CVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control
Published on: 2026-04-03 01:39:08
Link: View Details
Information published.
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input
Published on: 2026-04-03 01:39:27
Link: View Details
Information published.
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Published on: 2026-04-03 01:38:47
Link: View Details
Information published.
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Published on: 2026-04-03 01:38:58
Link: View Details
Information published.
CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters
Published on: 2026-04-03 01:39:20
Link: View Details
Information published.
CVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer names
Published on: 2026-04-03 01:01:25
Link: View Details
Information published.
CVE-2026-32213 Azure AI Foundry Elevation of Privilege Vulnerability
Published on: 2026-04-02 07:00:00
Link: View Details
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
Chromium: CVE-2026-5289 Use after free in Navigation
Published on: 2026-04-02 18:46:55
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5286 Use after free in Dawn
Published on: 2026-04-02 18:46:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5287 Use after free in PDF
Published on: 2026-04-02 18:46:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5285 Use after free in WebGL
Published on: 2026-04-02 18:46:52
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5284 Use after free in Dawn
Published on: 2026-04-02 18:46:51
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5283 Inappropriate implementation in ANGLE
Published on: 2026-04-02 18:46:50
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5281 Use after free in Dawn
Published on: 2026-04-02 18:46:49
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information. Google is aware that an exploit for CVE-2026-5281 exists in the wild.
Chromium: CVE-2026-5280 Use after free in WebCodecs
Published on: 2026-04-02 18:46:48
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5279 Object corruption in V8
Published on: 2026-04-02 18:46:47
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5292 Out of bounds read in WebCodecs
Published on: 2026-04-02 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5290 Use after free in Compositing
Published on: 2026-04-02 18:46:55
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5277 Integer overflow in ANGLE
Published on: 2026-04-02 18:46:46
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5276 Insufficient policy enforcement in WebUSB
Published on: 2026-04-02 18:46:45
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5275 Heap buffer overflow in ANGLE
Published on: 2026-04-02 18:46:44
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5274 Integer overflow in Codecs
Published on: 2026-04-02 18:46:43
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5273 Use after free in CSS
Published on: 2026-04-02 18:46:42
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5272 Heap buffer overflow in GPU
Published on: 2026-04-02 18:46:41
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-32186 Microsoft Bing Elevation of Privilege Vulnerability
Published on: 2026-04-02 07:00:00
Link: View Details
Information published.
CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability
Published on: 2026-04-02 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability
Published on: 2026-04-02 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
CVE-2026-33105 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Published on: 2026-04-02 07:00:00
Link: View Details
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32173 Azure SRE Agent Information Disclosure Vulnerability
Published on: 2026-04-02 07:00:00
Link: View Details
Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
CVE-2026-32211 Azure MCP Server Information Disclosure Vulnerability
Published on: 2026-04-02 07:00:00
Link: View Details
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.
Chromium: CVE-2026-5291 Inappropriate implementation in WebGL
Published on: 2026-04-02 18:46:56
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-2739 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
Published on: 2026-04-02 01:37:20
Link: View Details
Information published.
CVE-2026-29111 systemd: Local unprivileged user can trigger an assert
Published on: 2026-04-02 01:38:20
Link: View Details
Information published.
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Published on: 2026-04-02 01:06:35
Link: View Details
Information published.
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Published on: 2026-04-02 01:39:17
Link: View Details
Information published.
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Published on: 2026-04-02 01:39:52
Link: View Details
Information published.
CVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control
Published on: 2026-04-02 01:39:08
Link: View Details
Information published.
CVE-2025-66037 OpenSC: Out of Bounds vulnerability
Published on: 2026-04-02 01:05:07
Link: View Details
Information published.
CVE-2026-34714
Published on: 2026-04-02 01:06:41
Link: View Details
Information published.
CVE-2026-4046 iconv crash due to assertion failure with untrusted input
Published on: 2026-04-02 01:01:22
Link: View Details
Information published.
CVE-2026-5119 Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment
Published on: 2026-04-02 01:04:50
Link: View Details
Information published.
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input
Published on: 2026-04-02 01:05:31
Link: View Details
Information published.
CVE-2026-29785 NATS Server panic via malicious compression on leafnode port
Published on: 2026-04-02 01:06:16
Link: View Details
Information published.
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Published on: 2026-04-02 01:39:58
Link: View Details
Information published.
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Published on: 2026-04-02 01:05:59
Link: View Details
Information published.
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Published on: 2026-04-02 01:39:25
Link: View Details
Information published.
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Published on: 2026-04-02 01:39:33
Link: View Details
Information published.
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Published on: 2026-04-02 01:39:41
Link: View Details
Information published.
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers
Published on: 2026-04-02 01:40:07
Link: View Details
Information published.
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Published on: 2026-04-02 01:04:57
Link: View Details
Information published.
CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur
Published on: 2026-04-02 01:05:12
Link: View Details
Information published.
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Published on: 2026-04-02 01:05:02
Link: View Details
Information published.
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
Published on: 2026-04-02 01:04:04
Link: View Details
Information published.
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
Published on: 2026-04-02 01:40:32
Link: View Details
Information published.
CVE-2026-4739 Integer overflow vulnerabilities in InsightSoftwareConsortium/ITK
Published on: 2026-04-02 01:04:10
Link: View Details
Information published.
CVE-2026-33554
Published on: 2026-04-02 01:04:20
Link: View Details
Information published.
CVE-2026-5201 Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image
Published on: 2026-04-02 01:04:34
Link: View Details
Information published.
CVE-2026-5121 Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing
Published on: 2026-04-02 01:04:42
Link: View Details
Information published.
CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters
Published on: 2026-04-02 01:05:22
Link: View Details
Information published.
CVE-2026-4732 Out-of-bounds Read Overflow in tildearrow/furnace
Published on: 2026-04-02 01:05:36
Link: View Details
Information published.
CVE-2026-2436 Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake
Published on: 2026-04-02 01:05:41
Link: View Details
Information published.
CVE-2026-33216 NATS has MQTT plaintext password disclosure
Published on: 2026-04-02 01:06:08
Link: View Details
Information published.
CVE-2026-32287 Infinite loop in github.com/antchfx/xpath
Published on: 2026-04-02 01:06:27
Link: View Details
Information published.
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work
Published on: 2026-04-01 01:49:12
Link: View Details
Information published.
CVE-2024-41013 xfs: don't walk off the end of a directory data block
Published on: 2026-04-01 01:52:41
Link: View Details
Information published.
CVE-2023-52676 bpf: Guard stack limits against 32bit overflow
Published on: 2026-04-01 01:51:22
Link: View Details
Information published.
CVE-2024-35839 netfilter: bridge: replace physindev with physinif in nf_bridge_info
Published on: 2026-04-01 01:51:56
Link: View Details
Information published.
CVE-2026-29111 systemd: Local unprivileged user can trigger an assert
Published on: 2026-04-01 01:49:35
Link: View Details
Information published.
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions
Published on: 2026-04-01 01:56:30
Link: View Details
Information published.
CVE-2025-67030
Published on: 2026-04-01 01:57:06
Link: View Details
Information published.
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Published on: 2026-04-01 01:57:14
Link: View Details
Information published.
CVE-2026-21712
Published on: 2026-04-01 01:57:37
Link: View Details
Information published.
CVE-2026-34353
Published on: 2026-04-01 01:57:48
Link: View Details
Information published.
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Published on: 2026-04-01 01:57:59
Link: View Details
Information published.
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion
Published on: 2026-04-01 01:58:16
Link: View Details
Information published.
CVE-2025-66037 OpenSC: Out of Bounds vulnerability
Published on: 2026-04-01 01:14:06
Link: View Details
Information published.
CVE-2026-34714
Published on: 2026-04-01 01:14:55
Link: View Details
Information published.
CVE-2026-21717
Published on: 2026-04-01 01:16:14
Link: View Details
Information published.
CVE-2026-21715
Published on: 2026-04-01 01:18:03
Link: View Details
Information published.
CVE-2026-21714
Published on: 2026-04-01 01:18:43
Link: View Details
Information published.
CVE-2026-4746 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton
Published on: 2026-04-01 01:56:21
Link: View Details
Information published.
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Published on: 2026-04-01 01:57:20
Link: View Details
Information published.
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Published on: 2026-04-01 01:57:26
Link: View Details
Information published.
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Published on: 2026-04-01 01:57:32
Link: View Details
Information published.
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers
Published on: 2026-04-01 01:58:09
Link: View Details
Information published.
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Published on: 2026-04-01 01:13:21
Link: View Details
Information published.
CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur
Published on: 2026-04-01 01:13:44
Link: View Details
Information published.
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Published on: 2026-04-01 01:14:28
Link: View Details
Information published.
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
Published on: 2026-04-01 01:15:30
Link: View Details
Information published.
CVE-2026-21710
Published on: 2026-04-01 01:16:56
Link: View Details
Information published.
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
Published on: 2026-04-01 01:17:30
Link: View Details
Information published.
CVE-2026-21716
Published on: 2026-04-01 01:19:13
Link: View Details
Information published.
CVE-2026-21713
Published on: 2026-04-01 01:19:42
Link: View Details
Information published.
CVE-2026-21711
Published on: 2026-04-01 01:20:03
Link: View Details
Information published.
CVE-2026-23229 crypto: virtio - Add spinlock protection with virtqueue notification
Published on: 2026-03-31 01:40:25
Link: View Details
Information published.
CVE-2026-23221 bus: fsl-mc: fix use-after-free in driver_override_show()
Published on: 2026-03-31 01:37:29
Link: View Details
Information published.
