encrypted DNS transports
Information published.
CVE-2026-33190
Sin clasificar
Microsoft
CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification
Information published.
CVE-2026-32936
Sin clasificar
Microsoft
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
Information published.
CVE-2026-35579
Sin clasificar
Azure
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Information published.
CVE-2026-42151
Baja
Microsoft
CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload
Information published.
CVE-2026-42154
Sin clasificar
Microsoft
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Information published.
CVE-2026-43248
Sin clasificar
Microsoft
CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex
Information published.
CVE-2026-43127
Sin clasificar
Microsoft
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Information published.
CVE-2026-43161
Sin clasificar
Microsoft
CVE-2026-43245 ntfs: ->d_compare() must not block
Information published.
CVE-2026-43245
Sin clasificar
Microsoft
CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference
Information published.
CVE-2026-43137
Sin clasificar
Microsoft
CVE-2026-43234 team: avoid NETDEV_CHANGEMTU event when unregistering slave
Information published.
CVE-2026-43234
Sin clasificar
Microsoft
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
Information published.
CVE-2026-43185
Sin clasificar
Microsoft
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Information published.
CVE-2025-71273
Sin clasificar
Microsoft
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Information published.
CVE-2026-43153
Sin clasificar
Microsoft
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Information published.
CVE-2026-43116
Sin clasificar
Microsoft
CVE-2026-43244 kcm: fix zero-frag skb in frag_list on partial sendmsg error
Information published.
CVE-2026-43244
Sin clasificar
Microsoft
CVE-2026-43191 drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35
Information published.
CVE-2026-43191
Sin clasificar
Microsoft
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
Information published.
CVE-2025-71272
Sin clasificar
Microsoft
CVE-2026-43964
Information published.
CVE-2026-43964
Sin clasificar
Microsoft
CVE-2026-33489 CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison
Information published.
CVE-2026-33489
Sin clasificar
Microsoft
CVE-2026-32934 CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service
Information published.
CVE-2026-32934
Sin clasificar
Microsoft
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function
Information published.
CVE-2026-43073
Sin clasificar
Microsoft
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Information published.
CVE-2026-43125
Sin clasificar
Microsoft
CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE
Information published.
CVE-2026-43176
Sin clasificar
Microsoft
CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams
Information published.
CVE-2026-43204
Sin clasificar
Microsoft
CVE-2026-43131 drm/amd/pm: Fix null pointer dereference issue
Information published.
CVE-2026-43131
Sin clasificar
Microsoft
CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints
Information published.
CVE-2026-43126
Sin clasificar
Microsoft
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Information published.
CVE-2026-43198
Sin clasificar
Microsoft
CVE-2025-71290 misc: ti_fpc202: fix a potential memory leak in probe function
Information published.
CVE-2025-71290
Sin clasificar
Microsoft
CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU
Information published.
CVE-2026-43115
Sin clasificar
Microsoft
CVE-2025-71293 drm/amdgpu/ras: Move ras data alloc before bad page check
Information published.
CVE-2025-71293
Sin clasificar
Microsoft
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Information published.
CVE-2026-43172
Sin clasificar
Microsoft
CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels
Information published.
CVE-2025-71285
Sin clasificar
Microsoft
CVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminated
Information published.
CVE-2026-43197
Sin clasificar
Microsoft
CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay
Information published.
CVE-2026-43118
Sin clasificar
Microsoft
CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock
Information published.
CVE-2026-43109
Sin clasificar
Microsoft
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM
Information published.
CVE-2026-43129
Sin clasificar
Microsoft
CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()
Information published.
CVE-2026-43274
Sin clasificar
Microsoft
CVE-2026-43258 alpha: fix user-space corruption during memory compaction
Information published.
CVE-2026-43258
Sin clasificar
Microsoft
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Information published.
CVE-2025-71289
Sin clasificar
Microsoft
CVE-2026-43107 xfrm: account XFRMA_IF_ID in aevent size calculation
Information published.
CVE-2026-43107
Sin clasificar
Microsoft
CVE-2026-43243 drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src
Information published.
CVE-2026-43243
Sin clasificar
Microsoft
CVE-2025-71294 drm/amdgpu: fix NULL pointer issue buffer funcs
Information published.
CVE-2025-71294
Sin clasificar
Microsoft
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Information published.
CVE-2026-43250
Sin clasificar
Microsoft
CVE-2026-43237 drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4
Information published.
CVE-2026-43237
Sin clasificar
Microsoft
CVE-2026-43201 APEI/GHES: ARM processor Error: don't go past allocated memory
Information published.
CVE-2026-43201
Sin clasificar
Microsoft
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet
Information published.
CVE-2026-43219
Sin clasificar
Microsoft
CVE-2026-43165 hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin
Information published.
CVE-2026-43165
Sin clasificar
Microsoft
CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports
Information published.
CVE-2026-43088
Sin clasificar
Microsoft
CVE-2026-43195 drm/amdgpu: validate user queue size constraints
Information published.
CVE-2026-43195
Sin clasificar
Microsoft
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report
Information published.
CVE-2026-43213
Sin clasificar
Microsoft
CVE-2026-43228 hfs: Replace BUG_ON with error handling for CNID count checks
Information published.
CVE-2026-43228
Sin clasificar
Microsoft
CVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp()
Information published.
CVE-2026-43216
Sin clasificar
Microsoft
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Information published.
CVE-2026-43119
Sin clasificar
Microsoft
CVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon tracking
Information published.
CVE-2026-43267
Sin clasificar
Microsoft
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Information published.
CVE-2026-43101
Sin clasificar
Microsoft
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Information published.
CVE-2026-43199
Sin clasificar
Microsoft
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Information published.
CVE-2026-43083
Sin clasificar
Microsoft
CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability
Information published.
CVE-2026-43870
Sin clasificar
Microsoft
CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
Information published.
CVE-2026-43868
CVE-2020-13949
Sin clasificar
Microsoft
CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line
Information published.
CVE-2026-33523
Sin clasificar
Microsoft
CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset
Information published.
CVE-2026-23918
Sin clasificar
Microsoft
CVE-2026-34059 Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()
Information published.
CVE-2026-34059
Sin clasificar
Microsoft
CVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)
Information published.
CVE-2026-34032
Sin clasificar
Microsoft
CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
Information published.
CVE-2026-24072
Sin clasificar
Microsoft
CVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack
Information published.
CVE-2026-33006
Sin clasificar
Microsoft
CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash
Information published.
CVE-2026-33007
Sin clasificar
Microsoft
CVE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crash
Information published.
CVE-2026-29169
Sin clasificar
Microsoft
CVE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP response
Information published.
CVE-2026-29168
Sin clasificar
Microsoft
CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions
Information published.
CVE-2026-33857
Baja
Microsoft
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
Information published.
CVE-2026-41066
Baja
Microsoft
CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling
Information published.
CVE-2026-33999
Sin clasificar
Microsoft
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup
Information published.
CVE-2026-41205
Sin clasificar
Microsoft
CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption
Information published.
CVE-2026-34001
Sin clasificar
Microsoft
CVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access
Information published.
CVE-2026-34003
Sin clasificar
Microsoft
CVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
Information published.
CVE-2026-43037
Baja
Microsoft
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Information published.
CVE-2026-7598
Sin clasificar
Microsoft
CVE-2026-43964
Information published.
CVE-2026-43964
Sin clasificar
Microsoft
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
Information published.
CVE-2026-27141
Sin clasificar
Microsoft
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
Information published.
CVE-2025-8224
Sin clasificar
Microsoft
CVE-2026-35469 SpdyStream: DOS on CRI
Information published.
CVE-2026-35469
Baja
Microsoft
CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions
Information published.
CVE-2026-28532
Sin clasificar
Microsoft
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Information published.
CVE-2026-6842
Sin clasificar
Microsoft
CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place
Information published.
CVE-2026-31431
Sin clasificar
Microsoft
CVE-2026-42798
Information published.
CVE-2026-42798
Baja
Microsoft
CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow
Information published.
CVE-2026-40170
Sin clasificar
Microsoft
CVE-2026-37457
Information published.
CVE-2026-37457
Baja
Microsoft
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Information published.
CVE-2026-7598
Baja
Microsoft
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
Information published.
CVE-2025-11083
Sin clasificar
Microsoft
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion
Information published.
CVE-2025-9403
Sin clasificar
Microsoft
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
Information published.
CVE-2025-8224
Sin clasificar
Microsoft
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Information published.
CVE-2026-34757
Sin clasificar
Microsoft
CVE-2026-37555
Information published.
CVE-2026-37555
Sin clasificar
Microsoft
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Information published.
CVE-2026-6842
Sin clasificar
Microsoft
CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place
Information published.
CVE-2026-31431
Sin clasificar
Microsoft
CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file
Information published.
CVE-2026-6845
Sin clasificar
Microsoft
CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing
Information published.
CVE-2026-6846
Sin clasificar
Microsoft
CVE-2026-30656
Information published.
CVE-2026-30656
Sin clasificar
Microsoft
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
Information published.
CVE-2026-6843
Baja
Microsoft
CVE-2017-20230 Storable versions before 3.05 for Perl has a stack overflow
Information published.
CVE-2017-20230
Baja
Microsoft
CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass
Information published.
CVE-2026-32148
Baja
Microsoft
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
Information published.
CVE-2025-11083
Baja
Microsoft
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Information published.
CVE-2026-7598
Media
Microsoft
CVE-2026-43058 media: vidtv: fix pass-by-value structs causing MSAN warnings
Information published.
CVE-2026-43058
Sin clasificar
Microsoft
CVE-2026-41080
Information published.
CVE-2026-41080
Sin clasificar
Microsoft
CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page
Information published.
CVE-2026-31602
Sin clasificar
Microsoft
CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write
Information published.
CVE-2026-31598
Sin clasificar
Microsoft
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()
Information published.
CVE-2026-31608
Baja
Microsoft
CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions
Information published.
CVE-2026-28532
Sin clasificar
Microsoft
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
Information published.
CVE-2026-4948
Sin clasificar
Microsoft
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
Information published.
CVE-2026-27456
Sin clasificar
Microsoft
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization
Information published.
CVE-2026-3184
Sin clasificar
Microsoft
CVE-2026-41080
Information published.
CVE-2026-41080
Sin clasificar
Microsoft
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use
Information published.
CVE-2026-31606
Sin clasificar
Microsoft
CVE-2026-31605 fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
Information published.
CVE-2026-31605
Media
Microsoft
CVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections
Information published.
CVE-2026-31599
Sin clasificar
Microsoft
CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page
Information published.
CVE-2026-31602
Sin clasificar
Microsoft
CVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc
Information published.
CVE-2026-31610
Sin clasificar
Microsoft
CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write
Information published.
CVE-2026-31598
Sin clasificar
Microsoft
CVE-2026-31603 staging: sm750fb: fix division by zero in ps_to_hz()
Information published.
