CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Published on: 2026-06-25 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Published on: 2026-06-25 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-46140 Bluetooth: btmtk: validate WMT event SKB length before struct access
Published on: 2026-06-25 01:03:39
Link: View Details
Information published.
CVE-2026-11816 Path Traversal in keras-team/keras
Published on: 2026-06-25 01:03:45
Link: View Details
Information published.
CVE-2026-4367 Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing
Published on: 2026-06-25 01:03:53
Link: View Details
Information published.
CVE-2026-46285 mtd: docg3: fix use-after-free in docg3_release()
Published on: 2026-06-24 02:43:33
Link: View Details
Information published.
CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability
Published on: 2026-06-23 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability
Published on: 2026-06-23 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-33840 Win32k Elevation of Privilege Vulnerability
Published on: 2026-06-23 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2025-5791 Users: `root` appended to group listings
Published on: 2026-06-20 01:40:10
Link: View Details
Information published.
CVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on drop
Published on: 2026-06-20 01:39:58
Link: View Details
Information published.
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Published on: 2026-06-20 01:40:55
Link: View Details
Information published.
CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler
Published on: 2026-06-20 01:41:20
Link: View Details
Information published.
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
Published on: 2026-06-20 01:43:24
Link: View Details
Information published.
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
Published on: 2026-06-20 01:41:45
Link: View Details
Information published.
CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption
Published on: 2026-06-20 01:42:01
Link: View Details
Information published.
CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
Published on: 2026-06-20 01:42:18
Link: View Details
Information published.
CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption
Published on: 2026-06-20 01:42:43
Link: View Details
Information published.
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption
Published on: 2026-06-20 01:43:00
Link: View Details
Information published.
CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing
Published on: 2026-06-20 01:43:31
Link: View Details
Information published.
CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response
Published on: 2026-06-20 01:43:49
Link: View Details
Information published.
CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption
Published on: 2026-06-20 01:43:41
Link: View Details
Information published.
CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-45472 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.
CVE-2026-45471 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-45474 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.
CVE-2026-45486 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-45485 Microsoft Office Information Disclosure Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-44817 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-44818 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-44819 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-44820 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-44821 Microsoft Office Information Disclosure Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-44823 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-44824 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-45460 Microsoft Office Information Disclosure Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.
CVE-2026-45461 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.
CVE-2026-45466 Microsoft Word Information Disclosure Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-45643 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-45645 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-45649 Office for Android Spoofing Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.
CVE-2026-44822 Microsoft Excel Information Disclosure Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-45455 Microsoft Excel Information Disclosure Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-45457 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-45459 Microsoft Excel Security Feature Bypass Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2026-45463 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.
Chromium: CVE-2026-12439 Use after free in Digital Credentials
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12440 Use after free in DigitalCredentials
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12445 Use after free in Extensions
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12446 Insufficient data validation in Passwords
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12451 Use after free in DigitalCredentials
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12441 Use after free in File Input
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12447 Heap buffer overflow in WebRTC
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12443 Use after free in Web Authentication
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12452 Use after free in Downloads
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12453 Insufficient validation of untrusted input in Input
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12455 Use after free in Tab Strip
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12456 Insufficient validation of untrusted input in Extensions
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12458 Incorrect security UI in Passwords
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12457 Insufficient data validation in Extensions
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12459 Inappropriate implementation in Serial
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12460 Insufficient policy enforcement in File System Access
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12462 Use after free in Media
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12464 Use after free in Browser
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12463 Inappropriate implementation in Views
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12465 Insufficient validation of untrusted input in Metrics
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12454 Race in Safe Browsing
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12467 Use after free in Extensions
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12468 Inappropriate implementation in Updater
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12449 Use after free in Chromoting
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12444 Out of bounds read in Chromoting
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12437 Use after free in WebShare
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12461 Out of bounds read in WebRTC
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
Chromium: CVE-2026-12466 Heap buffer overflow in WebRTC
Published on: 2026-06-19 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.
CVE-2026-44812 Windows Graphics Component Remote Code Execution Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.