CVE-2025-71232 scsi: qla2xxx: Free sp in error path to fix system crash
Published on: 2026-03-31 01:39:38
Link: View Details
Information published.
CVE-2026-23222 crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly
Published on: 2026-03-31 01:40:12
Link: View Details
Information published.
CVE-2026-23228 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
Published on: 2026-03-31 01:40:18
Link: View Details
Information published.
CVE-2025-71235 scsi: qla2xxx: Delay module unload while fabric scan in progress
Published on: 2026-03-31 01:39:45
Link: View Details
Information published.
CVE-2025-71233 PCI: endpoint: Avoid creating sub-groups asynchronously
Published on: 2026-03-31 01:37:39
Link: View Details
Information published.
CVE-2025-71236 scsi: qla2xxx: Validate sp before freeing associated memory
Published on: 2026-03-31 01:39:52
Link: View Details
Information published.
CVE-2025-71237 nilfs2: Fix potential block overflow that cause system hang
Published on: 2026-03-31 01:39:58
Link: View Details
Information published.
CVE-2026-23169 mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
Published on: 2026-03-31 01:40:05
Link: View Details
Information published.
CVE-2025-68358 btrfs: fix racy bitfield write in btrfs_clear_space_info_full()
Published on: 2026-03-31 01:37:52
Link: View Details
Information published.
CVE-2026-23237 platform/x86: classmate-laptop: Add missing NULL pointer checks
Published on: 2026-03-31 01:38:44
Link: View Details
Information published.
CVE-2026-23238 romfs: check sb_set_blocksize() return value
Published on: 2026-03-31 01:38:52
Link: View Details
Information published.
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Published on: 2026-03-31 01:39:01
Link: View Details
Information published.
CVE-2025-67030
Published on: 2026-03-31 01:39:15
Link: View Details
Information published.
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Published on: 2026-03-31 01:01:22
Link: View Details
Information published.
CVE-2026-21712
Published on: 2026-03-31 01:01:57
Link: View Details
Information published.
CVE-2026-34353
Published on: 2026-03-31 01:02:05
Link: View Details
Information published.
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Published on: 2026-03-31 01:02:19
Link: View Details
Information published.
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
Published on: 2026-03-31 01:03:02
Link: View Details
Information published.
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
Published on: 2026-03-31 01:03:19
Link: View Details
Information published.
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion
Published on: 2026-03-31 01:03:24
Link: View Details
Information published.
CVE-2026-23236 fbdev: smscufx: properly copy ioctl memory to kernelspace
Published on: 2026-03-31 01:38:02
Link: View Details
Information published.
CVE-2025-71238 scsi: qla2xxx: Fix bsg_done() causing double free
Published on: 2026-03-31 01:38:12
Link: View Details
Information published.
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Published on: 2026-03-31 01:02:48
Link: View Details
Information published.
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Published on: 2026-03-31 01:38:54
Link: View Details
Information published.
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Published on: 2026-03-31 01:38:46
Link: View Details
Information published.
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Published on: 2026-03-31 01:01:35
Link: View Details
Information published.
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Published on: 2026-03-31 01:01:44
Link: View Details
Information published.
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Published on: 2026-03-31 01:01:52
Link: View Details
Information published.
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
Published on: 2026-03-31 01:02:28
Link: View Details
Information published.
CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
Published on: 2026-03-31 01:02:36
Link: View Details
Information published.
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Published on: 2026-03-31 01:02:44
Link: View Details
Information published.
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers
Published on: 2026-03-31 01:02:57
Link: View Details
Information published.
CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
Published on: 2026-03-31 01:03:08
Link: View Details
Information published.
CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection
Published on: 2026-03-31 01:03:13
Link: View Details
Information published.
CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
Published on: 2026-03-31 01:03:30
Link: View Details
Information published.
Chromium: CVE-2026-4676 Use after free in Dawn
Published on: 2026-03-31 00:35:15
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-3104 Memory leak in code preparing DNSSEC proofs of non-existence
Published on: 2026-03-29 01:01:52
Link: View Details
Information published.
CVE-2026-3591 A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass
Published on: 2026-03-29 01:02:04
Link: View Details
Information published.
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Published on: 2026-03-29 01:02:20
Link: View Details
Information published.
CVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error path
Published on: 2026-03-29 01:02:34
Link: View Details
Information published.
CVE-2025-67030
Published on: 2026-03-29 01:02:46
Link: View Details
Information published.
CVE-2025-70888
Published on: 2026-03-29 01:03:20
Link: View Details
Information published.
CVE-2026-34085
Published on: 2026-03-29 01:01:35
Link: View Details
Information published.
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation
Published on: 2026-03-29 01:01:29
Link: View Details
Information published.
CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection
Published on: 2026-03-29 01:01:41
Link: View Details
Information published.
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Published on: 2026-03-29 01:01:47
Link: View Details
Information published.
CVE-2026-3119 Authenticated query containing a TKEY record may cause named to terminate unexpectedly
Published on: 2026-03-29 01:01:58
Link: View Details
Information published.
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Published on: 2026-03-29 01:02:12
Link: View Details
Information published.
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Published on: 2026-03-29 01:02:28
Link: View Details
Information published.
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Published on: 2026-03-29 01:03:00
Link: View Details
Information published.
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Published on: 2026-03-29 01:03:13
Link: View Details
Information published.
CVE-2026-4833 Orc discount Markdown markdown.c compile recursion
Published on: 2026-03-29 01:03:30
Link: View Details
Information published.
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions
Published on: 2026-03-28 01:39:15
Link: View Details
Information published.
CVE-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks
Published on: 2026-03-28 01:01:22
Link: View Details
Information published.
CVE-2026-33413 etcd: Authorization bypasses in multiple APIs
Published on: 2026-03-28 01:01:30
Link: View Details
Information published.
CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
Published on: 2026-03-28 01:38:40
Link: View Details
Information published.
Chromium: CVE-2026-4673 Heap buffer overflow in WebAudio
Published on: 2026-03-27 18:02:49
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4680 Use after free in FedCM
Published on: 2026-03-27 18:02:55
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4677 Out of bounds read in WebAudio
Published on: 2026-03-27 18:02:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4675 Heap buffer overflow in WebGL
Published on: 2026-03-27 18:02:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4679 Integer overflow in Fonts
Published on: 2026-03-27 18:02:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4674 Out of bounds read in CSS
Published on: 2026-03-27 18:02:52
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4442 Heap buffer overflow in CSS
Published on: 2026-03-27 18:02:56
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-32187 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
Published on: 2026-03-27 07:00:00
Link: View Details
Information published.
CVE-2026-23068 spi: spi-sprd-adi: Fix double free in probe error path
Published on: 2026-03-27 01:39:46
Link: View Details
Information published.
CVE-2025-71221 dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()
Published on: 2026-03-27 01:41:25
Link: View Details
Information published.
CVE-2026-23227 drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free
Published on: 2026-03-27 01:41:30
Link: View Details
Information published.
CVE-2025-71109 MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits
Published on: 2026-03-27 01:02:53
Link: View Details
Information published.
CVE-2025-71183 btrfs: always detect conflicting inodes when logging inode refs
Published on: 2026-03-27 01:02:59
Link: View Details
Information published.
CVE-2025-71184 btrfs: fix NULL dereference on root when tracing inode eviction
Published on: 2026-03-27 01:03:05
Link: View Details
Information published.
CVE-2026-23004 dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()
Published on: 2026-03-27 01:03:10
Link: View Details
Information published.
CVE-2025-71095 net: stmmac: fix the crash issue for zero copy XDP_TX action
Published on: 2026-03-27 01:02:48
Link: View Details
Information published.
CVE-2025-71073 Input: lkkbd - disable pending work before freeing device
Published on: 2026-03-27 01:02:38
Link: View Details
Information published.
CVE-2025-71074 functionfs: fix the open/removal races
Published on: 2026-03-27 01:02:43
Link: View Details
Information published.
CVE-2026-23234 f2fs: fix to avoid UAF in f2fs_write_end_io()
Published on: 2026-03-27 01:40:12
Link: View Details
Information published.
CVE-2026-23235 f2fs: fix out-of-bounds access in sysfs attribute read/write
Published on: 2026-03-27 01:40:18
Link: View Details
Information published.
CVE-2026-25679 Incorrect parsing of IPv6 host literals in net/url
Published on: 2026-03-27 01:38:09
Link: View Details
Information published.
CVE-2026-23868
Published on: 2026-03-27 01:39:41
Link: View Details
Information published.
CVE-2026-3783 token leak with redirect and netrc
Published on: 2026-03-27 01:39:33
Link: View Details
Information published.
CVE-2025-66413 Git for Windows leaks NTLM hash when cloning from an attacker-controlled server
Published on: 2026-03-27 01:39:51
Link: View Details
Information published.
CVE-2026-23233 f2fs: fix to avoid mapping wrong physical block for swapfile
Published on: 2026-03-27 01:40:23
Link: View Details
Information published.
CVE-2026-23265 f2fs: fix to do sanity check on node footer in {read,write}_end_io
Published on: 2026-03-27 01:40:56
Link: View Details
Information published.
CVE-2026-3549 ECH parsing heap buffer overflow
Published on: 2026-03-27 01:42:32
Link: View Details
Information published.
CVE-2026-29111 systemd: Local unprivileged user can trigger an assert
Published on: 2026-03-27 01:04:50
Link: View Details
Information published.
CVE-2026-23325 wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()
Published on: 2026-03-27 01:36:22
Link: View Details
Information published.
CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior
Published on: 2026-03-27 01:36:43
Link: View Details
Information published.
CVE-2026-28753 NGINX ngx_mail_proxy_module vulnerability
Published on: 2026-03-27 01:02:18
Link: View Details
Information published.