CVE-2026-31603
Sin clasificar
Microsoft
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()
Information published.
CVE-2026-31608
Sin clasificar
Microsoft
CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]
Information published.
CVE-2026-31611
Sin clasificar
Microsoft
CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()
Information published.
CVE-2026-31612
Sin clasificar
Microsoft
CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
Information published.
CVE-2026-31597
Sin clasificar
Microsoft
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Information published.
CVE-2026-6357
Sin clasificar
Microsoft
CVE-2026-41607 Apache Thrift: C++ JSON OOB read
Information published.
CVE-2026-41607
Sin clasificar
Microsoft
CVE-2026-41636 Apache Thrift: Node.js skip() recursion
Information published.
CVE-2026-41636
Sin clasificar
Microsoft
CVE-2026-31533 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
Information published.
CVE-2026-31533
Sin clasificar
Microsoft
CVE-2026-41526
Information published.
CVE-2026-41526
Sin clasificar
Microsoft
CVE-2026-40356
Information published.
CVE-2026-40356
Sin clasificar
Windows
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
Information published.
CVE-2026-3087
Sin clasificar
Microsoft
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Information published.
CVE-2026-31478
Sin clasificar
Microsoft
CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()
Information published.
CVE-2026-31532
Sin clasificar
Microsoft
CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend
Information published.
CVE-2026-31596
Sin clasificar
Microsoft
CVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()
Information published.
CVE-2026-31609
Sin clasificar
Microsoft
CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field
Information published.
CVE-2026-6238
Sin clasificar
Microsoft
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.
Information published.
CVE-2025-48431
Baja
Microsoft
CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow
Information published.
CVE-2026-41602
Sin clasificar
Microsoft
CVE-2026-41604 Apache Thrift: Swift Range crash in skip()
Information published.
CVE-2026-41604
Baja
Microsoft
CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow
Information published.
CVE-2026-41605
Baja
Microsoft
CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow
Information published.
CVE-2026-41606
Sin clasificar
Microsoft
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns
Information published.
CVE-2026-31692
Sin clasificar
Microsoft
CVE-2026-40355
Information published.
CVE-2026-40355
Sin clasificar
Microsoft
CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds
Information published.
CVE-2026-3731
Sin clasificar
Microsoft
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Information published.
CVE-2026-0965
Sin clasificar
Microsoft
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Information published.
CVE-2026-25645
Sin clasificar
Microsoft
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Information published.
CVE-2026-0967
Baja
Microsoft
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Information published.
CVE-2026-0966
Sin clasificar
Microsoft
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Information published.
CVE-2026-0964
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7343 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7343
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7363 Use after free in Canvas
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7363
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7359 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7359
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7333 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7333
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7360 Insufficient validation of untrusted input in Compositing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7360
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7344 Use after free in Accessibility
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7344
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7358 Use after free in Animation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7358
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7334 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7334
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7357 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7357
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7356 Use after free in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7356
Baja
Microsoft Edge
Chromium: CVE-2026-7353 Heap buffer overflow in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7353
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7351 Race in MHTML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7351
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7354 Out of bounds read and write in Angle
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7354
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7349 Use after free in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7349
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7348 Use after free in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7348
Media
Microsoft Edge
Chromium: CVE-2026-7335 Use after free in media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7335
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7336 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7336
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7350 Use after free in WebMIDI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7350
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7345 Insufficient validation of untrusted input in Feedback
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7345
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7347 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7347
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7346 Inappropriate implementation in Tint
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7346
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7337 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7337
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7338 Use after free in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7338
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-7341 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7341
Baja
Microsoft Edge
Chromium: CVE-2026-7340 Integer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7340
Baja
Microsoft Edge
Chromium: CVE-2026-7339 Heap buffer overflow in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7339
Media
Microsoft Edge
Chromium: CVE-2026-7355 Use after free in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more informat...
CVE-2026-7355
Sin clasificar
Defender
CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability
Added FAQ information. This is an informational change only.
CVE-2026-33825
Baja
Microsoft
CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP
Information published.
CVE-2025-21892
Sin clasificar
Microsoft
CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
Information published.
CVE-2025-21870
Sin clasificar
Microsoft
CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking
Information published.
CVE-2026-24051
Sin clasificar
Microsoft
CVE-2026-21620 TFTP Path Traversal
Information published.
CVE-2026-21620
Baja
Microsoft
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve
Information published.
CVE-2026-25541
Sin clasificar
Microsoft
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference
Information published.
CVE-2025-15504
Baja
Microsoft
CVE-2022-2068 The c_rehash script allows command injection
Information published.
CVE-2022-2068
Sin clasificar
Microsoft
CVE-2019-1543 ChaCha20-Poly1305 with long nonces
Information published.
CVE-2019-1543
Baja
Microsoft
CVE-2019-1551 rsaz_512_sqr overflow bug on x86_64
Information published.
CVE-2019-1551
Sin clasificar
Microsoft
CVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_free
Information published.
CVE-2024-41045
Sin clasificar
Microsoft
CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly
Information published.
CVE-2024-41067
Sin clasificar
Microsoft
CVE-2017-3736
Information published.
CVE-2017-3736
Sin clasificar
Microsoft
CVE-2018-0734 Timing attack against DSA
Information published.
CVE-2018-0734
Sin clasificar
Microsoft
CVE-2018-0735 Timing attack against ECDSA signature generation
Information published.
CVE-2018-0735
Sin clasificar
Microsoft
CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash
Information published.
CVE-2024-57974
Sin clasificar
Microsoft
CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed
Information published.
CVE-2024-57976
Sin clasificar
Microsoft
CVE-2019-1547 ECDSA remote timing attack
Information published.
CVE-2019-1547
Sin clasificar
Microsoft
CVE-2019-1549 Fork Protection
Information published.
CVE-2019-1549
Sin clasificar
Microsoft
CVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
Information published.
CVE-2019-1563
Sin clasificar
Microsoft
CVE-2024-41932 sched: fix warning in sched_setaffinity
Information published.
CVE-2024-41932
Sin clasificar
Microsoft
CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)
Information published.
CVE-2026-34978
Sin clasificar
Microsoft
CVE-2026-31410 ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION
Information published.
CVE-2026-31410
Baja
Microsoft
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Information published.
CVE-2026-31789
Sin clasificar
Microsoft
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
CVE-2026-28387
Sin clasificar
Microsoft
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Information published.
CVE-2026-28388
Sin clasificar
Microsoft
CVE-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
Information published.
CVE-2026-35206
Baja
Microsoft
CVE-2026-5448 1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore
Information published.
CVE-2026-5448
Baja
Microsoft
CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.
Information published.
CVE-2026-5778
Sin clasificar
Microsoft
CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3
Information published.
CVE-2026-5460
Sin clasificar
Microsoft
CVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse
Information published.
CVE-2026-5446
Sin clasificar
Microsoft
CVE-2026-31476 ksmbd: do not expire session on binding failure
Information published.
CVE-2026-31476
Sin clasificar
Microsoft
CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()
Information published.
CVE-2026-31464
Sin clasificar
Microsoft
CVE-2026-31432 ksmbd: fix OOB write in QUERY_INFO for compound requests
Information published.
CVE-2026-31432
Sin clasificar
Microsoft
CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports
Information published.
CVE-2026-31502
Sin clasificar
Microsoft
CVE-2026-31495 netfilter: ctnetlink: use netlink policy range checks
Information published.
CVE-2026-31495
Sin clasificar
Microsoft
CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()
Information published.
CVE-2026-31477
Sin clasificar
Microsoft
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()
Information published.
CVE-2026-31530
Sin clasificar
Microsoft
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
Information published.
CVE-2026-31480
Sin clasificar
Microsoft
CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
Information published.
CVE-2026-31512
Sin clasificar
Microsoft
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Information published.
CVE-2026-31493
Sin clasificar
Microsoft
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds
Information published.
CVE-2026-31521
Baja
Microsoft
CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()
Information published.
CVE-2026-41445
Sin clasificar
Microsoft
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Information published.
CVE-2026-31531
Sin clasificar
Microsoft
CVE-2026-41988
Information published.
CVE-2026-41988
Sin clasificar
Microsoft
CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup
Information published.
CVE-2026-31619
Sin clasificar
Microsoft
CVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION
Information published.
CVE-2026-31590
Sin clasificar
Microsoft
CVE-2026-31618 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
Information published.
CVE-2026-31618
Sin clasificar
Microsoft
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
Information published.
CVE-2026-31617
Sin clasificar
Microsoft
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift
Information published.
CVE-2026-31624
Sin clasificar
Microsoft
CVE-2026-23422 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler
Information published.
CVE-2026-23422
Sin clasificar
Microsoft
CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
Information published.
CVE-2026-31626
Sin clasificar
Microsoft
CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers
Information published.
CVE-2026-31615
Sin clasificar
Microsoft
CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits
Information published.
CVE-2026-31537
Baja
Microsoft
CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
Information published.
CVE-2026-41676
Sin clasificar
Microsoft
CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap
Information published.
CVE-2026-41678
Sin clasificar
Microsoft
CVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crash
Information published.
CVE-2026-31580
Sin clasificar
Microsoft
CVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check
Information published.
CVE-2026-41681
Sin clasificar
Microsoft
CVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checks
Information published.
CVE-2026-31629
Sin clasificar
Microsoft
CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established
Information published.
CVE-2026-31669
Media
Microsoft
CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
Information published.
CVE-2026-31576
Sin clasificar
Microsoft
CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
Information published.
CVE-2026-31586
Sin clasificar
Microsoft
CVE-2026-31622 NFC: digital: Bounds check NFC-A cascade depth in SDD response handler
Information published.
CVE-2026-31622
Sin clasificar
Microsoft
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Information published.
CVE-2026-31592
Sin clasificar
Microsoft
CVE-2026-31686 mm/kasan: fix double free for kasan pXds
Information published.
CVE-2026-31686
Sin clasificar
Microsoft
CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer
Information published.
CVE-2026-41898
Baja
Microsoft
CVE-2026-31545 NFC: nxp-nci: allow GPIOs to sleep
Information published.
CVE-2026-31545
Sin clasificar
Microsoft
CVE-2026-31546 net: bonding: fix NULL deref in bond_debug_rlb_hash_show
Information published.
CVE-2026-31546
Sin clasificar
Microsoft
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Information published.
CVE-2026-6357
Sin clasificar
Microsoft
CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification
Information published.
CVE-2026-41603
Sin clasificar
Microsoft
CVE-2026-41607 Apache Thrift: C++ JSON OOB read
Information published.
CVE-2026-41607
Sin clasificar
Microsoft
CVE-2026-41636 Apache Thrift: Node.js skip() recursion
Information published.
CVE-2026-41636
Sin clasificar
Microsoft
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Information published.