CVE-2026-12439 Use after free in Digital Credentials
Published on: 2026-06-19 13:52:19
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12440 Use after free in DigitalCredentials
Published on: 2026-06-19 13:52:22
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12445 Use after free in Extensions
Published on: 2026-06-19 13:52:26
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12446 Insufficient data validation in Passwords
Published on: 2026-06-19 13:52:27
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12451 Use after free in DigitalCredentials
Published on: 2026-06-19 13:52:30
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12441 Use after free in File Input
Published on: 2026-06-19 13:52:24
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12447 Heap buffer overflow in WebRTC
Published on: 2026-06-19 13:52:29
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12443 Use after free in Web Authentication
Published on: 2026-06-19 13:52:25
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12452 Use after free in Downloads
Published on: 2026-06-19 13:52:31
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12453 Insufficient validation of untrusted input in Input
Published on: 2026-06-19 13:52:33
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12455 Use after free in Tab Strip
Published on: 2026-06-19 13:52:34
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12456 Insufficient validation of untrusted input in Extensions
Published on: 2026-06-19 13:52:36
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12458 Incorrect security UI in Passwords
Published on: 2026-06-19 13:52:38
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12457 Insufficient data validation in Extensions
Published on: 2026-06-19 13:52:37
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12459 Inappropriate implementation in Serial
Published on: 2026-06-19 13:52:39
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12460 Insufficient policy enforcement in File System Access
Published on: 2026-06-19 13:52:40
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12462 Use after free in Media
Published on: 2026-06-19 13:52:42
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12464 Use after free in Browser
Published on: 2026-06-19 13:52:44
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12463 Inappropriate implementation in Views
Published on: 2026-06-19 13:52:43
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12465 Insufficient validation of untrusted input in Metrics
Published on: 2026-06-19 13:52:46
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12454 Race in Safe Browsing
Published on: 2026-06-19 13:52:50
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12467 Use after free in Extensions
Published on: 2026-06-19 13:52:48
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12468 Inappropriate implementation in Updater
Published on: 2026-06-19 13:52:52
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12449 Use after free in Chromoting
Published on: 2026-06-19 13:52:56
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12444 Out of bounds read in Chromoting
Published on: 2026-06-19 13:52:55
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12437 Use after free in WebShare
Published on: 2026-06-19 13:52:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12461 Out of bounds read in WebRTC
Published on: 2026-06-19 13:52:57
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-12466 Heap buffer overflow in WebRTC
Published on: 2026-06-19 13:52:59
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-24289 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Published on: 2026-06-19 07:00:00
Link: View Details
Removed incorrectly added rows from the Security Updates table. This is an informational change only.
CVE-2025-6965 Integer Truncation on SQLite
Published on: 2026-06-19 07:00:00
Link: View Details
Added Visual Studio software to the Security Updates table. Customers that are running supported version of Visual Studio are encouraged to update to the indicated version to be protected from this vulnerability.
CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds
Published on: 2026-06-19 01:40:20
Link: View Details
Information published.
CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling
Published on: 2026-06-19 01:43:42
Link: View Details
Information published.
CVE-2026-42014 Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin
Published on: 2026-06-19 01:01:29
Link: View Details
Information published.
CVE-2026-53689
Published on: 2026-06-19 01:01:36
Link: View Details
Information published.
CVE-2026-12087 Socket versions before 2.041 for Perl have an out-of-bounds heap read
Published on: 2026-06-19 01:01:42
Link: View Details
Information published.
CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow
Published on: 2026-06-19 01:01:47
Link: View Details
Information published.
CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2
Published on: 2026-06-19 01:01:53
Link: View Details
Information published.
CVE-2026-10275 OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow
Published on: 2026-06-19 01:40:27
Link: View Details
Information published.
CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response
Published on: 2026-06-19 01:01:22
Link: View Details
Information published.
CVE-2026-47633 Microsoft Cost Management Information Disclosure Vulnerability
Published on: 2026-06-18 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network.
CVE-2026-32208 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Published on: 2026-06-18 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network.
CVE-2026-32174 Azure Bot Service Elevation of Privilege Vulnerability
Published on: 2026-06-18 07:00:00
Link: View Details
Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability
Published on: 2026-06-18 07:00:00
Link: View Details
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-42895 Microsoft Copilot Tampering Vulnerability
Published on: 2026-06-18 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
CVE-2026-54130 M365 Copilot Information Disclosure Vulnerability
Published on: 2026-06-18 07:00:00
Link: View Details
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-47647 Dynamics 365 Elevation of Privilege Vulnerability
Published on: 2026-06-18 07:00:00
Link: View Details
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability
Published on: 2026-06-18 07:00:00
Link: View Details
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability
Published on: 2026-06-18 07:00:00
Link: View Details
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
Published on: 2026-06-18 07:00:00
Link: View Details
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-47646 Dynamics 365 Customer Voice Spoofing Vulnerability
Published on: 2026-06-18 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-71073 Input: lkkbd - disable pending work before freeing device
Published on: 2026-06-18 01:48:00
Link: View Details
Information published.
CVE-2025-71072 shmem: fix recovery on rename failures
Published on: 2026-06-18 01:48:17
Link: View Details
Information published.
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Published on: 2026-06-18 01:50:00
Link: View Details
Information published.
CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
Published on: 2026-06-18 01:48:34
Link: View Details
Information published.
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Published on: 2026-06-18 01:40:41
Link: View Details
Information published.
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Published on: 2026-06-18 01:40:25
Link: View Details
Information published.
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Published on: 2026-06-18 01:46:59
Link: View Details
Information published.
CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function
Published on: 2026-06-18 01:41:13
Link: View Details
Information published.
CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc
Published on: 2026-06-18 01:01:50
Link: View Details
Information published.
CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd
Published on: 2026-06-18 01:49:51
Link: View Details
Information published.
CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()
Published on: 2026-06-18 01:50:04
Link: View Details
Information published.
CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key
Published on: 2026-06-18 01:50:14
Link: View Details
Information published.
CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration
Published on: 2026-06-18 01:50:27
Link: View Details
Information published.