CVE-2026-32647 NGINX ngx_http_mp4_module vulnerability
Published on: 2026-03-27 01:02:34
Link: View Details
Information published.
CVE-2026-23398 icmp: fix NULL pointer dereference in icmp_tag_validation()
Published on: 2026-03-27 01:03:21
Link: View Details
Information published.
CVE-2026-23396 wifi: mac80211: fix NULL deref in mesh_matches_local()
Published on: 2026-03-27 01:03:32
Link: View Details
Information published.
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions
Published on: 2026-03-27 01:05:07
Link: View Details
Information published.
CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow
Published on: 2026-03-27 01:38:02
Link: View Details
Information published.
CVE-2026-1965 bad reuse of HTTP Negotiate connection
Published on: 2026-03-27 01:38:42
Link: View Details
Information published.
CVE-2026-3784 wrong proxy connection reuse with credentials
Published on: 2026-03-27 01:39:08
Link: View Details
Information published.
CVE-2026-3904
Published on: 2026-03-27 01:38:14
Link: View Details
Information published.
CVE-2026-23267 f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes
Published on: 2026-03-27 01:40:49
Link: View Details
Information published.
CVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validation
Published on: 2026-03-27 01:41:20
Link: View Details
Information published.
CVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow
Published on: 2026-03-27 01:42:01
Link: View Details
Information published.
CVE-2026-3548 Buffer overflow in CRL number parsing in wolfSSL
Published on: 2026-03-27 01:42:24
Link: View Details
Information published.
CVE-2026-3547 wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation
Published on: 2026-03-27 01:42:40
Link: View Details
Information published.
CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase
Published on: 2026-03-27 01:42:47
Link: View Details
Information published.
CVE-2026-33228 flatted: Prototype Pollution via parse()
Published on: 2026-03-27 01:42:55
Link: View Details
Information published.
CVE-2026-4519 webbrowser.open() allows leading dashes in URLs
Published on: 2026-03-27 01:43:08
Link: View Details
Information published.
CVE-2026-33412 Vim affected by Command injection via newline in glob()
Published on: 2026-03-27 01:03:15
Link: View Details
Information published.
CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown
Published on: 2026-03-27 01:43:20
Link: View Details
Information published.
CVE-2026-23330 nfc: nci: complete pending data exchange on device close
Published on: 2026-03-27 01:36:13
Link: View Details
Information published.
CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths
Published on: 2026-03-27 01:36:59
Link: View Details
Information published.
CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
Published on: 2026-03-27 01:37:07
Link: View Details
Information published.
CVE-2026-23386 gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL
Published on: 2026-03-27 01:37:16
Link: View Details
Information published.
CVE-2026-23308 pinctrl: equilibrium: fix warning trace on load
Published on: 2026-03-27 01:37:21
Link: View Details
Information published.
CVE-2026-23287 irqchip/sifive-plic: Fix frozen interrupt due to affinity setting
Published on: 2026-03-27 01:37:32
Link: View Details
Information published.
CVE-2026-23327 cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()
Published on: 2026-03-27 01:37:50
Link: View Details
Information published.
CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion
Published on: 2026-03-27 01:38:08
Link: View Details
Information published.
CVE-2026-34085
Published on: 2026-03-27 01:01:26
Link: View Details
Information published.
CVE-2026-33526 Squid vulnerable to Denial of Service in ICP Request handling
Published on: 2026-03-27 01:01:32
Link: View Details
Information published.
CVE-2026-33515 Squid has issues in ICP message handling
Published on: 2026-03-27 01:01:38
Link: View Details
Information published.
CVE-2026-32748 Squid has Denial of Service in ICP Response handling
Published on: 2026-03-27 01:01:43
Link: View Details
Information published.
CVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerability
Published on: 2026-03-27 01:01:53
Link: View Details
Information published.
CVE-2026-27654 NGINX ngx_http_dav_module vulnerability
Published on: 2026-03-27 01:02:01
Link: View Details
Information published.
CVE-2026-27784 NGINX ngx_http_mp4_module vulnerability
Published on: 2026-03-27 01:02:09
Link: View Details
Information published.
CVE-2026-28755 NGINX ngx_stream_ssl_module vulnerability
Published on: 2026-03-27 01:02:26
Link: View Details
Information published.
CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints
Published on: 2026-03-27 01:03:26
Link: View Details
Information published.
CVE-2026-4647 Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library
Published on: 2026-03-27 01:03:50
Link: View Details
Information published.
CVE-2026-4746 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton
Published on: 2026-03-27 01:04:33
Link: View Details
Information published.
CVE-2026-4775 Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing
Published on: 2026-03-27 01:04:43
Link: View Details
Information published.
CVE-2025-68357 iomap: allocate s_dio_done_wq for async reads as well
Published on: 2026-03-26 01:37:02
Link: View Details
Information published.
CVE-2024-45336 Sensitive headers incorrectly sent after cross-domain redirect in net/http
Published on: 2026-03-26 01:36:04
Link: View Details
Information published.
CVE-2024-45341 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
Published on: 2026-03-26 01:35:59
Link: View Details
Information published.
CVE-2026-2297 SourcelessFileLoader does not use io.open_code()
Published on: 2026-03-26 01:37:29
Link: View Details
Information published.
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template
Published on: 2026-03-26 01:37:39
Link: View Details
Information published.
CVE-2026-25679 Incorrect parsing of IPv6 host literals in net/url
Published on: 2026-03-26 01:37:44
Link: View Details
Information published.
CVE-2025-66413 Git for Windows leaks NTLM hash when cloning from an attacker-controlled server
Published on: 2026-03-26 01:38:11
Link: View Details
Information published.
CVE-2026-29111 systemd: Local unprivileged user can trigger an assert
Published on: 2026-03-26 01:01:32
Link: View Details
Information published.
CVE-2026-23382 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them
Published on: 2026-03-26 01:02:04
Link: View Details
Information published.
CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal
Published on: 2026-03-26 01:02:16
Link: View Details
Information published.
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz
Published on: 2026-03-26 01:02:32
Link: View Details
Information published.
CVE-2026-23359 bpf: Fix stack-out-of-bounds write in devmap
Published on: 2026-03-26 01:02:54
Link: View Details
Information published.
CVE-2026-23325 wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()
Published on: 2026-03-26 01:02:59
Link: View Details
Information published.
CVE-2026-23313 i40e: Fix preempt count leak in napi poll tracepoint
Published on: 2026-03-26 01:03:10
Link: View Details
Information published.
CVE-2026-23306 scsi: pm8001: Fix use-after-free in pm8001_queue_command()
Published on: 2026-03-26 01:03:21
Link: View Details
Information published.
CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
Published on: 2026-03-26 01:03:48
Link: View Details
Information published.
CVE-2026-23307 can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message
Published on: 2026-03-26 01:03:59
Link: View Details
Information published.
CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects
Published on: 2026-03-26 01:04:10
Link: View Details
Information published.
CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior
Published on: 2026-03-26 01:04:16
Link: View Details
Information published.
CVE-2026-23352 x86/efi: defer freeing of boot services memory
Published on: 2026-03-26 01:04:21
Link: View Details
Information published.
CVE-2026-23298 can: ucan: Fix infinite loop from zero-length messages
Published on: 2026-03-26 01:04:59
Link: View Details
Information published.
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
Published on: 2026-03-26 01:05:10
Link: View Details
Information published.
CVE-2026-23340 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs
Published on: 2026-03-26 01:05:16
Link: View Details
Information published.
CVE-2026-23351 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
Published on: 2026-03-26 01:05:21
Link: View Details
Information published.
CVE-2026-23319 bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim
Published on: 2026-03-26 01:05:59
Link: View Details
Information published.
CVE-2026-23300 net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop
Published on: 2026-03-26 01:06:10
Link: View Details
Information published.
CVE-2026-23293 net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled
Published on: 2026-03-26 01:06:59
Link: View Details
Information published.
CVE-2026-23343 xdp: produce a warning when calculated tailroom is negative
Published on: 2026-03-26 01:07:10
Link: View Details
Information published.
CVE-2026-23389 ice: Fix memory leak in ice_set_ringparam()
Published on: 2026-03-26 01:07:21
Link: View Details
Information published.
CVE-2026-23324 can: usb: etas_es58x: correctly anchor the urb in the read bulk callback
Published on: 2026-03-26 01:07:32
Link: View Details
Information published.
CVE-2026-23365 net: usb: kalmia: validate USB endpoints
Published on: 2026-03-26 01:07:49
Link: View Details
Information published.
CVE-2026-23284 net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup()
Published on: 2026-03-26 01:07:54
Link: View Details
Information published.
CVE-2026-3381 Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib
Published on: 2026-03-26 01:39:38
Link: View Details
Information published.
CVE-2026-23239 espintcp: Fix race condition in espintcp_close()
Published on: 2026-03-26 01:37:49
Link: View Details
Information published.
CVE-2026-3805 use after free in SMB connection reuse
Published on: 2026-03-26 01:38:04
Link: View Details
Information published.
CVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow
Published on: 2026-03-26 01:01:36
Link: View Details
Information published.
CVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :path
Published on: 2026-03-26 01:01:16
Link: View Details
Information published.
CVE-2026-33412 Vim affected by Command injection via newline in glob()
Published on: 2026-03-26 01:01:23
Link: View Details
Information published.
CVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
Published on: 2026-03-26 01:01:42
Link: View Details
Information published.
CVE-2026-23333 netfilter: nft_set_rbtree: validate open interval overlap
Published on: 2026-03-26 01:01:48
Link: View Details
Information published.
CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown
Published on: 2026-03-26 01:01:53
Link: View Details
Information published.