CVE-2026-28389
Sin clasificar
Microsoft
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
CVE-2026-28390
Sin clasificar
Microsoft
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Information published.
CVE-2026-32288
Sin clasificar
Microsoft
CVE-2026-32281 Inefficient policy validation in crypto/x509
Information published.
CVE-2026-32281
Sin clasificar
Microsoft
CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template
Information published.
CVE-2026-32289
Sin clasificar
Microsoft
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
Information published.
CVE-2026-32283
Baja
Microsoft
CVE-2026-34477 Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass
Information published.
CVE-2026-34477
Sin clasificar
Microsoft
CVE-2026-31420 bridge: mrp: reject zero test interval to avoid OOM panic
Information published.
CVE-2026-31420
Sin clasificar
Microsoft
CVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS
Information published.
CVE-2026-5393
Sin clasificar
Microsoft
CVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext Recovery
Information published.
CVE-2026-5504
Sin clasificar
Microsoft
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer
Information published.
CVE-2026-5507
Sin clasificar
Microsoft
CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName
Information published.
CVE-2026-5503
Baja
Microsoft
CVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OID
Information published.
CVE-2026-5295
Baja
Microsoft
CVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSL
Information published.
CVE-2026-5188
Baja
Microsoft
CVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier
Information published.
CVE-2026-5447
Sin clasificar
Microsoft
CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation
Information published.
CVE-2026-5772
Sin clasificar
Microsoft
CVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streaming
Information published.
CVE-2026-5392
Sin clasificar
Microsoft
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Information published.
CVE-2026-1502
Sin clasificar
Microsoft
CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
Information published.
CVE-2026-34481
Sin clasificar
Microsoft
CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters
Information published.
CVE-2026-34479
Sin clasificar
Microsoft
CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
Information published.
CVE-2026-34480
Sin clasificar
Microsoft
CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head
Information published.
CVE-2026-31429
Sin clasificar
Microsoft
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Information published.
CVE-2026-3219
Sin clasificar
Microsoft
CVE-2026-31524 HID: asus: avoid memory leak in asus_report_fixup()
Information published.
CVE-2026-31524
Sin clasificar
Microsoft
CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex
Information published.
CVE-2026-31486
Sin clasificar
Microsoft
CVE-2026-31487 spi: use generic driver_override infrastructure
Information published.
CVE-2026-31487
Sin clasificar
Microsoft
CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc
Information published.
CVE-2026-31496
Sin clasificar
Microsoft
CVE-2026-31515 af_key: validate families in pfkey_send_migrate()
Information published.
CVE-2026-31515
Sin clasificar
Microsoft
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
Information published.
CVE-2026-31516
Sin clasificar
Microsoft
CVE-2026-31527 driver core: platform: use generic driver_override infrastructure
Information published.
CVE-2026-31527
Sin clasificar
Microsoft
CVE-2026-31504 net: fix fanout UAF in packet_release() via NETDEV_UP race
Information published.
CVE-2026-31504
Sin clasificar
Microsoft
CVE-2026-31523 nvme-pci: ensure we're polling a polled queue
Information published.
CVE-2026-31523
Sin clasificar
Microsoft
CVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indices
Information published.
CVE-2026-31497
Sin clasificar
Microsoft
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path
Information published.
CVE-2026-31489
Sin clasificar
Microsoft
CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb
Information published.
CVE-2026-31510
Sin clasificar
Microsoft
CVE-2026-31482 s390/entry: Scrub r12 register on kernel entry
Information published.
CVE-2026-31482
Sin clasificar
Microsoft
CVE-2026-31518 esp: fix skb leak with espintcp and async crypto
Information published.
CVE-2026-31518
Sin clasificar
Microsoft
CVE-2026-31519 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create
Information published.
CVE-2026-31519
Sin clasificar
Microsoft
CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests
Information published.
CVE-2026-31433
Sin clasificar
Microsoft
CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)
Information published.
CVE-2026-31485
Sin clasificar
Microsoft
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
Information published.
CVE-2026-31483
Sin clasificar
Microsoft
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
Information published.
CVE-2026-31507
Sin clasificar
Microsoft
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
Information published.
CVE-2026-31500
Sin clasificar
Microsoft
CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
Information published.
CVE-2026-31522
Sin clasificar
Microsoft
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Information published.
CVE-2026-31478
Sin clasificar
Microsoft
CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device
Information published.
CVE-2026-31509
Sin clasificar
Microsoft
CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2
Information published.
CVE-2026-31503
Sin clasificar
Microsoft
CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop
Information published.
CVE-2026-31498
Sin clasificar
Microsoft
CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it
Information published.
CVE-2026-31492
Sin clasificar
Microsoft
CVE-2026-31494 net: macb: use the current queue number for stats
Information published.
CVE-2026-31494
Sin clasificar
Microsoft
CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input
Information published.
CVE-2026-6409
Sin clasificar
Microsoft
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
Information published.
CVE-2026-5187
Sin clasificar
Microsoft
CVE-2026-23428 ksmbd: fix use-after-free of share_conf in compound request
Information published.
CVE-2026-23428
Sin clasificar
Microsoft
CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable
Information published.
CVE-2025-13763
Sin clasificar
Microsoft
CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()
Information published.
CVE-2026-31607
Sin clasificar
Microsoft
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Information published.
CVE-2026-31536
Media
Microsoft
CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()
Information published.
CVE-2026-31583
Sin clasificar
Microsoft
CVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnect
Information published.
CVE-2026-31581
Media
Microsoft
CVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failure
Information published.
CVE-2026-31585
Baja
Microsoft
CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
Information published.
CVE-2026-31623
Sin clasificar
Microsoft
CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length
Information published.
CVE-2026-41677
Baja
Microsoft
CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()
Information published.
CVE-2026-31616
Sin clasificar
Microsoft
CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect
Information published.
CVE-2026-31582
Sin clasificar
Microsoft
CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values
Information published.
CVE-2026-31588
Sin clasificar
Microsoft
CVE-2026-41305 PostCSS has XSS via Unescaped in its CSS Stringify Output
Information published.
CVE-2026-41305
Sin clasificar
Windows
CVE-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes
Information published.
CVE-2026-3298
Media
Microsoft
CVE-2026-31584 media: mediatek: vcodec: fix use-after-free in encoder release path
Information published.
CVE-2026-31584
Baja
Microsoft
CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path
Information published.
CVE-2026-5435
Sin clasificar
Microsoft
CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers
Information published.
CVE-2026-2708
Sin clasificar
Microsoft
CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document
Information published.
CVE-2026-6732
Sin clasificar
Microsoft
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters
Information published.
CVE-2026-6019
Sin clasificar
Microsoft
CVE-2026-31508 net: openvswitch: Avoid releasing netdev before teardown completes
Information published.
CVE-2026-31508
Sin clasificar
Microsoft
CVE-2026-31540 drm/i915/gt: Check set_default_submission() before deferencing
Information published.
CVE-2026-31540
Sin clasificar
Microsoft
CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field
Information published.
CVE-2026-6238
Sin clasificar
Microsoft
CVE-2026-31499 Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()
Information published.
CVE-2026-31499
Sin clasificar
Microsoft
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.
Information published.
CVE-2025-48431
Baja
Microsoft
CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow
Information published.
CVE-2026-41602
Sin clasificar
Microsoft
CVE-2026-41604 Apache Thrift: Swift Range crash in skip()
Information published.
CVE-2026-41604
Baja
Microsoft
CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow
Information published.
CVE-2026-41605
Baja
Microsoft
CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow
Information published.
CVE-2026-41606
Sin clasificar
Microsoft
CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly
Information published.
CVE-2024-35808
Sin clasificar
Microsoft
CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio
Information published.
CVE-2025-37834
Baja
Microsoft
CVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path
Information published.
CVE-2026-4395
Baja
Microsoft
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path
Information published.
CVE-2026-1005
Sin clasificar
Microsoft
CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior
Information published.
CVE-2026-23378
Sin clasificar
Microsoft
CVE-2025-66037 OpenSC: Out of Bounds vulnerability
Information published.
CVE-2025-66037
Sin clasificar
Microsoft
CVE-2025-69648
Information published.
CVE-2025-69648
Sin clasificar
Microsoft
CVE-2026-32776
Information published.
CVE-2026-32776
Sin clasificar
Microsoft
CVE-2026-32778
Information published.
CVE-2026-32778
Sin clasificar
Microsoft
CVE-2026-32777
Information published.
CVE-2026-32777
Sin clasificar
Microsoft
CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read
Information published.
CVE-2026-4159
Sin clasificar
Microsoft
CVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V
Information published.
CVE-2026-3580
Baja
Microsoft
CVE-2026-3229 Integer Overflow in Certificate Chain Allocation
Information published.
CVE-2026-3229
Sin clasificar
Microsoft
CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown
Information published.
CVE-2026-23372
Sin clasificar
Microsoft
CVE-2026-23364 ksmbd: Compare MACs in constant time
Information published.
CVE-2026-23364
Sin clasificar
Microsoft
CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion
Information published.
CVE-2026-23393
Sin clasificar
Microsoft
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers
Information published.
CVE-2026-33542
Sin clasificar
Microsoft
CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection
Information published.
CVE-2026-33916
Baja
Microsoft
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Information published.
CVE-2025-49010
Baja
Microsoft
CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur
Information published.
CVE-2025-66215
Sin clasificar
Microsoft
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Information published.
CVE-2025-66038
Sin clasificar
Microsoft
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
Information published.
CVE-2026-34043
Sin clasificar
Microsoft
CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters
Information published.
CVE-2026-2100
Sin clasificar
Microsoft
CVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer names
Information published.
CVE-2026-34073
Sin clasificar
Microsoft
CVE-2017-3731 Truncated packet could crash via OOB read
Information published.
CVE-2017-3731
Sin clasificar
Windows
CVE-2026-21246 Windows Graphics Component Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-21246
Sin clasificar
Microsoft
CVE-2026-22701 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock
Information published.
CVE-2026-22701
Sin clasificar
Microsoft
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
Information published.
CVE-2026-27141
Sin clasificar
Microsoft
CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking
Information published.
CVE-2026-24051
Sin clasificar
Microsoft
CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure
Information published.
CVE-2026-2443
Baja
Microsoft
CVE-2022-2068 The c_rehash script allows command injection
Information published.
CVE-2022-2068
Baja
Microsoft
CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation
Information published.
CVE-2025-68146
Sin clasificar
Microsoft
CVE-2017-3735
Information published.
CVE-2017-3735
Sin clasificar
Microsoft
CVE-2017-3736
Information published.
CVE-2017-3736
Sin clasificar
Microsoft
CVE-2018-0734 Timing attack against DSA
Information published.
CVE-2018-0734
Sin clasificar
Microsoft
CVE-2018-0735 Timing attack against ECDSA signature generation
Information published.