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Published on: 2026-06-18 01:41:57
Link: View Details
Information published.
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
Published on: 2026-06-18 01:42:51
Link: View Details
Information published.
CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption
Published on: 2026-06-18 01:46:38
Link: View Details
Information published.
CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption
Published on: 2026-06-18 01:44:21
Link: View Details
Information published.
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption
Published on: 2026-06-18 01:45:04
Link: View Details
Information published.
CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing
Published on: 2026-06-18 01:45:56
Link: View Details
Information published.
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
Published on: 2026-06-17 07:00:00
Link: View Details
This CVE was updated to remove Windows 11 (21H1 and 22H2) as impacted
CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-17 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-17 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-06-17 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
Published on: 2026-06-16 07:00:00
Link: View Details
Updated the fixed version information and download link. The fix was previously believed to be included in Dynamics 365 Server (on-premises) version 6.2; however, it has been confirmed that the fix is included in Dynamics 365 Server v9.1 (on-premises) Update 1.45 (version 9.1.0045.0011). The download link, release notes, and build number has been updated accordingly in the Updates Table.
CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability
Published on: 2026-06-16 07:00:00
Link: View Details
Updated CWE value. This is an informational change only.
CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability
Published on: 2026-06-16 07:00:00
Link: View Details
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.
CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability
Published on: 2026-06-16 07:00:00
Link: View Details
Corrected the CVE description and title. This is an informational change only.
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Published on: 2026-06-16 02:14:59
Link: View Details
Information published.
CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.
Published on: 2026-06-16 01:01:29
Link: View Details
Information published.
Chromium: CVE-2026-12012 Use after free Network
Published on: 2026-06-15 07:00:31
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.
Chromium: CVE-2026-12008 Use after free DigitalCredentials
Published on: 2026-06-15 07:00:26
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.
Chromium: CVE-2026-12019 Out of bounds write Codecs
Published on: 2026-06-15 07:00:40
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.
Chromium: CVE-2026-12016 Insufficient validation of untrusted input DevTools
Published on: 2026-06-15 07:00:36
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.
Chromium: CVE-2026-12015 Use after free Autofill
Published on: 2026-06-15 07:00:35
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.
Chromium: CVE-2026-11628 Use after free in Ozone
Published on: 2026-06-15 19:13:29
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11629 Use after free in Ozone
Published on: 2026-06-15 19:13:31
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11631 Use after free in Aura
Published on: 2026-06-15 19:13:34
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11630 Use after free in File Input
Published on: 2026-06-15 19:13:33
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11632 Use after free in TabStrip
Published on: 2026-06-15 19:13:35
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11633 Use after free in Bluetooth
Published on: 2026-06-15 19:13:37
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11634 Use after free in Gamepad
Published on: 2026-06-15 19:13:38
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11635 Use after free in Bluetooth
Published on: 2026-06-15 19:13:40
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11639 Use after free in Compositing
Published on: 2026-06-15 19:13:45
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11637 Use after free in Views
Published on: 2026-06-15 19:13:42
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11636 Use after free in Autofill
Published on: 2026-06-15 19:13:41
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11638 Use after free in Printing
Published on: 2026-06-15 19:13:44
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11641 Use after free in Bluetooth
Published on: 2026-06-15 19:13:48
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11640 Integer overflow in libyuv
Published on: 2026-06-15 19:13:47
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11642 Use after free in Web Apps
Published on: 2026-06-15 19:13:49
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11645 Out of bounds memory access in V8
Published on: 2026-06-15 19:13:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11643 Use after free in Proxy
Published on: 2026-06-15 19:13:50
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11644 Use after free in Views
Published on: 2026-06-15 19:13:52
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11646 Use after free in ViewTransitions
Published on: 2026-06-15 19:13:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11657 Use after free in Payments
Published on: 2026-06-15 19:14:10
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11658 Insufficient validation of untrusted input in Extensions
Published on: 2026-06-15 19:14:12
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11660 Insufficient validation of untrusted input in New Tab Page
Published on: 2026-06-15 19:14:15
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11661 Use after free in Views
Published on: 2026-06-15 19:14:16
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11659 Insufficient validation of untrusted input in UI
Published on: 2026-06-15 19:14:13
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11663 Use after free in Skia
Published on: 2026-06-15 19:14:19
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11662 Type Confusion in Bindings
Published on: 2026-06-15 19:14:18
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11664 Use after free in Payments
Published on: 2026-06-15 19:14:20
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11665 Out of bounds read in Dawn
Published on: 2026-06-15 19:14:22
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11666 Insufficient validation of untrusted input in Input
Published on: 2026-06-15 19:14:23
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11668 Uninitialized Use in Codecs
Published on: 2026-06-15 19:14:26
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11669 Integer overflow in Media
Published on: 2026-06-15 19:14:27
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11667 Out of bounds read in WebRTC
Published on: 2026-06-15 19:14:24
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11670 Use after free in PDF
Published on: 2026-06-15 19:14:28