CVE-2026-23315 wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()
Published on: 2026-03-26 01:01:59
Link: View Details
Information published.
CVE-2026-23312 net: usb: kaweth: validate USB endpoints
Published on: 2026-03-26 01:02:10
Link: View Details
Information published.
CVE-2026-23330 nfc: nci: complete pending data exchange on device close
Published on: 2026-03-26 01:02:21
Link: View Details
Information published.
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
Published on: 2026-03-26 01:02:27
Link: View Details
Information published.
CVE-2026-23285 drbd: fix null-pointer dereference on local read error
Published on: 2026-03-26 01:02:38
Link: View Details
Information published.
CVE-2026-23296 scsi: core: Fix refcount leak for tagset_refcnt
Published on: 2026-03-26 01:02:43
Link: View Details
Information published.
CVE-2026-23392 netfilter: nf_tables: release flowtable after rcu grace period on error
Published on: 2026-03-26 01:02:48
Link: View Details
Information published.
CVE-2026-23318 ALSA: usb-audio: Use correct version for UAC3 header validation
Published on: 2026-03-26 01:03:05
Link: View Details
Information published.
CVE-2026-23388 Squashfs: check metadata block offset is within range
Published on: 2026-03-26 01:03:15
Link: View Details
Information published.
CVE-2026-23286 atm: lec: fix null-ptr-deref in lec_arp_clear_vccs
Published on: 2026-03-26 01:03:26
Link: View Details
Information published.
CVE-2026-23368 net: phy: register phy led_triggers during probe to avoid AB-BA deadlock
Published on: 2026-03-26 01:03:32
Link: View Details
Information published.
CVE-2026-23390 tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow
Published on: 2026-03-26 01:03:37
Link: View Details
Information published.
CVE-2026-23292 scsi: target: Fix recursive locking in __configfs_open_file()
Published on: 2026-03-26 01:03:43
Link: View Details
Information published.
CVE-2026-23364 ksmbd: Compare MACs in constant time
Published on: 2026-03-26 01:03:54
Link: View Details
Information published.
CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()
Published on: 2026-03-26 01:04:05
Link: View Details
Information published.
CVE-2026-23334 can: usb: f81604: handle short interrupt urb messages properly
Published on: 2026-03-26 01:04:27
Link: View Details
Information published.
CVE-2026-23303 smb: client: Don't log plaintext credentials in cifs_set_cifscreds
Published on: 2026-03-26 01:04:32
Link: View Details
Information published.
CVE-2026-23304 ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()
Published on: 2026-03-26 01:04:38
Link: View Details
Information published.
CVE-2026-23320 usb: gadget: f_ncm: align net_device lifecycle with bind/unbind
Published on: 2026-03-26 01:04:43
Link: View Details
Information published.
CVE-2026-23290 net: usb: pegasus: validate USB endpoints
Published on: 2026-03-26 01:04:48
Link: View Details
Information published.
CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths
Published on: 2026-03-26 01:04:54
Link: View Details
Information published.
CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
Published on: 2026-03-26 01:05:05
Link: View Details
Information published.
CVE-2026-23302 net: annotate data-races around sk->sk_{data_ready,write_space}
Published on: 2026-03-26 01:05:26
Link: View Details
Information published.
CVE-2026-23386 gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL
Published on: 2026-03-26 01:05:32
Link: View Details
Information published.
CVE-2026-23308 pinctrl: equilibrium: fix warning trace on load
Published on: 2026-03-26 01:05:37
Link: View Details
Information published.
CVE-2026-23291 nfc: pn533: properly drop the usb interface reference on disconnect
Published on: 2026-03-26 01:05:43
Link: View Details
Information published.
CVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_open
Published on: 2026-03-26 01:05:48
Link: View Details
Information published.
CVE-2026-23287 irqchip/sifive-plic: Fix frozen interrupt due to affinity setting
Published on: 2026-03-26 01:05:54
Link: View Details
Information published.
CVE-2026-23336 wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()
Published on: 2026-03-26 01:06:05
Link: View Details
Information published.
CVE-2026-23281 wifi: libertas: fix use-after-free in lbs_free_adapter()
Published on: 2026-03-26 01:06:16
Link: View Details
Information published.
CVE-2026-23381 net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
Published on: 2026-03-26 01:06:21
Link: View Details
Information published.
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
Published on: 2026-03-26 01:06:26
Link: View Details
Information published.
CVE-2026-23374 blktrace: fix __this_cpu_read/write in preemptible context
Published on: 2026-03-26 01:06:32
Link: View Details
Information published.
CVE-2026-23289 IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()
Published on: 2026-03-26 01:06:37
Link: View Details
Information published.
CVE-2026-23317 drm/vmwgfx: Return the correct value in vmw_translate_ptr functions
Published on: 2026-03-26 01:06:43
Link: View Details
Information published.
CVE-2026-23347 can: usb: f81604: correctly anchor the urb in the read bulk callback
Published on: 2026-03-26 01:06:48
Link: View Details
Information published.
CVE-2026-23310 bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded
Published on: 2026-03-26 01:06:53
Link: View Details
Information published.
CVE-2026-23356 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()
Published on: 2026-03-26 01:07:04
Link: View Details
Information published.
CVE-2026-23327 cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()
Published on: 2026-03-26 01:07:16
Link: View Details
Information published.
CVE-2026-23367 wifi: radiotap: reject radiotap with unknown bits
Published on: 2026-03-26 01:07:26
Link: View Details
Information published.
CVE-2026-23279 wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame()
Published on: 2026-03-26 01:07:38
Link: View Details
Information published.
CVE-2026-23379 net/sched: ets: fix divide by zero in the offload path
Published on: 2026-03-26 01:07:43
Link: View Details
Information published.
CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion
Published on: 2026-03-26 01:08:00
Link: View Details
Information published.
CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure
Published on: 2026-03-25 01:36:34
Link: View Details
Information published.
CVE-2026-27623 Valkey has Pre-Authentication DOS from malformed RESP request
Published on: 2026-03-25 01:05:42
Link: View Details
Information published.
CVE-2026-0716 Libsoup: out-of-bounds read in libsoup websocket frame processing
Published on: 2026-03-25 01:36:26
Link: View Details
Information published.
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
Published on: 2026-03-25 01:36:16
Link: View Details
Information published.
CVE-2026-4437 gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response
Published on: 2026-03-25 01:01:14
Link: View Details
Information published.
CVE-2026-4438 gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames
Published on: 2026-03-25 01:01:20
Link: View Details
Information published.
CVE-2026-4426 Libarchive: libarchive: denial of service via malformed iso file processing
Published on: 2026-03-25 01:02:26
Link: View Details
Information published.
CVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path
Published on: 2026-03-25 01:03:22
Link: View Details
Information published.
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path
Published on: 2026-03-25 01:03:47
Link: View Details
Information published.
CVE-2026-3549 ECH parsing heap buffer overflow
Published on: 2026-03-25 01:04:27
Link: View Details
Information published.
CVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow
Published on: 2026-03-25 01:01:26
Link: View Details
Information published.
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Published on: 2026-03-25 01:01:52
Link: View Details
Information published.
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
Published on: 2026-03-25 01:02:18
Link: View Details
Information published.
CVE-2026-4424 Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing
Published on: 2026-03-25 01:02:34
Link: View Details
Information published.
CVE-2026-3099 Libsoup: libsoup: authentication bypass via digest authentication replay attack
Published on: 2026-03-25 01:02:43
Link: View Details
Information published.
CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
Published on: 2026-03-25 01:02:51
Link: View Details
Information published.
CVE-2026-0819 Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes
Published on: 2026-03-25 01:02:58
Link: View Details
Information published.
CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read
Published on: 2026-03-25 01:03:06
Link: View Details
Information published.
CVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V
Published on: 2026-03-25 01:03:14
Link: View Details
Information published.
CVE-2026-3849 Buffer Overflow in HPKE via Oversized ECH Config
Published on: 2026-03-25 01:03:31
Link: View Details
Information published.
CVE-2026-3579 Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I
Published on: 2026-03-25 01:03:39
Link: View Details
Information published.
CVE-2026-3229 Integer Overflow in Certificate Chain Allocation
Published on: 2026-03-25 01:03:54
Link: View Details
Information published.
CVE-2026-3230 Improper key_share validation in TLS 1.3 HelloRetryRequest
Published on: 2026-03-25 01:04:03
Link: View Details
Information published.
CVE-2026-3503 Fault injection attack with ML-DSA and ML-KEM on ARM
Published on: 2026-03-25 01:04:11
Link: View Details
Information published.
CVE-2026-3548 Buffer overflow in CRL number parsing in wolfSSL
Published on: 2026-03-25 01:04:19
Link: View Details
Information published.
CVE-2026-2645 Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
Published on: 2026-03-25 01:04:35
Link: View Details
Information published.
CVE-2026-3547 wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation
Published on: 2026-03-25 01:04:43
Link: View Details
Information published.
CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function
Published on: 2026-03-25 01:04:51
Link: View Details
Information published.
CVE-2025-69720
Published on: 2026-03-25 01:04:59
Link: View Details
Information published.
CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase
Published on: 2026-03-25 01:05:07
Link: View Details
Information published.
CVE-2026-33228 flatted: Prototype Pollution via parse()
Published on: 2026-03-25 01:05:15
Link: View Details
Information published.
CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
Published on: 2026-03-25 01:05:25
Link: View Details
Information published.
CVE-2026-4519 webbrowser.open() allows leading dashes in URLs
Published on: 2026-03-25 01:05:36
Link: View Details
Information published.