CVE-2018-0735
Sin clasificar
Microsoft
CVE-2019-1547 ECDSA remote timing attack
Information published.
CVE-2019-1547
Sin clasificar
Microsoft
CVE-2019-1549 Fork Protection
Information published.
CVE-2019-1549
Sin clasificar
Microsoft
CVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
Information published.
CVE-2019-1563
Sin clasificar
Microsoft
CVE-2026-34591 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write
Information published.
CVE-2026-34591
Sin clasificar
Microsoft
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Information published.
CVE-2026-29181
Sin clasificar
Microsoft
CVE-2026-31476 ksmbd: do not expire session on binding failure
Information published.
CVE-2026-31476
Sin clasificar
Microsoft
CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()
Information published.
CVE-2026-31477
Sin clasificar
Microsoft
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
Information published.
CVE-2026-31480
Sin clasificar
Microsoft
CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup
Information published.
CVE-2026-31619
Sin clasificar
Microsoft
CVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users
Information published.
CVE-2026-41079
Sin clasificar
Microsoft
CVE-2026-31557 nvmet: move async event work off nvmet-wq
Information published.
CVE-2026-31557
Sin clasificar
Microsoft
CVE-2026-31667 Input: uinput - fix circular locking dependency with ff-core
Information published.
CVE-2026-31667
Sin clasificar
Microsoft
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
Information published.
CVE-2026-31617
Sin clasificar
Microsoft
CVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytes
Information published.
CVE-2026-31660
Sin clasificar
Microsoft
CVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
Information published.
CVE-2026-31566
Sin clasificar
Microsoft
CVE-2026-31637 rxrpc: reject undecryptable rxkad response tickets
Information published.
CVE-2026-31637
Sin clasificar
Microsoft
CVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()
Information published.
CVE-2026-31570
Sin clasificar
Microsoft
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift
Information published.
CVE-2026-31624
Sin clasificar
Microsoft
CVE-2026-31651 mmc: vub300: fix NULL-deref on disconnect
Information published.
CVE-2026-31651
Sin clasificar
Microsoft
CVE-2026-31672 wifi: rt2x00usb: fix devres lifetime
Information published.
CVE-2026-31672
Sin clasificar
Microsoft
CVE-2026-31565 RDMA/irdma: Fix deadlock during netdev reset with active connections
Information published.
CVE-2026-31565
Sin clasificar
Microsoft
CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
Information published.
CVE-2026-31626
Sin clasificar
Microsoft
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
Information published.
CVE-2026-31663
Baja
Microsoft
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
Information published.
CVE-2026-41066
Sin clasificar
Microsoft
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames
Information published.
CVE-2026-41411
Sin clasificar
Microsoft
CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits
Information published.
CVE-2026-31537
Sin clasificar
Microsoft
CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]
Information published.
CVE-2026-31611
Sin clasificar
Microsoft
CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT
Information published.
CVE-2026-32147
Sin clasificar
Microsoft
CVE-2026-31627 i2c: s3c24xx: check the size of the SMBUS message before using it
Information published.
CVE-2026-31627
Sin clasificar
Microsoft
CVE-2026-31671 xfrm_user: fix info leak in build_report()
Information published.
CVE-2026-31671
Sin clasificar
Microsoft
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction
Information published.
CVE-2026-31560
Sin clasificar
Microsoft
CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()
Information published.
CVE-2026-31612
Sin clasificar
Microsoft
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory
Information published.
CVE-2026-31568
Sin clasificar
Microsoft
CVE-2026-31587 ASoC: qcom: q6apm: move component registration to unmanaged version
Information published.
CVE-2026-31587
Sin clasificar
Microsoft
CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation
Information published.
CVE-2026-31575
Baja
Microsoft
CVE-2026-31662 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
Information published.
CVE-2026-31662
Sin clasificar
Microsoft
CVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crash
Information published.
CVE-2026-31580
Sin clasificar
Microsoft
CVE-2026-31657 batman-adv: hold claim backbone gateways by reference
Information published.
CVE-2026-31657
Sin clasificar
Microsoft
CVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checks
Information published.
CVE-2026-31629
Sin clasificar
Microsoft
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
Information published.
CVE-2026-31579
Sin clasificar
Microsoft
CVE-2026-31628 x86/CPU: Fix FPDSS on Zen1
Information published.
CVE-2026-31628
Sin clasificar
Microsoft
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output
Information published.
CVE-2026-31630
Baja
Microsoft
CVE-2026-31649 net: stmmac: fix integer underflow in chain mode
Information published.
CVE-2026-31649
Sin clasificar
Microsoft
CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established
Information published.
CVE-2026-31669
Media
Microsoft
CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
Information published.
CVE-2026-31576
Sin clasificar
Microsoft
CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
Information published.
CVE-2026-31586
Media
Microsoft
CVE-2026-31578 media: as102: fix to not free memory after the device is registered in as102_usb_probe()
Information published.
CVE-2026-31578
Sin clasificar
Microsoft
CVE-2026-31682 bridge: br_nd_send: linearize skb before parsing ND options
Information published.
CVE-2026-31682
Sin clasificar
Microsoft
CVE-2026-31659 batman-adv: reject oversized global TT response buffers
Information published.
CVE-2026-31659
Sin clasificar
Microsoft
CVE-2026-31625 HID: alps: fix NULL pointer dereference in alps_raw_event()
Information published.
CVE-2026-31625
Sin clasificar
Microsoft
CVE-2026-31679 openvswitch: validate MPLS set/set_masked payload length
Information published.
CVE-2026-31679
Sin clasificar
Microsoft
CVE-2026-31674 netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()
Information published.
CVE-2026-31674
Sin clasificar
Microsoft
CVE-2026-31664 xfrm: clear trailing padding in build_polexpire()
Information published.
CVE-2026-31664
Sin clasificar
Microsoft
CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
Information published.
CVE-2026-31597
Sin clasificar
Microsoft
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Information published.
CVE-2026-31592
Baja
Microsoft
CVE-2026-31656 drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
Information published.
CVE-2026-31656
Sin clasificar
Microsoft
CVE-2026-31686 mm/kasan: fix double free for kasan pXds
Information published.
CVE-2026-31686
Sin clasificar
Microsoft
CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer
Information published.
CVE-2026-41898
Baja
Microsoft
CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling
Information published.
CVE-2026-33999
Sin clasificar
Microsoft
CVE-2026-23406 apparmor: fix side-effect bug in match_char() macro usage
Information published.
CVE-2026-23406
Sin clasificar
Microsoft
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Information published.
CVE-2026-28389
Sin clasificar
Microsoft
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
CVE-2026-28390
Sin clasificar
Microsoft
CVE-2026-41254
Information published.
CVE-2026-41254
Sin clasificar
Microsoft
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Information published.
CVE-2026-31478
Media
Microsoft
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
Information published.
CVE-2026-31473
Sin clasificar
Microsoft
CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable
Information published.
CVE-2025-13763
Sin clasificar
Microsoft
CVE-2026-31555 futex: Clear stale exiting pointer in futex_lock_pi() retry path
Information published.
CVE-2026-31555
Sin clasificar
Microsoft
CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()
Information published.
CVE-2026-31607
Sin clasificar
Microsoft
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Information published.
CVE-2026-31536
Media
Microsoft
CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()
Information published.
CVE-2026-31583
Sin clasificar
Microsoft
CVE-2026-31638 rxrpc: Only put the call ref if one was acquired
Information published.
CVE-2026-31638
Sin clasificar
Microsoft
CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag
Information published.
CVE-2026-31574
Sin clasificar
Microsoft
CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend
Information published.
CVE-2026-31596
Sin clasificar
Microsoft
CVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnect
Information published.
CVE-2026-31581
Sin clasificar
Microsoft
CVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map
Information published.
CVE-2026-31577
Sin clasificar
Microsoft
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
Information published.
CVE-2026-41140
Sin clasificar
Microsoft
CVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroy
Information published.
CVE-2026-31665
Sin clasificar
Microsoft
CVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being created
Information published.
CVE-2026-31670
Sin clasificar
Microsoft
CVE-2026-31642 rxrpc: Fix call removal to use RCU safe deletion
Information published.
CVE-2026-31642
Sin clasificar
Microsoft
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response
Information published.
CVE-2026-31613
Baja
Microsoft
CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
Information published.
CVE-2026-31623
Sin clasificar
Microsoft
CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length
Information published.
CVE-2026-41677
Baja
Microsoft
CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()
Information published.
CVE-2026-31616
Sin clasificar
Microsoft
CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel
Information published.
CVE-2026-31668
Sin clasificar
Microsoft
CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect
Information published.
CVE-2026-31582
Sin clasificar
Microsoft
CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values
Information published.
CVE-2026-31588
Sin clasificar
Microsoft
CVE-2026-31675 net/sched: sch_netem: fix out-of-bounds access in packet corruption
Information published.
CVE-2026-31675
Sin clasificar
Microsoft
CVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring()
Information published.
CVE-2026-31634
Sin clasificar
Microsoft
CVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()
Information published.
CVE-2026-31658
Sin clasificar
Microsoft
CVE-2026-31689 EDAC/mc: Fix error path ordering in edac_mc_alloc()
Information published.
CVE-2026-31689
Sin clasificar
Microsoft
CVE-2026-31688 driver core: enforce device_lock for driver_match_device()
Information published.
CVE-2026-31688
Sin clasificar
Microsoft
CVE-2026-31548 wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down
Information published.
CVE-2026-31548
Sin clasificar
Microsoft
CVE-2026-31549 i2c: cp2615: fix serial string NULL-deref at probe
Information published.
CVE-2026-31549
Sin clasificar
Microsoft
CVE-2026-31550 pmdomain: bcm: bcm2835-power: Increase ASB control timeout
Information published.
CVE-2026-31550
Baja
Microsoft
CVE-2026-31551 wifi: mac80211: Fix static_branch_dec() underflow for aql_disable.
Information published.
CVE-2026-31551
Sin clasificar
Microsoft
CVE-2026-31552 wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom
Information published.
CVE-2026-31552
Media
Microsoft
CVE-2026-31584 media: mediatek: vcodec: fix use-after-free in encoder release path
Information published.
CVE-2026-31584
Sin clasificar
Microsoft
CVE-2026-31661 wifi: brcmsmac: Fix dma_free_coherent() size
Information published.
CVE-2026-31661
Sin clasificar
Microsoft
CVE-2026-31563 net: macb: Use dev_consume_skb_any() to free TX SKBs
Information published.
CVE-2026-31563
Baja
Microsoft
CVE-2026-31648 mm: filemap: fix nr_pages calculation overflow in filemap_map_pages()
Information published.
CVE-2026-31648
Sin clasificar
Microsoft
CVE-2026-40225
Information published.
CVE-2026-40225
Baja
Microsoft
CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path
Information published.