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11671 Use after free in Navigation
Published on: 2026-06-15 19:14:30
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11672 Out of bounds write in GPU
Published on: 2026-06-15 19:14:31
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11673 Use after free in InterestGroups
Published on: 2026-06-15 19:14:32
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11675 Insufficient validation of untrusted input in Skia
Published on: 2026-06-15 19:14:35
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11674 Use after free in Guest View
Published on: 2026-06-15 19:14:34
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11676 Insufficient validation of untrusted input in Dawn
Published on: 2026-06-15 19:14:36
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11677 Race in Network
Published on: 2026-06-15 19:14:37
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11678 Integer overflow in libyuv
Published on: 2026-06-15 19:14:39
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11679 Use after free in Codecs
Published on: 2026-06-15 19:14:40
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11681 Use after free in Ozone
Published on: 2026-06-15 19:14:43
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11682 Insufficient validation of untrusted input in Views
Published on: 2026-06-15 19:14:44
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11680 Use after free in Media
Published on: 2026-06-15 19:14:41
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11683 Use after free in WebCodecs
Published on: 2026-06-15 19:14:45
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11684 Insufficient policy enforcement in Network
Published on: 2026-06-15 19:14:46
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11687 Use after free in Dawn
Published on: 2026-06-15 19:14:50
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11686 Insufficient validation of untrusted input in Dawn
Published on: 2026-06-15 19:14:49
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11688 Object lifecycle issue in SVG
Published on: 2026-06-15 19:14:52
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11685 Insufficient data validation in MediaCapture
Published on: 2026-06-15 19:14:48
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11689 Insufficient validation of untrusted input in Passwords
Published on: 2026-06-15 19:14:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11690 Out of bounds read and write in Media
Published on: 2026-06-15 19:14:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11691 Insufficient validation of untrusted input in New Tab Page
Published on: 2026-06-15 19:14:55
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11692 Use after free in Read Anything
Published on: 2026-06-15 19:14:57
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11693 Inappropriate implementation in Plugins
Published on: 2026-06-15 19:14:58
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11694 Use after free in ServiceWorker
Published on: 2026-06-15 19:14:59
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11695 Inappropriate implementation in Passwords
Published on: 2026-06-15 19:15:01
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11696 Uninitialized Use in Video
Published on: 2026-06-15 19:15:02
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11697 Insufficient validation of untrusted input in UI
Published on: 2026-06-15 19:15:03
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11698 Use after free in Bluetooth
Published on: 2026-06-15 19:15:05
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11699 Use after free in Bluetooth
Published on: 2026-06-15 19:15:06
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11700 Use after free in Tracing
Published on: 2026-06-15 19:15:07
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-12018 Inappropriate implementation Mojo
Published on: 2026-06-15 07:00:38
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.
Chromium: CVE-2026-12007 Use after free Core
Published on: 2026-06-15 07:00:24
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.
Chromium: CVE-2026-12017 Insufficient validation of untrusted input Extensions
Published on: 2026-06-15 07:00:37
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.
Chromium: CVE-2026-12014 Use after free Cast
Published on: 2026-06-15 07:00:33
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.
Chromium: CVE-2026-12013 Use after free Media
Published on: 2026-06-15 07:00:32
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.
Chromium: CVE-2026-12010 Heap buffer overflow GPU
Published on: 2026-06-15 07:00:29
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.
Chromium: CVE-2026-12009 Insufficient validation of untrusted input Accessibility
Published on: 2026-06-15 07:00:27
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.
Chromium: CVE-2026-11647 Use after free in Printing
Published on: 2026-06-15 19:13:56
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11648 Use after free in FullScreen
Published on: 2026-06-15 19:13:57
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11651 Use after free in Network
Published on: 2026-06-15 19:14:01
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11649 Use after free in V8
Published on: 2026-06-15 19:13:58
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11652 Use after free in Extensions
Published on: 2026-06-15 19:14:03
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11650 Use after free in V8
Published on: 2026-06-15 19:14:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11653 Insufficient validation of untrusted input in Extensions
Published on: 2026-06-15 19:14:04
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11654 Use after free in CameraCapture
Published on: 2026-06-15 19:14:06
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11656 Use after free in ServiceWorker
Published on: 2026-06-15 19:14:09
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11655 Integer overflow in Media
Published on: 2026-06-15 19:14:07
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-12011 Use after free WebMIDI
Published on: 2026-06-15 07:00:30
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.
CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Published on: 2026-06-15 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-6429 netrc credential leak with reused proxy connection
Published on: 2026-06-15 01:40:40
Link: View Details
Information published.
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
Published on: 2026-06-15 01:40:49
Link: View Details
Information published.
CVE-2026-6253 proxy credentials leak over redirect-to proxy
Published on: 2026-06-15 01:40:58
Link: View Details
Information published.
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Published on: 2026-06-15 01:02:18
Link: View Details
Information published.
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
Published on: 2026-06-15 01:41:21
Link: View Details
Information published.
CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service
Published on: 2026-06-15 01:42:16
Link: View Details
Information published.