CVE-2026-23669 RPC Runtime Library Remote Code Execution Vulnerability
Published on: 2026-03-24 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-4464 Integer overflow in ANGLE
Published on: 2026-03-23 00:45:49
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4463 Heap buffer overflow in WebRTC
Published on: 2026-03-23 00:45:48
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4462 Out of bounds read in Blink
Published on: 2026-03-23 00:45:47
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4461 Inappropriate implementation in V8
Published on: 2026-03-23 00:45:46
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4456 Use after free in Digital Credentials API
Published on: 2026-03-23 00:45:42
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4460 Out of bounds read in Skia
Published on: 2026-03-23 00:45:45
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4457 Type Confusion in V8
Published on: 2026-03-23 00:45:43
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4446 Use after free in WebRTC
Published on: 2026-03-23 00:45:34
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4449 Use after free in Blink
Published on: 2026-03-23 00:45:37
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4445 Use after free in WebRTC
Published on: 2026-03-23 00:45:33
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4451 Insufficient validation of untrusted input in Navigation
Published on: 2026-03-23 00:45:39
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4447 Inappropriate implementation in V8
Published on: 2026-03-23 00:45:35
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4444 Stack buffer overflow in WebRTC
Published on: 2026-03-23 00:45:32
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4455 Heap buffer overflow in PDFium
Published on: 2026-03-23 00:45:41
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4452 Integer overflow in ANGLE
Published on: 2026-03-23 00:45:40
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4443 Heap buffer overflow in WebAudio
Published on: 2026-03-23 00:45:31
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4448 Heap buffer overflow in ANGLE
Published on: 2026-03-23 00:45:36
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4441 Use after free in Base
Published on: 2026-03-23 00:45:30
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-4438 gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames
Published on: 2026-03-23 14:39:34
Link: View Details
Information published.
Chromium: CVE-2026-4454 Use after free in Network
Published on: 2026-03-23 00:45:41
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4450 Out of bounds write in V8
Published on: 2026-03-23 00:45:38
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-4437 gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response
Published on: 2026-03-23 14:39:29
Link: View Details
Information published.
Chromium: CVE-2026-4458 Use after free in Extensions
Published on: 2026-03-23 00:45:44
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-3381 Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib
Published on: 2026-03-23 01:01:21
Link: View Details
Information published.
Chromium: CVE-2026-4440 Out of bounds read and write in WebGL
Published on: 2026-03-23 00:45:27
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-23204 net/sched: cls_u32: use skb_header_pointer_careful()
Published on: 2026-03-21 01:01:16
Link: View Details
Information published.
CVE-2026-32775
Published on: 2026-03-21 01:36:45
Link: View Details
Information published.
CVE-2026-23274 netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
Published on: 2026-03-21 01:01:22
Link: View Details
Information published.
CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements
Published on: 2026-03-21 01:01:33
Link: View Details
Information published.
CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion
Published on: 2026-03-21 01:01:38
Link: View Details
Information published.
CVE-2026-23276 net: add xmit recursion limit to tunnel xmit functions
Published on: 2026-03-21 01:01:49
Link: View Details
Information published.
CVE-2026-3634 Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header
Published on: 2026-03-21 01:02:26
Link: View Details
Information published.
CVE-2026-3632 Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames
Published on: 2026-03-21 01:02:34
Link: View Details
Information published.
CVE-2026-3479 pkgutil.get_data() does not enforce documented restrictions
Published on: 2026-03-21 01:03:01
Link: View Details
Information published.
CVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
Published on: 2026-03-21 01:36:53
Link: View Details
Information published.
CVE-2026-27459 pyOpenSSL DTLS cookie callback buffer overflow
Published on: 2026-03-21 01:37:02
Link: View Details
Information published.
CVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validation
Published on: 2026-03-21 01:37:11
Link: View Details
Information published.
CVE-2026-23277 net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit
Published on: 2026-03-21 01:01:27
Link: View Details
Information published.
CVE-2026-23271 perf: Fix __perf_event_overflow() vs perf_remove_from_context() race
Published on: 2026-03-21 01:01:44
Link: View Details
Information published.
CVE-2026-32766 astral-tokio-tar insufficiently validates PAX extensions during extraction
Published on: 2026-03-21 01:02:18
Link: View Details
Information published.
CVE-2026-3633 Libsoup: libsoup: header and http request injection via crlf injection
Published on: 2026-03-21 01:02:43
Link: View Details
Information published.
CVE-2026-30922 pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
Published on: 2026-03-21 01:02:51
Link: View Details
Information published.
CVE-2026-26118 Azure MCP Server Tools Elevation of Privilege Vulnerability
Published on: 2026-03-20 07:00:00
Link: View Details
Added products to the Security Updates table that document the various packaging methods used to deliver Azure MCP Server Tools.
CVE-2026-23212 bonding: annotate data-races around slave->last_rx
Published on: 2026-03-20 01:03:57
Link: View Details
Information published.
CVE-2026-23214 btrfs: reject new transactions if the fs is fully read-only
Published on: 2026-03-20 01:04:07
Link: View Details
Information published.
CVE-2026-23229 crypto: virtio - Add spinlock protection with virtqueue notification
Published on: 2026-03-20 01:04:38
Link: View Details
Information published.
CVE-2026-23221 bus: fsl-mc: fix use-after-free in driver_override_show()
Published on: 2026-03-20 01:04:18
Link: View Details
Information published.
CVE-2026-23220 ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths
Published on: 2026-03-20 01:04:12
Link: View Details
Information published.
CVE-2025-71232 scsi: qla2xxx: Free sp in error path to fix system crash
Published on: 2026-03-20 01:02:34
Link: View Details
Information published.
CVE-2025-71221 dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()
Published on: 2026-03-20 01:02:20
Link: View Details
Information published.
CVE-2026-23110 scsi: core: Wake up the error handler when final completions race against each other
Published on: 2026-03-20 01:03:01
Link: View Details
Information published.
CVE-2026-23171 bonding: fix use-after-free due to enslave fail after slave array update
Published on: 2026-03-20 01:03:39
Link: View Details
Information published.
CVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
Published on: 2026-03-20 01:04:02
Link: View Details
Information published.
CVE-2025-71225 md: suspend array while updating raid_disks via sysfs
Published on: 2026-03-20 01:02:24
Link: View Details
Information published.
CVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channels
Published on: 2026-03-20 01:02:29
Link: View Details
Information published.
CVE-2026-23222 crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly
Published on: 2026-03-20 01:04:23
Link: View Details
Information published.
CVE-2026-23228 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
Published on: 2026-03-20 01:04:33
Link: View Details
Information published.
CVE-2025-71235 scsi: qla2xxx: Delay module unload while fabric scan in progress
Published on: 2026-03-20 01:02:44
Link: View Details
Information published.
CVE-2025-71233 PCI: endpoint: Avoid creating sub-groups asynchronously
Published on: 2026-03-20 01:02:39
Link: View Details
Information published.
CVE-2025-71236 scsi: qla2xxx: Validate sp before freeing associated memory
Published on: 2026-03-20 01:02:50
Link: View Details
Information published.
CVE-2025-71237 nilfs2: Fix potential block overflow that cause system hang
Published on: 2026-03-20 01:02:55
Link: View Details
Information published.
CVE-2026-23227 drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free
Published on: 2026-03-20 01:04:28
Link: View Details
Information published.
CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler
Published on: 2026-03-20 01:02:14
Link: View Details
Information published.
CVE-2026-23113 io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop
Published on: 2026-03-20 01:03:06
Link: View Details
Information published.
CVE-2026-23118 rxrpc: Fix data-race warning and potential load/store tearing
Published on: 2026-03-20 01:03:12
Link: View Details
Information published.
CVE-2026-23126 netdevsim: fix a race issue related to the operation on bpf_bound_progs list
Published on: 2026-03-20 01:03:17
Link: View Details
Information published.
CVE-2026-23154 net: fix segmentation of forwarding fraglist GRO
Published on: 2026-03-20 01:03:22
Link: View Details
Information published.
CVE-2026-23157 btrfs: do not strictly require dirty metadata threshold for metadata writepages
Published on: 2026-03-20 01:03:28
Link: View Details
Information published.
CVE-2026-23169 mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
Published on: 2026-03-20 01:03:33
Link: View Details
Information published.
CVE-2026-23191 ALSA: aloop: Fix racy access at PCM trigger
Published on: 2026-03-20 01:03:47
Link: View Details
Information published.
CVE-2026-23208 ALSA: usb-audio: Prevent excessive number of frames
Published on: 2026-03-20 01:03:53
Link: View Details
Information published.
CVE-2022-46456 NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
Published on: 2026-03-20 01:35:47
Link: View Details
Information published.
CVE-2024-8354 Qemu-kvm: usb: assertion failure in usb_ep_get()
Published on: 2026-03-20 01:36:25
Link: View Details
Information published.
CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds
Published on: 2026-03-20 01:38:05
Link: View Details
Information published.
CVE-2026-23243 RDMA/umad: Reject negative data_len in ib_umad_write
Published on: 2026-03-20 01:40:04
Link: View Details
Information published.
CVE-2026-23269 apparmor: validate DFA start states are in bounds in unpack_pdb
Published on: 2026-03-20 01:01:28
Link: View Details
Information published.
CVE-2026-23259 io_uring/rw: free potentially allocated iovec on cache put failure
Published on: 2026-03-20 01:01:39
Link: View Details
Information published.
CVE-2026-23268 apparmor: fix unprivileged local user can do privileged policy management
Published on: 2026-03-20 01:01:49
Link: View Details
Information published.
CVE-2026-23266 fbdev: rivafb: fix divide error in nv3_arb()
Published on: 2026-03-20 01:01:55
Link: View Details
Information published.