CVE-2026-5435
Sin clasificar
Microsoft
CVE-2026-40556 Insecure Directory Permissions in GNU nano Leading to Privilege Abuse
Information published.
CVE-2026-40556
Sin clasificar
Microsoft
CVE-2026-6861 Emacs: emacs: memory corruption vulnerability when processing svg css
Information published.
CVE-2026-6861
Sin clasificar
Microsoft
CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers
Information published.
CVE-2026-2708
Sin clasificar
Microsoft
CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document
Information published.
CVE-2026-6732
Sin clasificar
Microsoft
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters
Information published.
CVE-2026-6019
Sin clasificar
Microsoft
CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption
Information published.
CVE-2026-34001
Sin clasificar
Microsoft
CVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access
Information published.
CVE-2026-34003
Sin clasificar
Microsoft
CVE-2026-3783 token leak with redirect and netrc
Information published.
CVE-2026-3783
Sin clasificar
Microsoft
CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal
Information published.
CVE-2026-23391
Sin clasificar
Microsoft
CVE-2026-1965 bad reuse of HTTP Negotiate connection
Information published.
CVE-2026-1965
Sin clasificar
Microsoft
CVE-2026-3784 wrong proxy connection reuse with credentials
Information published.
CVE-2026-3784
Baja
Microsoft
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Information published.
CVE-2026-33056
Sin clasificar
Microsoft
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
Information published.
CVE-2026-33055
Baja
Microsoft
CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
Information published.
CVE-2026-2369
Sin clasificar
Microsoft
CVE-2026-23388 Squashfs: check metadata block offset is within range
Information published.
CVE-2026-23388
Sin clasificar
Microsoft
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
Information published.
CVE-2026-23395
Sin clasificar
Microsoft
CVE-2026-31788 xen/privcmd: restrict usage in unprivileged domU
Information published.
CVE-2026-31788
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6920 Out of bounds read in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6920
Sin clasificar
Dynamics
CVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Added acknowledgements. This is an informational change only.
CVE-2026-33103
Sin clasificar
Microsoft
Chromium: CVE-2026-6919 Use after free in DevTools
Added a second Security Only package to Edge security update. This is an informational change only.
CVE-2026-6919
Sin clasificar
Visual Studio
CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability
This CVE has been updated to include the Visual Studios 2026 18.5 as an Affected Software
CVE-2026-40372
Sin clasificar
Microsoft
CVE-2026-26149 Microsoft Power Apps Desktop Client Spoofing Vulnerability
Boletin publicado por Microsoft Security Response Center.
CVE-2026-26149
Sin clasificar
Windows
CVE-2026-32202 Windows Shell Spoofing Vulnerability
Corrected the Exploitability Index, Exploited flag and CVSS vector which was incorrect at the time of publication on 4/14/2026. This is an informational change only.
CVE-2026-32202
Sin clasificar
Microsoft
CVE-2018-0734 Timing attack against DSA
Information published.
CVE-2018-0734
Sin clasificar
Microsoft
CVE-2018-0735 Timing attack against ECDSA signature generation
Information published.
CVE-2018-0735
Baja
Microsoft
CVE-2022-2068 The c_rehash script allows command injection
Information published.
CVE-2022-2068
Sin clasificar
Microsoft
CVE-2026-23405 apparmor: fix: limit the number of levels of policy namespaces
Information published.
CVE-2026-23405
Sin clasificar
Microsoft
CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup
Information published.
CVE-2026-31619
Sin clasificar
Microsoft
CVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users
Information published.
CVE-2026-41079
Sin clasificar
Microsoft
CVE-2026-31557 nvmet: move async event work off nvmet-wq
Information published.
CVE-2026-31557
Sin clasificar
Microsoft
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use
Information published.
CVE-2026-31606
Sin clasificar
Microsoft
CVE-2026-31646 net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()
Information published.
CVE-2026-31646
Sin clasificar
Microsoft
CVE-2026-31620 ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0
Information published.
CVE-2026-31620
Sin clasificar
Microsoft
CVE-2026-31593 KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU
Information published.
CVE-2026-31593
Sin clasificar
Microsoft
CVE-2026-31667 Input: uinput - fix circular locking dependency with ff-core
Information published.
CVE-2026-31667
Sin clasificar
Microsoft
CVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION
Information published.
CVE-2026-31590
Sin clasificar
Microsoft
CVE-2026-31618 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
Information published.
CVE-2026-31618
Sin clasificar
Microsoft
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
Information published.
CVE-2026-31617
Sin clasificar
Microsoft
CVE-2026-31589 mm: call ->free_folio() directly in folio_unmap_invalidate()
Information published.
CVE-2026-31589
Sin clasificar
Microsoft
CVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytes
Information published.
CVE-2026-31660
Sin clasificar
Microsoft
CVE-2026-31605 fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
Information published.
CVE-2026-31605
Sin clasificar
Microsoft
CVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
Information published.
CVE-2026-31566
Media
Microsoft
CVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections
Information published.
CVE-2026-31599
Sin clasificar
Microsoft
CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page
Information published.
CVE-2026-31602
Sin clasificar
Microsoft
CVE-2026-31637 rxrpc: reject undecryptable rxkad response tickets
Information published.
CVE-2026-31637
Sin clasificar
Microsoft
CVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()
Information published.
CVE-2026-31570
Sin clasificar
Microsoft
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift
Information published.
CVE-2026-31624
Sin clasificar
Microsoft
CVE-2026-31651 mmc: vub300: fix NULL-deref on disconnect
Information published.
CVE-2026-31651
Sin clasificar
Microsoft
CVE-2026-23420 wifi: wlcore: Fix a locking bug
Information published.
CVE-2026-23420
Sin clasificar
Microsoft
CVE-2026-31672 wifi: rt2x00usb: fix devres lifetime
Information published.
CVE-2026-31672
Sin clasificar
Microsoft
CVE-2026-23422 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler
Information published.
CVE-2026-23422
Sin clasificar
Microsoft
CVE-2026-31565 RDMA/irdma: Fix deadlock during netdev reset with active connections
Information published.
CVE-2026-31565
Sin clasificar
Microsoft
CVE-2026-31621 bnge: return after auxiliary_device_uninit() in error path
Information published.
CVE-2026-31621
Sin clasificar
Microsoft
CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
Information published.
CVE-2026-31626
Sin clasificar
Microsoft
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
Information published.
CVE-2026-31663
Sin clasificar
Microsoft
CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers
Information published.
CVE-2026-31615
Sin clasificar
Microsoft
CVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc
Information published.
CVE-2026-31610
Baja
Microsoft
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
Information published.
CVE-2026-41066
Sin clasificar
Microsoft
CVE-2026-31645 net: lan966x: fix page pool leak in error paths
Information published.
CVE-2026-31645
Sin clasificar
Microsoft
CVE-2026-41907 uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided
Information published.
CVE-2026-41907
Sin clasificar
Microsoft
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames
Information published.
CVE-2026-41411
Sin clasificar
Microsoft
CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write
Information published.
CVE-2026-31598
Sin clasificar
Microsoft
CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits
Information published.
CVE-2026-31537
Sin clasificar
Microsoft
CVE-2026-23414 tls: Purge async_hold in tls_decrypt_async_wait()
Information published.
CVE-2026-23414
Sin clasificar
Microsoft
CVE-2026-31603 staging: sm750fb: fix division by zero in ps_to_hz()
Information published.
CVE-2026-31603
Sin clasificar
Microsoft
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()
Information published.
CVE-2026-31608
Sin clasificar
Microsoft
CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]
Information published.
CVE-2026-31611
Sin clasificar
Microsoft
CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT
Information published.
CVE-2026-32147
Sin clasificar
Microsoft
CVE-2026-31600 arm64: mm: Handle invalid large leaf mappings correctly
Information published.
CVE-2026-31600
Baja
Microsoft
CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
Information published.
CVE-2026-41676
Sin clasificar
Microsoft
CVE-2026-31627 i2c: s3c24xx: check the size of the SMBUS message before using it
Information published.
CVE-2026-31627
Sin clasificar
Microsoft
CVE-2026-31671 xfrm_user: fix info leak in build_report()
Information published.
CVE-2026-31671
Sin clasificar
Microsoft
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction
Information published.
CVE-2026-31560
Sin clasificar
Microsoft
CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap
Information published.
CVE-2026-41678
Sin clasificar
Microsoft
CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()
Information published.
CVE-2026-31612
Sin clasificar
Microsoft
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory
Information published.
CVE-2026-31568
Sin clasificar
Microsoft
CVE-2026-31587 ASoC: qcom: q6apm: move component registration to unmanaged version
Information published.
CVE-2026-31587
Sin clasificar
Microsoft
CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation
Information published.
CVE-2026-31575
Baja
Microsoft
CVE-2026-31662 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
Information published.
CVE-2026-31662
Sin clasificar
Microsoft
CVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crash
Information published.
CVE-2026-31580
Sin clasificar
Microsoft
CVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check
Information published.
CVE-2026-41681
Sin clasificar
Microsoft
CVE-2026-31639 rxrpc: Fix key reference count leak from call->key
Information published.
CVE-2026-31639
Sin clasificar
Microsoft
CVE-2026-31657 batman-adv: hold claim backbone gateways by reference
Information published.
CVE-2026-31657
Sin clasificar
Microsoft
CVE-2026-31591 KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish
Information published.
CVE-2026-31591
Sin clasificar
Microsoft
CVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checks
Information published.
CVE-2026-31629
Sin clasificar
Microsoft
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
Information published.
CVE-2026-31579
Sin clasificar
Microsoft
CVE-2026-31628 x86/CPU: Fix FPDSS on Zen1
Information published.
CVE-2026-31628
Sin clasificar
Microsoft
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output
Information published.
CVE-2026-31630
Sin clasificar
Microsoft
CVE-2026-31655 pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled
Information published.
CVE-2026-31655
Sin clasificar
Microsoft
CVE-2026-31685 netfilter: ip6t_eui64: reject invalid MAC header for all packets
Information published.
CVE-2026-31685
Baja
Microsoft
CVE-2026-31649 net: stmmac: fix integer underflow in chain mode
Information published.
CVE-2026-31649
Sin clasificar
Microsoft
CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established
Information published.
CVE-2026-31669
Baja
Microsoft
CVE-2026-31680 net: ipv6: flowlabel: defer exclusive option free until RCU teardown
Information published.
CVE-2026-31680
Media
Microsoft
CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
Information published.
CVE-2026-31576
Sin clasificar
Microsoft
CVE-2026-31678 openvswitch: defer tunnel netdev_put to RCU release
Information published.
CVE-2026-31678
Sin clasificar
Microsoft
CVE-2026-31595 PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup
Information published.
CVE-2026-31595
Sin clasificar
Microsoft
CVE-2026-31681 netfilter: xt_multiport: validate range encoding in checkentry
Information published.