CVE-2026-46433 lldpd: Heap OOB Read in VLAN Decapsulation memmove
Published on: 2026-06-15 01:42:41
Link: View Details
Information published.
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
Published on: 2026-06-15 01:01:25
Link: View Details
Information published.
CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle
Published on: 2026-06-15 01:02:31
Link: View Details
Information published.
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value
Published on: 2026-06-13 01:06:42
Link: View Details
Information published.
CVE-2026-4873 connection reuse ignores TLS requirement
Published on: 2026-06-13 01:41:54
Link: View Details
Information published.
CVE-2026-6429 netrc credential leak with reused proxy connection
Published on: 2026-06-13 01:42:01
Link: View Details
Information published.
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
Published on: 2026-06-13 01:42:15
Link: View Details
Information published.
CVE-2026-6253 proxy credentials leak over redirect-to proxy
Published on: 2026-06-13 01:41:40
Link: View Details
Information published.
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Published on: 2026-06-13 01:42:39
Link: View Details
Information published.
CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule
Published on: 2026-06-13 01:43:07
Link: View Details
Information published.
CVE-2026-6276 stale custom cookie host causes cookie leak
Published on: 2026-06-13 01:41:47
Link: View Details
Information published.
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Published on: 2026-06-13 01:42:27
Link: View Details
Information published.
CVE-2026-11822 SQLite before 3.53.2 Memory Corruption in FTS5 Extension
Published on: 2026-06-13 01:43:31
Link: View Details
Information published.
CVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name
Published on: 2026-06-13 01:01:47
Link: View Details
Information published.
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Published on: 2026-06-13 01:02:20
Link: View Details
Information published.
CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function
Published on: 2026-06-13 01:02:40
Link: View Details
Information published.
CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling
Published on: 2026-06-13 01:04:54
Link: View Details
Information published.
CVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
Published on: 2026-06-13 01:06:35
Link: View Details
Information published.
CVE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate
Published on: 2026-06-13 01:43:24
Link: View Details
Information published.
CVE-2026-10846 Insufficient verification that responses belong to a query
Published on: 2026-06-13 01:43:38
Link: View Details
Information published.
CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion
Published on: 2026-06-13 01:01:27
Link: View Details
Information published.
CVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen Snapshot
Published on: 2026-06-13 01:01:34
Link: View Details
Information published.
CVE-2026-47167 Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex
Published on: 2026-06-13 01:01:41
Link: View Details
Information published.
CVE-2026-52858 Vim: Arbitrary Code Execution via Python Omni-Completion
Published on: 2026-06-13 01:01:54
Link: View Details
Information published.
CVE-2026-44705 tmp: Path Traversal via unsanitized prefix/postfix enables directory escape
Published on: 2026-06-13 01:01:59
Link: View Details
Information published.
CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler
Published on: 2026-06-13 01:02:56
Link: View Details
Information published.
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Published on: 2026-06-13 01:03:18
Link: View Details
Information published.
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
Published on: 2026-06-13 01:03:46
Link: View Details
Information published.
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
Published on: 2026-06-13 01:03:59
Link: View Details
Information published.
CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption
Published on: 2026-06-13 01:04:21
Link: View Details
Information published.
CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
Published on: 2026-06-13 01:04:41
Link: View Details
Information published.
CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption
Published on: 2026-06-13 01:05:17
Link: View Details
Information published.
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption
Published on: 2026-06-13 01:05:39
Link: View Details
Information published.
CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate
Published on: 2026-06-13 01:05:54
Link: View Details
Information published.
CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing
Published on: 2026-06-13 01:06:21
Link: View Details
Information published.
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service
Published on: 2026-06-12 01:01:35
Link: View Details
Information published.
CVE-2026-46643 Snappy: Binary path is never shell-escaped due to an inverted is_executable check
Published on: 2026-06-12 01:01:22
Link: View Details
Information published.
CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option
Published on: 2026-06-12 01:01:28
Link: View Details
Information published.
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Published on: 2026-06-11 01:42:10
Link: View Details
Information published.
CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans
Published on: 2026-06-11 01:43:57
Link: View Details
Information published.
CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name
Published on: 2026-06-11 01:43:37
Link: View Details
Information published.
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling
Published on: 2026-06-11 01:43:44
Link: View Details
Information published.
CVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchange
Published on: 2026-06-11 01:43:51
Link: View Details
Information published.
CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service
Published on: 2026-06-11 01:39:21
Link: View Details
Information published.
CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders
Published on: 2026-06-11 01:39:38
Link: View Details
Information published.
CVE-2026-50256 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch
Published on: 2026-06-11 01:39:53
Link: View Details
Information published.
CVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes
Published on: 2026-06-11 01:40:00
Link: View Details
Information published.
CVE-2026-50260 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()
Published on: 2026-06-11 01:40:08
Link: View Details
Information published.
CVE-2026-50257 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()
Published on: 2026-06-11 01:40:22
Link: View Details
Information published.
CVE-2026-50258 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels
Published on: 2026-06-11 01:40:30
Link: View Details
Information published.
CVE-2026-50263 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()
Published on: 2026-06-11 01:40:37
Link: View Details
Information published.