CVE-2026-23265 f2fs: fix to do sanity check on node footer in {read,write}_end_io
Published on: 2026-03-20 01:02:00
Link: View Details
Information published.
CVE-2006-10002 XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes
Published on: 2026-03-20 01:04:46
Link: View Details
Information published.
CVE-2026-23255 net: add proper RCU protection to /proc/net/ptype
Published on: 2026-03-20 01:01:17
Link: View Details
Information published.
CVE-2026-23253 media: dvb-core: fix wrong reinitialization of ringbuffer on reopen
Published on: 2026-03-20 01:01:22
Link: View Details
Information published.
CVE-2025-71269 btrfs: do not free data reservation in fallback from inline due to -ENOSPC
Published on: 2026-03-20 01:01:33
Link: View Details
Information published.
CVE-2026-23267 f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes
Published on: 2026-03-20 01:01:44
Link: View Details
Information published.
CVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validation
Published on: 2026-03-20 01:02:06
Link: View Details
Information published.
CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack
Published on: 2026-03-20 01:04:51
Link: View Details
Information published.
CVE-2026-32169 Azure Cloud Shell Elevation of Privilege Vulnerability
Published on: 2026-03-19 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-26139 Microsoft Purview Elevation of Privilege Vulnerability
Published on: 2026-03-19 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-26138 Microsoft Purview Elevation of Privilege Vulnerability
Published on: 2026-03-19 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32191 Microsoft Bing Images Remote Code Execution Vulnerability
Published on: 2026-03-19 07:00:00
Link: View Details
Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.
CVE-2026-23658 Azure DevOps: msazure Elevation of Privilege Vulnerability
Published on: 2026-03-19 07:00:00
Link: View Details
Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-26120 Microsoft Bing Tampering Vulnerability
Published on: 2026-03-19 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network.
CVE-2026-23659 Azure Data Factory Information Disclosure Vulnerability
Published on: 2026-03-19 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.
CVE-2026-24299 M365 Copilot Information Disclosure Vulnerability
Published on: 2026-03-19 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26136 Microsoft Copilot Information Disclosure Vulnerability
Published on: 2026-03-19 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26137 Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability
Published on: 2026-03-19 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.
CVE-2026-32194 Microsoft Bing Images Remote Code Execution Vulnerability
Published on: 2026-03-19 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.
CVE-2026-23234 f2fs: fix to avoid UAF in f2fs_write_end_io()
Published on: 2026-03-19 01:02:47
Link: View Details
Information published.
CVE-2026-23235 f2fs: fix out-of-bounds access in sysfs attribute read/write
Published on: 2026-03-19 01:02:52
Link: View Details
Information published.
CVE-2026-23237 platform/x86: classmate-laptop: Add missing NULL pointer checks
Published on: 2026-03-19 01:03:02
Link: View Details
Information published.
CVE-2026-23238 romfs: check sb_set_blocksize() return value
Published on: 2026-03-19 01:03:07
Link: View Details
Information published.
CVE-2026-32775
Published on: 2026-03-19 01:04:13
Link: View Details
Information published.
CVE-2026-23233 f2fs: fix to avoid mapping wrong physical block for swapfile
Published on: 2026-03-19 01:03:13
Link: View Details
Information published.
CVE-2026-23242 RDMA/siw: Fix potential NULL pointer dereference in header processing
Published on: 2026-03-19 01:03:19
Link: View Details
Information published.
CVE-2026-23245 net/sched: act_gate: snapshot parameters with RCU on replace
Published on: 2026-03-19 01:03:24
Link: View Details
Information published.
CVE-2025-71266 fs: ntfs3: check return value of indx_find to avoid infinite loop
Published on: 2026-03-19 01:03:35
Link: View Details
Information published.
CVE-2025-71267 fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST
Published on: 2026-03-19 01:03:40
Link: View Details
Information published.
CVE-2026-23244 nvme: fix memory allocation in nvme_pr_read_keys()
Published on: 2026-03-19 01:03:51
Link: View Details
Information published.
CVE-2026-23243 RDMA/umad: Reject negative data_len in ib_umad_write
Published on: 2026-03-19 01:04:02
Link: View Details
Information published.
CVE-2026-4224 Stack overflow parsing XML with deeply nested DTD content models
Published on: 2026-03-19 01:04:39
Link: View Details
Information published.
CVE-2026-3644 Incomplete control character validation in http.cookies
Published on: 2026-03-19 01:04:51
Link: View Details
Information published.
CVE-2026-23236 fbdev: smscufx: properly copy ioctl memory to kernelspace
Published on: 2026-03-19 01:02:57
Link: View Details
Information published.
CVE-2025-71238 scsi: qla2xxx: Fix bsg_done() causing double free
Published on: 2026-03-19 01:02:10
Link: View Details
Information published.
CVE-2026-23231 netfilter: nf_tables: fix use-after-free in nf_tables_addchain()
Published on: 2026-03-19 01:02:42
Link: View Details
Information published.
CVE-2026-32776
Published on: 2026-03-19 01:01:27
Link: View Details
Information published.
CVE-2026-32778
Published on: 2026-03-19 01:01:59
Link: View Details
Information published.
CVE-2026-32777
Published on: 2026-03-19 01:01:43
Link: View Details
Information published.
CVE-2026-23248 perf/core: Fix refcount bug and potential UAF in perf_mmap
Published on: 2026-03-19 01:03:29
Link: View Details
Information published.
CVE-2026-23246 wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration
Published on: 2026-03-19 01:03:46
Link: View Details
Information published.
CVE-2026-23247 tcp: secure_seq: add back ports to TS offset
Published on: 2026-03-19 01:03:56
Link: View Details
Information published.
CVE-2025-71265 fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata
Published on: 2026-03-19 01:04:08
Link: View Details
Information published.
CVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
Published on: 2026-03-19 01:04:23
Link: View Details
Information published.
CVE-2026-27459 pyOpenSSL DTLS cookie callback buffer overflow
Published on: 2026-03-19 01:04:31
Link: View Details
Information published.
CVE-2026-23241 audit: add missing syscalls to read class
Published on: 2026-03-18 01:01:23
Link: View Details
Information published.
CVE-2025-71239 audit: add fchmodat2() to change attributes class
Published on: 2026-03-18 01:01:29
Link: View Details
Information published.
CVE-2026-4111 Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive
Published on: 2026-03-18 01:37:44
Link: View Details
Information published.
CVE-2026-23066 rxrpc: Fix recvmsg() unconditional requeue
Published on: 2026-03-17 01:38:47
Link: View Details
Information published.
CVE-2026-1703 Limited path traversal when installing wheel archives
Published on: 2026-03-17 01:36:31
Link: View Details
Information published.
CVE-2026-23069 vsock/virtio: fix potential underflow in virtio_transport_get_credit()
Published on: 2026-03-17 01:38:52
Link: View Details
Information published.
CVE-2026-32775
Published on: 2026-03-17 01:01:40
Link: View Details
Information published.
CVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpd
Published on: 2026-03-17 01:01:48
Link: View Details
Information published.
CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate
Published on: 2026-03-17 01:02:04
Link: View Details
Information published.
CVE-2026-3381 Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib
Published on: 2026-03-17 01:36:58
Link: View Details
Information published.
CVE-2025-69647
Published on: 2026-03-17 01:38:37
Link: View Details
Information published.
CVE-2025-69648
Published on: 2026-03-17 01:38:42
Link: View Details
Information published.
CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137
Published on: 2026-03-17 01:39:07
Link: View Details
Information published.
CVE-2026-32776
Published on: 2026-03-17 01:01:22
Link: View Details
Information published.
CVE-2026-32778
Published on: 2026-03-17 01:01:28
Link: View Details
Information published.
CVE-2026-32777
Published on: 2026-03-17 01:01:33
Link: View Details
Information published.
CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd
Published on: 2026-03-17 01:01:56
Link: View Details
Information published.
CVE-2026-4111 Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive
Published on: 2026-03-17 01:02:12
Link: View Details
Information published.
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Published on: 2026-03-17 01:02:24
Link: View Details
Information published.
CVE-2026-4105 Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method
Published on: 2026-03-17 01:02:38
Link: View Details
Information published.
Chromium: CVE-2026-3909 Out of bounds write in Skia
Published on: 2026-03-16 18:09:34
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information. Google is aware that an exploit for CVE-2026-3909 exists in the wild.
CVE-2026-26017 CoreDNS ACL Bypass
Published on: 2026-03-14 01:36:50
Link: View Details
Information published.
CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability
Published on: 2026-03-14 01:37:01
Link: View Details
Information published.
CVE-2026-23868
Published on: 2026-03-14 01:37:47
Link: View Details
Information published.
CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath
Published on: 2026-03-14 01:01:17
Link: View Details
Information published.
CVE-2026-3381 Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib
Published on: 2026-03-14 01:01:22
Link: View Details
Information published.
CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass
Published on: 2026-03-14 01:37:11
Link: View Details
Information published.
CVE-2026-27137 Incorrect enforcement of email constraints in crypto/x509
Published on: 2026-03-14 01:37:36
Link: View Details
Information published.
CVE-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509
Published on: 2026-03-14 01:37:26
Link: View Details
Information published.
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
Published on: 2026-03-14 01:36:22
Link: View Details
Information published.
CVE-2026-27171 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
Published on: 2026-03-14 01:01:27
Link: View Details
Information published.
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
Published on: 2026-03-14 01:36:06
Link: View Details
Information published.
Chromium: CVE-2026-3942 Incorrect security UI in PictureInPicture
Published on: 2026-03-13 18:20:30
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3931 Heap buffer overflow in Skia
Published on: 2026-03-13 18:20:20
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
CVE-2026-25172 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published on: 2026-03-13 07:00:00
Link: View Details
The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.