CVE-2026-31681
Sin clasificar
Microsoft
CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
Information published.
CVE-2026-31586
Media
Microsoft
CVE-2026-31578 media: as102: fix to not free memory after the device is registered in as102_usb_probe()
Information published.
CVE-2026-31578
Sin clasificar
Microsoft
CVE-2026-31682 bridge: br_nd_send: linearize skb before parsing ND options
Information published.
CVE-2026-31682
Sin clasificar
Microsoft
CVE-2026-31659 batman-adv: reject oversized global TT response buffers
Information published.
CVE-2026-31659
Sin clasificar
Microsoft
CVE-2026-31625 HID: alps: fix NULL pointer dereference in alps_raw_event()
Information published.
CVE-2026-31625
Sin clasificar
Microsoft
CVE-2026-31679 openvswitch: validate MPLS set/set_masked payload length
Information published.
CVE-2026-31679
Sin clasificar
Microsoft
CVE-2026-31674 netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()
Information published.
CVE-2026-31674
Sin clasificar
Microsoft
CVE-2026-31673 af_unix: read UNIX_DIAG_VFS data under unix_state_lock
Information published.
CVE-2026-31673
Sin clasificar
Microsoft
CVE-2026-31664 xfrm: clear trailing padding in build_polexpire()
Information published.
CVE-2026-31664
Sin clasificar
Microsoft
CVE-2026-31622 NFC: digital: Bounds check NFC-A cascade depth in SDD response handler
Information published.
CVE-2026-31622
Sin clasificar
Microsoft
CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
Information published.
CVE-2026-31597
Sin clasificar
Microsoft
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Information published.
CVE-2026-31592
Baja
Microsoft
CVE-2026-31656 drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
Information published.
CVE-2026-31656
Sin clasificar
Microsoft
CVE-2026-23401 KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE
Information published.
CVE-2026-23401
Sin clasificar
Microsoft
CVE-2026-23403 apparmor: fix memory leak in verify_header
Information published.
CVE-2026-23403
Sin clasificar
Microsoft
CVE-2026-23404 apparmor: replace recursive profile removal with iterative approach
Information published.
CVE-2026-23404
Sin clasificar
Microsoft
CVE-2026-23406 apparmor: fix side-effect bug in match_char() macro usage
Information published.
CVE-2026-23406
Sin clasificar
Microsoft
CVE-2026-23407 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
Information published.
CVE-2026-23407
Sin clasificar
Microsoft
CVE-2026-23408 apparmor: Fix double free of ns_name in aa_replace_profiles()
Information published.
CVE-2026-23408
Sin clasificar
Microsoft
CVE-2026-23409 apparmor: fix differential encoding verification
Information published.
CVE-2026-23409
Sin clasificar
Microsoft
CVE-2026-23410 apparmor: fix race on rawdata dereference
Information published.
CVE-2026-23410
Sin clasificar
Microsoft
CVE-2026-23411 apparmor: fix race between freeing data and fs accessing it
Information published.
CVE-2026-23411
Sin clasificar
Microsoft
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup
Information published.
CVE-2026-41205
Sin clasificar
Microsoft
CVE-2026-31555 futex: Clear stale exiting pointer in futex_lock_pi() retry path
Information published.
CVE-2026-31555
Sin clasificar
Microsoft
CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()
Information published.
CVE-2026-31607
Sin clasificar
Microsoft
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Information published.
CVE-2026-31536
Media
Microsoft
CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()
Information published.
CVE-2026-31583
Sin clasificar
Microsoft
CVE-2026-31638 rxrpc: Only put the call ref if one was acquired
Information published.
CVE-2026-31638
Sin clasificar
Microsoft
CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag
Information published.
CVE-2026-31574
Sin clasificar
Microsoft
CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend
Information published.
CVE-2026-31596
Sin clasificar
Microsoft
CVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnect
Information published.
CVE-2026-31581
Sin clasificar
Microsoft
CVE-2026-31604 wifi: rtw88: fix device leak on probe failure
Information published.
CVE-2026-31604
Media
Microsoft
CVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failure
Information published.
CVE-2026-31585
Sin clasificar
Microsoft
CVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map
Information published.
CVE-2026-31577
Sin clasificar
Microsoft
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
Information published.
CVE-2026-41140
Sin clasificar
Microsoft
CVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroy
Information published.
CVE-2026-31665
Sin clasificar
Microsoft
CVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being created
Information published.
CVE-2026-31670
Sin clasificar
Microsoft
CVE-2026-31642 rxrpc: Fix call removal to use RCU safe deletion
Information published.
CVE-2026-31642
Sin clasificar
Microsoft
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response
Information published.
CVE-2026-31613
Baja
Microsoft
CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
Information published.
CVE-2026-31623
Sin clasificar
Microsoft
CVE-2026-31594 PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown
Information published.
CVE-2026-31594
Sin clasificar
Microsoft
CVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()
Information published.
CVE-2026-31609
Sin clasificar
Microsoft
CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length
Information published.
CVE-2026-41677
Baja
Microsoft
CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()
Information published.
CVE-2026-31616
Sin clasificar
Microsoft
CVE-2026-31601 vfio/xe: Reorganize the init to decouple migration from reset
Information published.
CVE-2026-31601
Sin clasificar
Microsoft
CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel
Information published.
CVE-2026-31668
Sin clasificar
Microsoft
CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect
Information published.
CVE-2026-31582
Sin clasificar
Microsoft
CVE-2026-31676 rxrpc: only handle RESPONSE during service challenge
Information published.
CVE-2026-31676
Sin clasificar
Microsoft
CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values
Information published.
CVE-2026-31588
Sin clasificar
Microsoft
CVE-2026-31677 crypto: af_alg - limit RX SG extraction by receive buffer budget
Information published.
CVE-2026-31677
Sin clasificar
Microsoft
CVE-2026-31675 net/sched: sch_netem: fix out-of-bounds access in packet corruption
Information published.
CVE-2026-31675
Sin clasificar
Microsoft
CVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring()
Information published.
CVE-2026-31634
Sin clasificar
Microsoft
CVE-2026-31684 net: sched: act_csum: validate nested VLAN headers
Information published.
CVE-2026-31684
Sin clasificar
Microsoft
CVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()
Information published.
CVE-2026-31658
Sin clasificar
Microsoft
CVE-2026-23382 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them
Information published.
CVE-2026-23382
Sin clasificar
Microsoft
CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal
Information published.
CVE-2026-23391
Sin clasificar
Microsoft
CVE-2026-23359 bpf: Fix stack-out-of-bounds write in devmap
Information published.
CVE-2026-23359
Sin clasificar
Microsoft
CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects
Information published.
CVE-2026-23348
Sin clasificar
Microsoft
CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior
Information published.
CVE-2026-23378
Sin clasificar
Microsoft
CVE-2026-23352 x86/efi: defer freeing of boot services memory
Information published.
CVE-2026-23352
Sin clasificar
Microsoft
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
Information published.
CVE-2026-23371
Sin clasificar
Microsoft
CVE-2026-23351 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
Information published.
CVE-2026-23351
Sin clasificar
Microsoft
CVE-2026-23389 ice: Fix memory leak in ice_set_ringparam()
Information published.
CVE-2026-23389
Sin clasificar
Microsoft
CVE-2026-23365 net: usb: kalmia: validate USB endpoints
Information published.
CVE-2026-23365
Sin clasificar
Microsoft
CVE-2026-23398 icmp: fix NULL pointer dereference in icmp_tag_validation()
Information published.
CVE-2026-23398
Sin clasificar
Microsoft
CVE-2026-23396 wifi: mac80211: fix NULL deref in mesh_matches_local()
Information published.
CVE-2026-23396
Sin clasificar
Microsoft
CVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error path
Information published.
CVE-2026-23399
Sin clasificar
Microsoft
CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.
Information published.
CVE-2026-23394
Sin clasificar
Microsoft
CVE-2026-23362 can: bcm: fix locking for bcm_op runtime updates
Information published.
CVE-2026-23362
Sin clasificar
Microsoft
CVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
Information published.
CVE-2026-23370
Sin clasificar
Microsoft
CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown
Information published.
CVE-2026-23372
Sin clasificar
Microsoft
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
Information published.
CVE-2026-23361
Baja
Microsoft
CVE-2026-23392 netfilter: nf_tables: release flowtable after rcu grace period on error
Information published.
CVE-2026-23392
Sin clasificar
Microsoft
CVE-2026-23388 Squashfs: check metadata block offset is within range
Information published.
CVE-2026-23388
Sin clasificar
Microsoft
CVE-2026-23368 net: phy: register phy led_triggers during probe to avoid AB-BA deadlock
Information published.
CVE-2026-23368
Sin clasificar
Microsoft
CVE-2026-23364 ksmbd: Compare MACs in constant time
Information published.
CVE-2026-23364
Sin clasificar
Microsoft
CVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_open
Information published.
CVE-2026-23357
Sin clasificar
Microsoft
CVE-2026-23381 net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
Information published.
CVE-2026-23381
Sin clasificar
Microsoft
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
Information published.
CVE-2026-23395
Sin clasificar
Microsoft
CVE-2026-23374 blktrace: fix __this_cpu_read/write in preemptible context
Information published.
CVE-2026-23374
Sin clasificar
Microsoft
CVE-2026-23356 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()
Information published.
CVE-2026-23356
Sin clasificar
Microsoft
CVE-2026-23367 wifi: radiotap: reject radiotap with unknown bits
Information published.
CVE-2026-23367
Sin clasificar
Microsoft
CVE-2026-23379 net/sched: ets: fix divide by zero in the offload path
Information published.
CVE-2026-23379
Sin clasificar
Microsoft
CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion
Information published.
CVE-2026-23393
Sin clasificar
Microsoft
CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints
Information published.
CVE-2026-23397
Sin clasificar
Microsoft
CVE-2026-31788 xen/privcmd: restrict usage in unprivileged domU
Information published.
CVE-2026-31788
Sin clasificar
Microsoft
CVE-2026-23360 nvme: fix admin queue leak on controller reset
Information published.
CVE-2026-23360
Sin clasificar
Microsoft
CVE-2026-23442 ipv6: add NULL checks for idev in SRv6 paths
Information published.
CVE-2026-23442
Sin clasificar
Microsoft
CVE-2026-41080
Information published.
CVE-2026-41080
Sin clasificar
Microsoft
CVE-2026-41989
Information published.
CVE-2026-41989
Baja
Microsoft
CVE-2026-23438 net: mvpp2: guard flow control update with global_tx_fc in buffer switching
Information published.
CVE-2026-23438
Sin clasificar
Microsoft
CVE-2026-23439 udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n
Information published.
CVE-2026-23439
Sin clasificar
Microsoft
CVE-2026-23446 net: usb: aqc111: Do not perform PM inside suspend callback
Information published.