CVE-2026-11822 SQLite before 3.53.2 Memory Corruption in FTS5 Extension
Published on: 2026-06-11 01:01:31
Link: View Details
Information published.
CVE-2026-42536 Apache HTTP Server: mod_xml2enc heap overflow
Published on: 2026-06-11 01:01:59
Link: View Details
Information published.
CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution
Published on: 2026-06-11 01:44:24
Link: View Details
Information published.
CVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal
Published on: 2026-06-11 01:44:30
Link: View Details
Information published.
CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities
Published on: 2026-06-11 01:44:37
Link: View Details
Information published.
CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()
Published on: 2026-06-11 01:39:45
Link: View Details
Information published.
CVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing
Published on: 2026-06-11 01:40:15
Link: View Details
Information published.
CVE-2026-46433 lldpd: Heap OOB Read in VLAN Decapsulation memmove
Published on: 2026-06-11 01:01:18
Link: View Details
Information published.
CVE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate
Published on: 2026-06-11 01:01:25
Link: View Details
Information published.
CVE-2026-10846 Insufficient verification that responses belong to a query
Published on: 2026-06-11 01:01:37
Link: View Details
Information published.
CVE-2026-48913 Apache HTTP Server: mod_http2 memory corruption when file handles exhausted
Published on: 2026-06-11 01:01:43
Link: View Details
Information published.
CVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules
Published on: 2026-06-11 01:01:48
Link: View Details
Information published.
CVE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS
Published on: 2026-06-11 01:01:54
Link: View Details
Information published.
CVE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash
Published on: 2026-06-11 01:02:05
Link: View Details
Information published.
CVE-2026-29167 Apache HTTP Server: mod_ldap per-dir use-after-free
Published on: 2026-06-11 01:02:12
Link: View Details
Information published.
CVE-2026-42535 Apache HTTP Server: mod_dav_fs protected directory access
Published on: 2026-06-11 01:02:25
Link: View Details
Information published.
CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow
Published on: 2026-06-11 01:02:17
Link: View Details
Information published.
CVE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp
Published on: 2026-06-11 01:02:30
Link: View Details
Information published.
CVE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow
Published on: 2026-06-11 01:02:36
Link: View Details
Information published.
CVE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`
Published on: 2026-06-11 01:02:42
Link: View Details
Information published.
CVE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow
Published on: 2026-06-11 01:02:47
Link: View Details
Information published.
CVE-2026-47294 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-06-10 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability
Published on: 2026-06-10 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-48569 Visual Studio Code Security Feature Bypass Vulnerability
Published on: 2026-06-10 07:00:00
Link: View Details
Updated the Security Updates Build Number
CVE-2026-40376 Visual Studio Code Elevation of Privilege Vulnerability
Published on: 2026-06-10 07:00:00
Link: View Details
Updated the Security Updates Build Number
CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability
Published on: 2026-06-10 07:00:00
Link: View Details
Updated the Security Updates Build Number and Title as the Chat extention is now merged into Visual Studio Code
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
Published on: 2026-06-10 07:00:00
Link: View Details
The release notes link has been updated to point to the latest available version. Informational change only.
CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-06-10 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-20846 GDI+ Denial of Service Vulnerability
Published on: 2026-06-10 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Published on: 2026-06-10 01:41:47
Link: View Details
Information published.
CVE-2026-43059 Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers
Published on: 2026-06-10 01:05:35
Link: View Details
Information published.
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service
Published on: 2026-06-10 01:42:51
Link: View Details
Information published.
CVE-2026-46275 Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
Published on: 2026-06-10 01:03:52
Link: View Details
Information published.
CVE-2026-46285 mtd: docg3: fix use-after-free in docg3_release()
Published on: 2026-06-10 01:03:57
Link: View Details
Information published.
CVE-2026-46280 lib: test_hmm: evict device pages on file close to avoid use-after-free
Published on: 2026-06-10 01:04:02
Link: View Details
Information published.
CVE-2026-46282 iio: frequency: admv1013: fix NULL pointer dereference on str
Published on: 2026-06-10 01:04:13
Link: View Details
Information published.
CVE-2026-46312 media: videobuf2: Set vma_flags in vb2_dma_sg_mmap
Published on: 2026-06-10 01:04:19
Link: View Details
Information published.
CVE-2026-46301 spi: topcliff-pch: fix use-after-free on unbind
Published on: 2026-06-10 01:04:24
Link: View Details
Information published.
CVE-2026-46302 selinux: allow multiple opens of /sys/fs/selinux/policy
Published on: 2026-06-10 01:04:35
Link: View Details
Information published.
CVE-2026-46314 drm/v3d: Reject empty multisync extension to prevent infinite loop
Published on: 2026-06-10 01:04:40
Link: View Details
Information published.
CVE-2025-71315 drm/vkms: Convert to DRM's vblank timer
Published on: 2026-06-10 01:04:46
Link: View Details
Information published.