CVE-2026-25173 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published on: 2026-03-13 07:00:00
Link: View Details
The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.
CVE-2026-26111 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published on: 2026-03-13 07:00:00
Link: View Details
The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.
Chromium: CVE-2026-3941 Insufficient policy enforcement in DevTools
Published on: 2026-03-13 18:20:29
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3940 Insufficient policy enforcement in DevTools
Published on: 2026-03-13 18:20:28
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3939 Use after free in WebView
Published on: 2026-03-13 18:20:27
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3938 Insufficient policy enforcement in Clipboard
Published on: 2026-03-13 18:20:26
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3937 Incorrect security UI in Downloads
Published on: 2026-03-13 18:20:25
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3935 Incorrect security UI in WebAppInstalls
Published on: 2026-03-13 18:20:23
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3934 Insufficient policy enforcement in ChromeDriver
Published on: 2026-03-13 18:20:22
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3932 Insufficient policy enforcement in PDF
Published on: 2026-03-13 18:20:21
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3925 Incorrect security UI in LookalikeChecks
Published on: 2026-03-13 18:20:14
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3915 Heap buffer overflow in WebML
Published on: 2026-03-13 18:20:04
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3936 Use after free in WebView
Published on: 2026-03-13 18:20:24
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3929 Side-channel information leakage in ResourceTiming
Published on: 2026-03-13 18:20:18
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3928 Insufficient policy enforcement in Extensions
Published on: 2026-03-13 18:20:17
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3927 Incorrect security UI in PictureInPicture
Published on: 2026-03-13 18:20:16
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3926 Out of bounds read in V8
Published on: 2026-03-13 18:20:15
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3924 Use after free in WindowDialog
Published on: 2026-03-13 18:20:13
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3923 Use after free in WebMIDI
Published on: 2026-03-13 18:20:12
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3922 Use after free in MediaStream
Published on: 2026-03-13 18:20:11
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3921 Use after free in TextEncoding
Published on: 2026-03-13 18:20:10
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3920 Out of bounds memory access in WebML
Published on: 2026-03-13 18:20:09
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3919 Use after free in Extensions
Published on: 2026-03-13 18:20:08
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3918 Use after free in WebMCP
Published on: 2026-03-13 18:20:07
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3917 Use after free in Agents
Published on: 2026-03-13 18:20:06
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3916 Out of bounds read in Web Speech
Published on: 2026-03-13 18:20:05
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3914 Integer overflow in WebML
Published on: 2026-03-13 18:20:03
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3913 Heap buffer overflow in WebML
Published on: 2026-03-13 18:20:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
CVE-2026-0385 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Published on: 2026-03-13 07:00:00
Link: View Details
Information published.
Chromium: CVE-2026-3930 Unsafe navigation in Navigation
Published on: 2026-03-13 18:20:19
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Chromium: CVE-2026-3910 Inappropriate implementation in V8
Published on: 2026-03-13 22:11:14
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
Google is aware that an exploit for CVE-2026-3910 exists in the wild.
CVE-2026-21257 GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability
Published on: 2026-03-13 07:00:00
Link: View Details
Changes made to the security updates links and information. This is an informational change only.
CVE-2026-21256 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
Published on: 2026-03-13 07:00:00
Link: View Details
Changes made to the security updates links and information. This is an informational change only.
CVE-2026-23868
Published on: 2026-03-13 01:02:54
Link: View Details
Information published.
CVE-2026-3783 token leak with redirect and netrc
Published on: 2026-03-13 01:02:16
Link: View Details
Information published.
CVE-2026-1965 bad reuse of HTTP Negotiate connection
Published on: 2026-03-13 01:01:47
Link: View Details
Information published.
CVE-2026-3784 wrong proxy connection reuse with credentials
Published on: 2026-03-13 01:02:44
Link: View Details
Information published.
CVE-2026-3904
Published on: 2026-03-13 01:03:00
Link: View Details
Information published.
CVE-2026-3805 use after free in SMB connection reuse
Published on: 2026-03-13 01:03:13
Link: View Details
Information published.
CVE-2026-26030 GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable
Published on: 2026-03-12 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-26133 M365 Copilot Information Disclosure Vulnerability
Published on: 2026-03-12 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-20841 Windows Notepad App Remote Code Execution Vulnerability
Published on: 2026-03-12 07:00:00
Link: View Details
To comprehensively address CVE-2026-20841, Microsoft has released February 2026 security updates for the Windows Notepad App. Microsoft recommends that customers install the update to be fully protected from the vulnerability.
CVE-2026-26133 M365 Copilot Information Disclosure Vulnerability
Published on: 2026-03-12 07:00:00
Link: View Details
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Published on: 2026-03-12 01:36:56
Link: View Details
Information published.
CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Published on: 2026-03-12 01:37:04
Link: View Details
Information published.
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Published on: 2026-03-12 01:36:27
Link: View Details
Information published.
CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Published on: 2026-03-12 01:36:32
Link: View Details
Information published.
CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
Published on: 2026-03-12 01:36:48
Link: View Details
Information published.
CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Published on: 2026-03-12 01:36:37
Link: View Details
Information published.
CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
Published on: 2026-03-12 01:36:43
Link: View Details
Information published.
CVE-2026-25679 Incorrect parsing of IPv6 host literals in net/url
Published on: 2026-03-12 01:01:26
Link: View Details
Information published.
CVE-2026-23868
Published on: 2026-03-12 01:01:31
Link: View Details
Information published.
CVE-2026-3783 token leak with redirect and netrc
Published on: 2026-03-12 01:01:48
Link: View Details
Information published.
CVE-2026-23239 espintcp: Fix race condition in espintcp_close()
Published on: 2026-03-12 01:01:37
Link: View Details
Information published.
CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()
Published on: 2026-03-12 01:01:42
Link: View Details
Information published.
CVE-2026-1965 bad reuse of HTTP Negotiate connection
Published on: 2026-03-12 01:01:53
Link: View Details
Information published.
CVE-2026-3784 wrong proxy connection reuse with credentials
Published on: 2026-03-12 01:01:58
Link: View Details
Information published.
CVE-2026-24293 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-03-11 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-26148 Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability
Published on: 2026-03-11 07:00:00
Link: View Details
Acknowledgement Updated
Chromium: CVE-2026-3537 Object lifecycle issue in PowerVR
Published on: 2026-03-11 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
CVE-2026-26017 CoreDNS ACL Bypass
Published on: 2026-03-11 01:01:14
Link: View Details
Information published.
CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability
Published on: 2026-03-11 01:01:19
Link: View Details
Information published.
CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds
Published on: 2026-03-11 01:01:46
Link: View Details
Information published.
CVE-2025-69646 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.
Published on: 2026-03-11 01:02:09
Link: View Details
Information published.
CVE-2025-69652 GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
Published on: 2026-03-11 01:02:25
Link: View Details
Information published.
CVE-2025-69645 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.
Published on: 2026-03-11 01:02:32
Link: View Details
Information published.
CVE-2025-69649 GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.
Published on: 2026-03-11 01:02:41
Link: View Details
Information published.
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template
Published on: 2026-03-11 01:03:28
Link: View Details
Information published.
CVE-2026-23865 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
Published on: 2026-03-11 01:40:19
Link: View Details
Information published.
CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass
Published on: 2026-03-11 01:01:52
Link: View Details
Information published.
CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow
Published on: 2026-03-11 01:03:59
Link: View Details
Information published.
CVE-2026-27139 FileInfo can escape from a Root in os
Published on: 2026-03-11 01:01:32
Link: View Details
Information published.
CVE-2024-14027 xattr: switch to CLASS(fd)
Published on: 2026-03-11 01:01:37
Link: View Details
Information published.
CVE-2026-29786 node-tar: Hardlink Path Traversal via Drive-Relative Linkpath
Published on: 2026-03-11 01:02:00
Link: View Details
Information published.
CVE-2025-69650 GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service.
Published on: 2026-03-11 01:02:17
Link: View Details
Information published.
CVE-2025-69651 GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.
Published on: 2026-03-11 01:02:49
Link: View Details
Information published.
CVE-2025-69644 An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.
Published on: 2026-03-11 01:02:56
Link: View Details
Information published.
CVE-2026-27137 Incorrect enforcement of email constraints in crypto/x509
Published on: 2026-03-11 01:03:44
Link: View Details
Information published.
CVE-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509
Published on: 2026-03-11 01:03:35
Link: View Details
Information published.
CVE-2026-21262 SQL Server Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-23660 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-23664 Azure IoT Explorer Information Disclosure Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-23667 Broadcast DVR Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally.
CVE-2026-23668 Windows Graphics Component Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-23669 Windows Print Spooler Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network.
CVE-2026-23671 Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-23672 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Information published.
CVE-2026-23673 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-24282 Push message Routing Service Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally.
CVE-2026-24283 Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally.
CVE-2026-24285 Win32k Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-24287 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-24288 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack.
CVE-2026-24289 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-24290 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-24291 Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.
CVE-2026-24292 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-24293 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-24294 Windows SMB Server Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
CVE-2026-24295 Windows Device Association Service Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.
CVE-2026-24296 Windows Device Association Service Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.
CVE-2026-24297 Windows Kerberos Security Feature Bypass Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-25165 Performance Counters for Windows Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally.
CVE-2026-25166 Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.
CVE-2026-25167 Microsoft Brokering File System Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2026-25168 Windows Graphics Component Denial of Service Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.
CVE-2026-25169 Windows Graphics Component Denial of Service Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.