CVE-2026-23446
Sin clasificar
Microsoft
CVE-2026-23447 net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check
Information published.
CVE-2026-23447
Sin clasificar
Microsoft
CVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
Information published.
CVE-2026-23444
Baja
Microsoft
CVE-2026-5450 scanf %mc off-by-one heap buffer overflow
Information published.
CVE-2026-5450
Sin clasificar
Microsoft
CVE-2026-23428 ksmbd: fix use-after-free of share_conf in compound request
Information published.
CVE-2026-23428
Sin clasificar
Microsoft
CVE-2026-23434 mtd: rawnand: serialize lock/unlock against other NAND operations
Information published.
CVE-2026-23434
Sin clasificar
Microsoft
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup
Information published.
CVE-2026-41205
Sin clasificar
Microsoft
CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable
Information published.
CVE-2025-13763
Sin clasificar
Microsoft
CVE-2026-23340 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs
Information published.
CVE-2026-23340
Sin clasificar
Microsoft
CVE-2026-23324 can: usb: etas_es58x: correctly anchor the urb in the read bulk callback
Information published.
CVE-2026-23324
Sin clasificar
Microsoft
CVE-2026-23315 wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()
Information published.
CVE-2026-23315
Sin clasificar
Microsoft
CVE-2026-23330 nfc: nci: complete pending data exchange on device close
Information published.
CVE-2026-23330
Sin clasificar
Microsoft
CVE-2026-23318 ALSA: usb-audio: Use correct version for UAC3 header validation
Information published.
CVE-2026-23318
Sin clasificar
Microsoft
CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths
Information published.
CVE-2026-23339
Sin clasificar
Microsoft
CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
Information published.
CVE-2026-23335
Sin clasificar
Microsoft
CVE-2026-23336 wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()
Information published.
CVE-2026-23336
Sin clasificar
Microsoft
CVE-2026-5958 Race Condition in GNU Sed
Information published.
CVE-2026-5958
Sin clasificar
Microsoft
CVE-2026-35239
Information published.
CVE-2026-35239
Sin clasificar
Microsoft
CVE-2026-34271
Information published.
CVE-2026-34271
Sin clasificar
Microsoft
CVE-2026-35238
Information published.
CVE-2026-35238
Sin clasificar
Microsoft
CVE-2026-34267
Information published.
CVE-2026-34267
Sin clasificar
Microsoft
CVE-2026-22005
Information published.
CVE-2026-22005
Sin clasificar
Microsoft
CVE-2026-22015
Information published.
CVE-2026-22015
Sin clasificar
Microsoft
CVE-2026-31448 ext4: avoid infinite loops caused by residual data
Information published.
CVE-2026-31448
Sin clasificar
Microsoft
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()
Information published.
CVE-2026-31530
Sin clasificar
Microsoft
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
Information published.
CVE-2026-31480
Sin clasificar
Microsoft
CVE-2026-31450 ext4: publish jinode after initialization
Information published.
CVE-2026-31450
Sin clasificar
Microsoft
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Information published.
CVE-2026-31493
Sin clasificar
Microsoft
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds
Information published.
CVE-2026-31521
Sin clasificar
Microsoft
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Information published.
CVE-2026-31531
Sin clasificar
Microsoft
CVE-2026-41989
Information published.
CVE-2026-41989
Sin clasificar
Microsoft
CVE-2026-41988
Information published.
CVE-2026-41988
Sin clasificar
Microsoft
CVE-2026-34278
Information published.
CVE-2026-34278
Sin clasificar
Microsoft
CVE-2026-21998
Information published.
CVE-2026-21998
Sin clasificar
Microsoft
CVE-2026-35237
Information published.
CVE-2026-35237
Sin clasificar
Microsoft
CVE-2026-22009
Information published.
CVE-2026-22009
Sin clasificar
Microsoft
CVE-2026-34270
Information published.
CVE-2026-34270
Sin clasificar
Microsoft
CVE-2026-34293
Information published.
CVE-2026-34293
Sin clasificar
Microsoft
CVE-2026-22002
Information published.
CVE-2026-22002
Sin clasificar
Microsoft
CVE-2026-22017
Information published.
CVE-2026-22017
Sin clasificar
Microsoft
CVE-2026-34303
Information published.
CVE-2026-34303
Sin clasificar
Microsoft
CVE-2026-34308
Information published.
CVE-2026-34308
Sin clasificar
Microsoft
CVE-2026-34304
Information published.
CVE-2026-34304
Sin clasificar
Microsoft
CVE-2026-34276
Information published.
CVE-2026-34276
Sin clasificar
Microsoft
CVE-2026-22004
Information published.
CVE-2026-22004
Sin clasificar
Microsoft
CVE-2026-22001
Information published.
CVE-2026-22001
Sin clasificar
Microsoft
CVE-2026-35240
Information published.
CVE-2026-35240
Sin clasificar
Microsoft
CVE-2026-35236
Information published.
CVE-2026-35236
Sin clasificar
Microsoft
CVE-2026-40706
Information published.
CVE-2026-40706
Sin clasificar
Microsoft
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
Information published.
CVE-2026-31483
Sin clasificar
Microsoft
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
Information published.
CVE-2026-31507
Sin clasificar
Microsoft
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
Information published.
CVE-2026-31500
Sin clasificar
Microsoft
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Information published.
CVE-2026-31478
Sin clasificar
Microsoft
CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups
Information published.
CVE-2026-31528
Sin clasificar
Microsoft
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks
Information published.
CVE-2026-31453
Sin clasificar
Microsoft
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
Information published.
CVE-2026-31525
Sin clasificar
Microsoft
CVE-2026-31494 net: macb: use the current queue number for stats
Information published.
CVE-2026-31494
Media
Microsoft
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
Information published.
CVE-2026-31473
Sin clasificar
Microsoft
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
Information published.
CVE-2026-5187
Sin clasificar
Microsoft
CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()
Information published.
CVE-2026-31532
Baja
Dynamics
CVE-2026-32210 Microsoft Dynamics 365 (online) Spoofing Vulnerability
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32210
Baja
Microsoft 365
CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-33102
Baja
Microsoft
CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
CVE-2026-33819
Baja
Microsoft
CVE-2026-26150 Microsoft Purview eDiscovery Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-26150
Baja
Microsoft
CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-24303
Baja
Microsoft
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-35431
Baja
Microsoft
CVE-2026-32172 Microsoft Power Apps Remote Code Execution Vulnerability
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
CVE-2026-32172
Baja
Azure
CVE-2026-21515 Azure IoT Central Elevation of Privilege Vulnerability
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
CVE-2026-21515
Sin clasificar
Microsoft
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Information published.
CVE-2026-33750
Baja
Microsoft
CVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
Information published.
CVE-2026-27820
Baja
Microsoft
CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal
Information published.
CVE-2026-5928
Sin clasificar
Microsoft
CVE-2026-35239
Information published.
CVE-2026-35239
Sin clasificar
Microsoft
CVE-2026-34271
Information published.
CVE-2026-34271
Sin clasificar
Microsoft
CVE-2026-35238
Information published.
CVE-2026-35238
Sin clasificar
Microsoft
CVE-2026-34267
Information published.
CVE-2026-34267
Sin clasificar
Microsoft
CVE-2026-22005
Information published.
CVE-2026-22005
Sin clasificar
Microsoft
CVE-2026-22015
Information published.
CVE-2026-22015
Sin clasificar
Microsoft
CVE-2026-31452 ext4: convert inline data to extents when truncate exceeds inline size
Information published.
CVE-2026-31452
Sin clasificar
Microsoft
CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount
Information published.
CVE-2026-31455
Sin clasificar
Microsoft
CVE-2026-31476 ksmbd: do not expire session on binding failure
Information published.
CVE-2026-31476
Sin clasificar
Microsoft
CVE-2026-31474 can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
Information published.
CVE-2026-31474
Sin clasificar
Microsoft
CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()
Information published.
CVE-2026-31464
Sin clasificar
Microsoft
CVE-2026-31461 drm/amd/display: Fix drm_edid leak in amdgpu_dm
Information published.
CVE-2026-31461
Sin clasificar
Microsoft
CVE-2026-31441 dmaengine: idxd: Fix memory leak when a wq is reset
Information published.
CVE-2026-31441
Sin clasificar
Microsoft
CVE-2026-31454 xfs: save ailp before dropping the AIL lock in push callbacks
Information published.
CVE-2026-31454
Sin clasificar
Microsoft
CVE-2026-31432 ksmbd: fix OOB write in QUERY_INFO for compound requests
Information published.
CVE-2026-31432
Sin clasificar
Microsoft
CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports
Information published.
CVE-2026-31502
Sin clasificar
Microsoft
CVE-2026-31495 netfilter: ctnetlink: use netlink policy range checks
Information published.
CVE-2026-31495
Sin clasificar
Microsoft
CVE-2026-31448 ext4: avoid infinite loops caused by residual data
Information published.
CVE-2026-31448
Sin clasificar
Microsoft
CVE-2026-31439 dmaengine: xilinx: xdma: Fix regmap init error handling
Information published.
CVE-2026-31439
Sin clasificar
Microsoft
CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()
Information published.
CVE-2026-31477
Sin clasificar
Microsoft
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()
Information published.
CVE-2026-31530
Sin clasificar
Microsoft
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
Information published.
CVE-2026-31480
Sin clasificar
Microsoft
CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
Information published.
CVE-2026-31512
Sin clasificar
Microsoft
CVE-2026-31450 ext4: publish jinode after initialization
Information published.
CVE-2026-31450
Sin clasificar
Microsoft
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Information published.
CVE-2026-31493
Sin clasificar
Microsoft
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds
Information published.
CVE-2026-31521
Baja
Microsoft
CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()
Information published.
CVE-2026-41445
Sin clasificar
Microsoft
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Information published.
CVE-2026-39882
Sin clasificar
Microsoft
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Information published.
CVE-2026-32288
Sin clasificar
Microsoft
CVE-2026-5160
Information published.
CVE-2026-5160
Baja
Microsoft
CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal
Information published.
CVE-2026-5358
Sin clasificar
Microsoft
CVE-2026-34278
Information published.
CVE-2026-34278
Sin clasificar
Microsoft
CVE-2026-21998
Information published.
CVE-2026-21998
Sin clasificar
Microsoft
CVE-2026-35237
Information published.
CVE-2026-35237
Sin clasificar
Microsoft
CVE-2026-22009
Information published.
CVE-2026-22009
Sin clasificar
Microsoft
CVE-2026-34270
Information published.
CVE-2026-34270
Sin clasificar
Microsoft
CVE-2026-34293
Information published.
CVE-2026-34293
Sin clasificar
Microsoft
CVE-2026-22002
Information published.
CVE-2026-22002
Sin clasificar
Microsoft
CVE-2026-22017
Information published.
CVE-2026-22017
Sin clasificar
Microsoft
CVE-2026-34303
Information published.