CVE-2026-46296 spi: s3c64xx: fix NULL-deref on driver unbind
Published on: 2026-06-10 01:04:57
Link: View Details
Information published.
CVE-2026-46287 net: txgbe: fix RTNL assertion warning when remove module
Published on: 2026-06-10 01:05:08
Link: View Details
Information published.
CVE-2026-46299 hfsplus: fix held lock freed on hfsplus_fill_super()
Published on: 2026-06-10 01:05:18
Link: View Details
Information published.
CVE-2026-46321 tun: free page on short-frame rejection in tun_xdp_one()
Published on: 2026-06-10 01:05:47
Link: View Details
Information published.
CVE-2026-46319 net/sched: act_ct: Only release RCU read lock after ct_ft
Published on: 2026-06-10 01:05:58
Link: View Details
Information published.
CVE-2026-46323 net: gro: don't merge zcopy skbs
Published on: 2026-06-10 01:06:04
Link: View Details
Information published.
CVE-2026-46324 netfilter: nf_tables: use list_del_rcu for netlink hooks
Published on: 2026-06-10 01:06:09
Link: View Details
Information published.
CVE-2026-46320 tap: free page on error paths in tap_get_user_xdp()
Published on: 2026-06-10 01:06:15
Link: View Details
Information published.
CVE-2026-46289 lib/scatterlist: fix length calculations in extract_kvec_to_sg
Published on: 2026-06-10 01:03:35
Link: View Details
Information published.
CVE-2026-46307 wifi: ath5k: do not access array OOB
Published on: 2026-06-10 01:03:41
Link: View Details
Information published.
CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd
Published on: 2026-06-10 01:03:46
Link: View Details
Information published.
CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()
Published on: 2026-06-10 01:04:08
Link: View Details
Information published.
CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key
Published on: 2026-06-10 01:04:30
Link: View Details
Information published.
CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration
Published on: 2026-06-10 01:04:51
Link: View Details
Information published.
CVE-2026-46306 flow_dissector: do not dissect PPPoE PFC frames
Published on: 2026-06-10 01:05:02
Link: View Details
Information published.
CVE-2026-46304 nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free
Published on: 2026-06-10 01:05:13
Link: View Details
Information published.
CVE-2026-46303 isofs: validate Rock Ridge CE continuation extent against volume size
Published on: 2026-06-10 01:05:24
Link: View Details
Information published.
CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service
Published on: 2026-06-10 01:05:42
Link: View Details
Information published.
CVE-2026-46322 tun: free page on build_skb failure in tun_xdp_one()
Published on: 2026-06-10 01:05:53
Link: View Details
Information published.
CVE-2026-46325 RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE
Published on: 2026-06-10 01:06:20
Link: View Details
Information published.
CVE-2026-46330 Revert "net/smc: Introduce TCP ULP support"
Published on: 2026-06-10 01:06:26
Link: View Details
Information published.
CVE-2026-41108 Windows DNS Client Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
CVE-2026-45467 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45468 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45472 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45471 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45474 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45479 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45486 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45485 Microsoft Office Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-45483 Microsoft Office Project Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.
Chromium: CVE-2026-10984 Inappropriate implementation in Accessibility
Published on: 2026-06-09 07:00:57
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11291 Policy bypass in Android Autofill
Published on: 2026-06-09 07:00:37
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11178 Policy bypass in WebView
Published on: 2026-06-09 07:00:35
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2025-10263 ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel]
Published on: 2026-06-09 07:00:00
Link: View Details
No cwe for this issue in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
CVE-2026-40409 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Information published.
CVE-2026-40404 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Information published.
CVE-2026-33828 Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.
CVE-2026-34335 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-42902 Microsoft PowerToys Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.
CVE-2026-44817 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44818 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44819 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-44820 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44821 Microsoft Office Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-44823 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44824 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45453 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45460 Microsoft Office Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-45461 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45466 Microsoft Word Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-45487 Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.
CVE-2026-45490 .NET SDK Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
CVE-2026-45491 .NET Tampering Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.
CVE-2026-45500 Microsoft Exchange Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-45501 Microsoft Exchange Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-45502 Microsoft Exchange Server Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
CVE-2026-45503 Microsoft Exchange Server Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-45583 Microsoft Exchange Server Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.
CVE-2026-45605 Windows Bluetooth Service Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2026-45639 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-45640 Windows Bluetooth Port Driver Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-45606 Microsoft UxTheme Library (uxtheme.dll) Denial of Service Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.
CVE-2026-45607 Windows Hyper-V Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-45641 Windows Hyper-V Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-45634 Windows DHCP Client Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
CVE-2026-45642 Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.
CVE-2026-45643 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45645 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45648 Windows Active Directory Domain Services Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
CVE-2026-45649 Office for Android Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
CVE-2026-45650 Microsoft Bing Search Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-45655 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-45656 UEFI Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
CVE-2026-45657 Windows Kernel Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
CVE-2026-47287 Visual Studio Code Tampering Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.
CVE-2026-47288 Windows Kerberos Key Distribution Center (KDC) Remote Code Execution
Published on: 2026-06-09 07:00:00
Link: View Details
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
CVE-2026-47289 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-47291 HTTP.sys Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
CVE-2026-47292 Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.