CVE-2026-25170 Windows Hyper-V Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2026-25171 Windows Authentication Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2026-25172 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2026-25173 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2026-25174 Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally.
CVE-2026-25175 Windows NTFS Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-25176 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-25177 Active Directory Domain Services Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
CVE-2026-25178 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-25179 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-25180 Windows Graphics Component Information Disclosure Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
CVE-2026-25181 GDI+ Information Disclosure Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network.
CVE-2026-25185 Windows Shell Link Processing Spoofing Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-25186 Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally.
CVE-2026-25187 Winlogon Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-25188 Windows Telephony Service Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-25189 Windows DWM Core Library Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-25190 GDI Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-26105 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26111 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2026-26112 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26113 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-26114 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-23656 Windows App Installer Spoofing Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-20967 System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.
CVE-2026-26121 Azure IOT Explorer Spoofing Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26115 SQL Server Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26116 SQL Server Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26128 Windows SMB Server Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
CVE-2026-26131 .NET Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
CVE-2026-26132 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26134 Microsoft Office Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-26127 .NET Denial of Service Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-23674 MapUrlToZone Security Feature Bypass Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-26148 Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.
CVE-2026-23654 GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.
CVE-2026-23661 Azure IoT Explorer Information Disclosure Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-23662 Azure IoT Explorer Information Disclosure Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-23665 Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally.
CVE-2026-26106 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-26107 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26108 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26109 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26110 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-26117 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-26118 Azure MCP Server Tools Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26123 Microsoft Authenticator Information Disclosure Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.
CVE-2026-26130 ASP.NET Core Denial of Service Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-26141 Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.
CVE-2026-26144 Microsoft Excel Information Disclosure Vulnerability
Published on: 2026-03-10 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-26030 GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable
Published on: 2026-03-10 07:00:00
Link: View Details
[CVE-2026-26030](https://www.cve.org/CVERecord?id=CVE-2026-26030) is a Remote Code Execution vulnerability that has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. GitHub created this CVE on their behalf. GitHub created this CVE on their behalf. This document incorporates updates in the Microsoft Semantic Kernel Repository which address this vulnerability.
Please see [CVE-2026-26030](https://www.cve.org/CVERecord?id=CVE-2026-26030) for more information.
CVE-2026-28417 Vim has OS Command Injection in netrw
Published on: 2026-03-10 01:36:31
Link: View Details
Information published.
CVE-2026-28421 Vim has a heap-buffer-overflow and a segmentation fault
Published on: 2026-03-10 01:37:08
Link: View Details
Information published.
CVE-2026-28418 Vim has Heap-based Buffer Overflow in Emacs tags parsing
Published on: 2026-03-10 01:36:41
Link: View Details
Information published.
CVE-2026-28419 Vim has Heap-based Buffer Underflow in Emacs tags parsing
Published on: 2026-03-10 01:36:50
Link: View Details
Information published.
CVE-2026-28422 Vim has stack-buffer-overflow in build_stl_str_hl()
Published on: 2026-03-10 01:37:19
Link: View Details
Information published.
CVE-2026-28420 Vim has Heap-based Buffer Overflow and OOB Read in :terminal
Published on: 2026-03-10 01:36:59
Link: View Details
Information published.
CVE-2025-10966 missing SFTP host verification with wolfSSH
Published on: 2026-03-10 01:37:28
Link: View Details
Information published.
CVE-2025-14524 bearer token leak on cross-protocol redirect
Published on: 2026-03-10 01:38:55
Link: View Details
Information published.
CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass
Published on: 2026-03-10 01:38:06
Link: View Details
Information published.
CVE-2026-28364 In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.
Published on: 2026-03-08 01:01:32
Link: View Details
Information published.
CVE-2026-22701 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock
Published on: 2026-03-07 01:01:21
Link: View Details
Information published.
CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation
Published on: 2026-03-07 01:01:15
Link: View Details
Information published.
CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability
Published on: 2026-03-06 08:00:00
Link: View Details
Added FAQ information. This is an informational change only.
CVE-2026-23651 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
Published on: 2026-03-06 08:00:00
Link: View Details
Added FAQ information. This is an informational change only.
CVE-2026-26124 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
Published on: 2026-03-06 08:00:00
Link: View Details
Added FAQ information. This is an informational change only.
CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability
Published on: 2026-03-06 08:00:00
Link: View Details
Updated CWE value. This is an informational change only.
CVE-2026-24821 A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in turanszkij/WickedEngine.
Published on: 2026-03-06 01:38:03
Link: View Details
Information published.
CVE-2026-23234 f2fs: fix to avoid UAF in f2fs_write_end_io()
Published on: 2026-03-06 01:37:37
Link: View Details
Information published.
CVE-2026-23235 f2fs: fix out-of-bounds access in sysfs attribute read/write
Published on: 2026-03-06 01:37:42
Link: View Details
Information published.
CVE-2026-23237 platform/x86: classmate-laptop: Add missing NULL pointer checks
Published on: 2026-03-06 01:37:47
Link: View Details
Information published.
CVE-2026-23238 romfs: check sb_set_blocksize() return value
Published on: 2026-03-06 01:37:52
Link: View Details
Information published.
CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Published on: 2026-03-06 01:38:19
Link: View Details
Information published.
CVE-2026-23865 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
Published on: 2026-03-06 01:38:26
Link: View Details
Information published.
CVE-2026-3338 PKCS7_verify Signature Validation Bypass in AWS-LC
Published on: 2026-03-06 01:38:11
Link: View Details
Information published.
CVE-2026-23651 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
Published on: 2026-03-05 08:00:00
Link: View Details
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability
Published on: 2026-03-05 08:00:00
Link: View Details
Information published.
CVE-2026-26124 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
Published on: 2026-03-05 08:00:00
Link: View Details
Information published.
CVE-2026-26125 Payment Orchestrator Service Elevation of Privilege Vulnerability
Published on: 2026-03-05 08:00:00
Link: View Details
Information published.
CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability
Published on: 2026-03-05 08:00:00
Link: View Details
Information published.
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
Published on: 2026-03-05 01:08:22
Link: View Details
Information published.
CVE-2025-68121 Unexpected session resumption in crypto/tls
Published on: 2026-03-05 01:09:17
Link: View Details
Information published.
CVE-2026-24821 A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in turanszkij/WickedEngine.
Published on: 2026-03-05 01:08:27
Link: View Details
Information published.
CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO
Published on: 2026-03-05 01:40:05
Link: View Details
Information published.
CVE-2025-8732 libxml2 xmlcatalog xmlParseSGMLCatalog recursion
Published on: 2026-03-05 01:03:00
Link: View Details
Information published.
CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
Published on: 2026-03-05 01:36:24
Link: View Details
Information published.
CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.
Published on: 2026-03-05 01:35:59
Link: View Details
Information published.
CVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.
Published on: 2026-03-05 01:40:37
Link: View Details
Information published.
CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses
Published on: 2026-03-05 01:41:14
Link: View Details
Information published.
CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed
Published on: 2026-03-05 01:42:00
Link: View Details
Information published.
CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap
Published on: 2026-03-05 01:41:01
Link: View Details
Information published.
CVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
Published on: 2026-03-05 01:41:34
Link: View Details
Information published.
CVE-2026-23234 f2fs: fix to avoid UAF in f2fs_write_end_io()
Published on: 2026-03-05 01:04:23
Link: View Details
Information published.
CVE-2026-23235 f2fs: fix out-of-bounds access in sysfs attribute read/write
Published on: 2026-03-05 01:04:29
Link: View Details
Information published.
CVE-2026-23237 platform/x86: classmate-laptop: Add missing NULL pointer checks
Published on: 2026-03-05 01:04:34
Link: View Details
Information published.
CVE-2026-23238 romfs: check sb_set_blocksize() return value
Published on: 2026-03-05 01:04:40
Link: View Details
Information published.
CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Published on: 2026-03-05 01:09:04
Link: View Details
Information published.
CVE-2026-0038 In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published on: 2026-03-05 01:09:10
Link: View Details
Information published.
CVE-2026-23865 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
Published on: 2026-03-05 01:08:37
Link: View Details
Information published.
CVE-2026-23236 fbdev: smscufx: properly copy ioctl memory to kernelspace
Published on: 2026-03-05 01:04:17
Link: View Details
Information published.
CVE-2025-71238 scsi: qla2xxx: Fix bsg_done() causing double free
Published on: 2026-03-05 01:04:46
Link: View Details
Information published.
CVE-2026-23231 netfilter: nf_tables: fix use-after-free in nf_tables_addchain()
Published on: 2026-03-05 01:04:52
Link: View Details
Information published.
CVE-2026-3338 PKCS7_verify Signature Validation Bypass in AWS-LC
Published on: 2026-03-05 01:08:53
Link: View Details
Information published.
CVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi module
Published on: 2026-03-05 01:41:50
Link: View Details
Information published.
CVE-2026-28421 Vim has a heap-buffer-overflow and a segmentation fault
Published on: 2026-03-04 01:10:37
Link: View Details
Information published.
CVE-2026-28419 Vim has Heap-based Buffer Underflow in Emacs tags parsing
Published on: 2026-03-04 01:10:07
Link: View Details
Information published.
CVE-2026-28422 Vim has stack-buffer-overflow in build_stl_str_hl()
Published on: 2026-03-04 01:10:53
Link: View Details
Information published.
CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments
Published on: 2026-03-04 01:04:21
Link: View Details
Information published.
CVE-2026-28420 Vim has Heap-based Buffer Overflow and OOB Read in :terminal
Published on: 2026-03-04 01:10:21
Link: View Details
Information published.
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve
Published on: 2026-03-04 01:11:13
Link: View Details
Information published.
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
Published on: 2026-03-04 01:13:02
Link: View Details
Information published.