CVE-2026-34303
Sin clasificar
Microsoft
CVE-2026-34308
Information published.
CVE-2026-34308
Sin clasificar
Microsoft
CVE-2026-34304
Information published.
CVE-2026-34304
Sin clasificar
Microsoft
CVE-2026-34276
Information published.
CVE-2026-34276
Sin clasificar
Microsoft
CVE-2026-22004
Information published.
CVE-2026-22004
Sin clasificar
Microsoft
CVE-2026-22001
Information published.
CVE-2026-22001
Sin clasificar
Microsoft
CVE-2026-35240
Information published.
CVE-2026-35240
Sin clasificar
Microsoft
CVE-2026-35236
Information published.
CVE-2026-35236
Sin clasificar
Microsoft
CVE-2026-40706
Information published.
CVE-2026-40706
Sin clasificar
Microsoft
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Information published.
CVE-2026-3219
Sin clasificar
Microsoft
CVE-2026-40890 github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer
Information published.
CVE-2026-40890
Sin clasificar
Microsoft
CVE-2026-31524 HID: asus: avoid memory leak in asus_report_fixup()
Information published.
CVE-2026-31524
Sin clasificar
Microsoft
CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex
Information published.
CVE-2026-31486
Sin clasificar
Microsoft
CVE-2026-31487 spi: use generic driver_override infrastructure
Information published.
CVE-2026-31487
Sin clasificar
Microsoft
CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc
Information published.
CVE-2026-31496
Sin clasificar
Microsoft
CVE-2026-31515 af_key: validate families in pfkey_send_migrate()
Information published.
CVE-2026-31515
Sin clasificar
Microsoft
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
Information published.
CVE-2026-31516
Sin clasificar
Microsoft
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation
Information published.
CVE-2026-31488
Sin clasificar
Microsoft
CVE-2026-31527 driver core: platform: use generic driver_override infrastructure
Information published.
CVE-2026-31527
Sin clasificar
Microsoft
CVE-2026-31506 net: bcmasp: fix double free of WoL irq
Information published.
CVE-2026-31506
Sin clasificar
Microsoft
CVE-2026-31458 mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]
Information published.
CVE-2026-31458
Sin clasificar
Microsoft
CVE-2026-31504 net: fix fanout UAF in packet_release() via NETDEV_UP race
Information published.
CVE-2026-31504
Media
Microsoft
CVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse case
Information published.
CVE-2026-31462
Sin clasificar
Microsoft
CVE-2026-31523 nvme-pci: ensure we're polling a polled queue
Information published.
CVE-2026-31523
Sin clasificar
Microsoft
CVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indices
Information published.
CVE-2026-31497
Sin clasificar
Microsoft
CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory
Information published.
CVE-2026-31440
Sin clasificar
Microsoft
CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
Information published.
CVE-2026-31505
Sin clasificar
Microsoft
CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place
Information published.
CVE-2026-31431
Sin clasificar
Microsoft
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path
Information published.
CVE-2026-31489
Sin clasificar
Microsoft
CVE-2026-31469 virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false
Information published.
CVE-2026-31469
Sin clasificar
Microsoft
CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb
Information published.
CVE-2026-31510
Sin clasificar
Microsoft
CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes
Information published.
CVE-2026-31449
Sin clasificar
Microsoft
CVE-2026-31482 s390/entry: Scrub r12 register on kernel entry
Information published.
CVE-2026-31482
Sin clasificar
Microsoft
CVE-2026-31518 esp: fix skb leak with espintcp and async crypto
Information published.
CVE-2026-31518
Sin clasificar
Microsoft
CVE-2026-31446 ext4: fix use-after-free in update_super_work when racing with umount
Information published.
CVE-2026-31446
Sin clasificar
Microsoft
CVE-2026-31520 HID: apple: avoid memory leak in apple_report_fixup()
Information published.
CVE-2026-31520
Sin clasificar
Microsoft
CVE-2026-31519 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create
Information published.
CVE-2026-31519
Sin clasificar
Microsoft
CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests
Information published.
CVE-2026-31433
Sin clasificar
Microsoft
CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)
Information published.
CVE-2026-31485
Sin clasificar
Microsoft
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
Information published.
CVE-2026-31483
Sin clasificar
Microsoft
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
Information published.
CVE-2026-31507
Sin clasificar
Microsoft
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
Information published.
CVE-2026-31500
Sin clasificar
Microsoft
CVE-2026-31447 ext4: reject mount if bigalloc with s_first_data_block != 0
Information published.
CVE-2026-31447
Sin clasificar
Microsoft
CVE-2026-31444 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()
Information published.
CVE-2026-31444
Sin clasificar
Microsoft
CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
Information published.
CVE-2026-31522
Sin clasificar
Microsoft
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Information published.
CVE-2026-31478
Sin clasificar
Microsoft
CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device
Information published.
CVE-2026-31509
Sin clasificar
Microsoft
CVE-2026-31451 ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio
Information published.
CVE-2026-31451
Sin clasificar
Microsoft
CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups
Information published.
CVE-2026-31528
Sin clasificar
Microsoft
CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2
Information published.
CVE-2026-31503
Sin clasificar
Microsoft
CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop
Information published.
CVE-2026-31498
Sin clasificar
Microsoft
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks
Information published.
CVE-2026-31453
Sin clasificar
Microsoft
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
Information published.
CVE-2026-31525
Sin clasificar
Microsoft
CVE-2026-31467 erofs: add GFP_NOIO in the bio completion if needed
Information published.
CVE-2026-31467
Sin clasificar
Microsoft
CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it
Information published.
CVE-2026-31492
Sin clasificar
Microsoft
CVE-2026-31494 net: macb: use the current queue number for stats
Information published.
CVE-2026-31494
Media
Microsoft
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
Information published.
CVE-2026-31473
Sin clasificar
Microsoft
CVE-2026-6507 Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing
Information published.
CVE-2026-6507
Sin clasificar
Microsoft
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
Information published.
CVE-2026-28808
Sin clasificar
Microsoft
CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input
Information published.
CVE-2026-6409
Sin clasificar
Microsoft
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
Information published.
CVE-2026-5187
Sin clasificar
Microsoft
CVE-2026-26171 .NET Denial of Service Vulnerability
The CVE was updated to include Powershell 7.6 and 7.5
CVE-2026-26171
Baja
Microsoft
CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal
Information published.
CVE-2026-5928
Sin clasificar
Microsoft
CVE-2026-5958 Race Condition in GNU Sed
Information published.
CVE-2026-5958
Sin clasificar
Windows
CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows
Information published.
CVE-2025-14821
Sin clasificar
Microsoft
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Information published.
CVE-2026-4786
CVE-2026-4519
Baja
Microsoft
CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal
Information published.
CVE-2026-5358
Baja
Microsoft
CVE-2026-5450 scanf %mc off-by-one heap buffer overflow
Information published.
CVE-2026-5450
Sin clasificar
Microsoft
CVE-2026-31430 X.509: Fix out-of-bounds access when parsing extensions
Information published.
CVE-2026-31430
Sin clasificar
Microsoft
CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head
Information published.
CVE-2026-31429
Sin clasificar
Windows
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-32223
Sin clasificar
Windows
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-26168
Baja
Microsoft
CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-40372
Sin clasificar
Microsoft
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Information published.
CVE-2026-32288
Sin clasificar
Microsoft
CVE-2026-41254
Information published.
CVE-2026-41254
Sin clasificar
Visual Studio
CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
Added acknowledgements. This is an informational change only.
CVE-2026-21523
Sin clasificar
Windows Server
CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability
Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.
CVE-2026-32077
Sin clasificar
Microsoft
CVE-2026-26149 Microsoft Power Apps Spoofing Vulnerability
Boletin publicado por Microsoft Security Response Center.
CVE-2026-26149
Sin clasificar
Microsoft
CVE-2026-5160
Information published.
CVE-2026-5160
Sin clasificar
Microsoft
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Information published.
CVE-2026-6100
Sin clasificar
Microsoft
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Information published.
CVE-2026-4786
CVE-2026-4519
Baja
Microsoft
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Information published.
CVE-2026-33056
Sin clasificar
Microsoft
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
Information published.
CVE-2026-33055
Baja
Microsoft Edge
Chromium: CVE-2026-6296 Heap buffer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6296
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6363 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6363
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6359 Use after free in Video
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6359
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6364 Out of bounds read in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6364
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6362 Use after free in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6362
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6313
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6314 Out of bounds write in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6314
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6318 Use after free in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6318
Baja
Microsoft Edge
Chromium: CVE-2026-6361 Heap buffer overflow in PDFium
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6361
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6310 Use after free in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6310
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6360 Use after free in FileSystem
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6360
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6316 Use after free in Forms
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6316
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6309 Use after free in Viz
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6309
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6311 Uninitialized Use in Accessibility
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6311
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6307 Type Confusion in Turbofan
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6307
Baja
Microsoft Edge
Chromium: CVE-2026-6306 Heap buffer overflow in PDFium
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6306
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6303 Use after free in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6303
Media
Microsoft Edge
Chromium: CVE-2026-6308 Out of bounds read in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6308
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6302 Use after free in Video
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6302
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6300 Use after free in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6300
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6304 Use after free in Graphite
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6304
Baja
Microsoft Edge
Chromium: CVE-2026-6305 Heap buffer overflow in PDFium
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6305
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6301 Type Confusion in Turbofan
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6301
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6317 Use after free in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6317
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6312
Baja
Microsoft Edge
Chromium: CVE-2026-6298 Heap buffer overflow in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6298
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6297 Use after free in Proxy
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6297
Sin clasificar
Microsoft Edge
Chromium: CVE-2026-6299 Use after free in Prerender
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more informat...
CVE-2026-6299
Sin clasificar
Microsoft
CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input
Information published.
CVE-2026-33948
Sin clasificar
Microsoft
CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed
Information published.
CVE-2026-40164
Sin clasificar
Microsoft
CVE-2026-35469 SpdyStream: DOS on CRI
Information published.
CVE-2026-35469
Sin clasificar
Microsoft
CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure
Information published.
CVE-2026-39956
Sin clasificar
Microsoft
CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount
Information published.
CVE-2026-35201
Baja
Microsoft
CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow
Information published.
CVE-2026-32316
Sin clasificar
Microsoft
CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()
Information published.
CVE-2026-33947
Sin clasificar
Microsoft
CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers
Information published.
CVE-2026-39979
Sin clasificar
Microsoft
CVE-2026-41035
Information published.
CVE-2026-41035
Baja
Microsoft
CVE-2026-35199 SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation
Information published.
CVE-2026-35199
Sin clasificar
Windows
CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows
Information published.
CVE-2025-14821
Sin clasificar
Microsoft
CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer
Information published.
CVE-2026-40179
Sin clasificar
Microsoft
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Information published.
CVE-2026-2673