CVE-2026-41092 Microsoft Kinect Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
CVE-2026-32193 Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.
CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-47631 Microsoft Exchange Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-41098 Azure Stack Edge Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.
CVE-2026-47635 Microsoft Outlook and Word Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47637 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47638 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47639 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47641 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45588 Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-47648 Windows Storage Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.
CVE-2026-8863 UEFI Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
CVE-2026-47653 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-47652 Windows Hyper-V Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-47654 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-48563 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-48566 Windows DWM Core Library Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who have already installed the May 2026 updates do not need to take any further action.
CVE-2026-48568 Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48570 Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48573 Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48575 Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48576 Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48578 Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48583 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
ADV990001 Latest Servicing Stack Updates
Published on: 2026-06-09 07:00:00
Link: View Details
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
CVE-2026-49161 Microsoft PC Manager Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-50508 Windows NTLM Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26142 Nuance PowerScribe Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.
Chromium: CVE-2026-11012 Use after free in Serial
Published on: 2026-06-09 07:00:28
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11029 Insufficient validation of untrusted input in Drag and Drop
Published on: 2026-06-09 07:00:47
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11045 Insufficient validation of untrusted input in GPU
Published on: 2026-06-09 07:00:05
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11065 Use after free in ANGLE
Published on: 2026-06-09 07:00:29
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11072 Use after free in WebView
Published on: 2026-06-09 07:00:37
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11080 Use after free in WebView
Published on: 2026-06-09 07:00:46
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11082 Use after free in GPU
Published on: 2026-06-09 07:00:48
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11108 Inappropriate implementation in NFC
Published on: 2026-06-09 07:00:16
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11119 Insufficient validation of untrusted input in GPU
Published on: 2026-06-09 07:00:28
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11131 Use after free in Autofill
Published on: 2026-06-09 07:00:41
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11145 Race in Geolocation
Published on: 2026-06-09 07:00:57
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11148 Inappropriate implementation in Payments
Published on: 2026-06-09 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11175 Incorrect security UI in Messages
Published on: 2026-06-09 07:00:32
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11188 Use after free in USB
Published on: 2026-06-09 07:00:46
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11226 Insufficient policy enforcement in PreviewTab
Published on: 2026-06-09 07:00:28
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11263 Insufficient policy enforcement in WebAuthentication
Published on: 2026-06-09 07:00:08
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11287 Insufficient validation of untrusted input in Navigation
Published on: 2026-06-09 07:00:33
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11295 Inappropriate implementation in WebView
Published on: 2026-06-09 07:00:42
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-33113 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-42829 Windows Administrator Protection Secure Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
CVE-2026-42835 Microsoft Teams for Android Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
CVE-2026-40376 Visual Studio Code Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-44822 Microsoft Excel Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-45454 Microsoft SharePoint Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-45455 Microsoft Excel Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-45457 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45459 Microsoft Excel Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-45462 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45463 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45464 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45465 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45476 Microsoft Azure Network Adapter Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-45586 Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.
CVE-2026-45591 ASP.NET Core Denial of Service Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-45592 Windows Internet (wininet.dll) Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-45593 Windows SDK Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-45594 Windows Application Identity (AppID) Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
CVE-2026-45604 Windows Managed Installer Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
CVE-2026-45595 Windows Mark of the Web Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-45597 Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-45599 Windows UPnP Device Host Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
CVE-2026-45601 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45598 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45636 Windows NTFS Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-45596 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45600 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
CVE-2026-45635 Windows UPnP Device Host Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
CVE-2026-45638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45603 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-45608 Windows DHCP Client Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
CVE-2026-45644 Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.
CVE-2026-45653 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-45654 Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-45647 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2026-45658 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-47281 Visual Studio Code Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-47284 Visual Studio Code Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.
CVE-2026-47293 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.
CVE-2026-47634 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47640 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47643 Azure Stack Edge Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
CVE-2026-45481 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-45484 Microsoft SharePoint Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2026-47656 Windows Boot Manager Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-48560 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-48562 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-48565 Windows Narrator Braille Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
CVE-2026-48569 Visual Studio Code Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-48574 Windows Media Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-49160 HTTP.sys Denial of Service Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
CVE-2026-50507 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-50511 Microsoft PC Manager Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-50512 Microsoft PC Manager Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Chromium: CVE-2026-11297 Insufficient validation of untrusted input in Reader Mode
Published on: 2026-06-09 07:00:44
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-10883 Out of bounds write in ANGLE
Published on: 2026-06-09 07:00:01
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-10892 Out of bounds write in GPU
Published on: 2026-06-09 07:00:11
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-10923 Use after free in WebAppInstalls
Published on: 2026-06-09 07:00:46
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-10929 Heap buffer overflow in ANGLE
Published on: 2026-06-09 07:00:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-10934 Use after free in Autofill
Published on: 2026-06-09 07:00:59
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-10953 Use after free in Core
Published on: 2026-06-09 07:00:22
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-10959 Use after free in Input
Published on: 2026-06-09 07:00:30
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-10967 Use after free in SurfaceCapture
Published on: 2026-06-09 07:00:38
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11007 Insufficient validation of untrusted input in WebView
Published on: 2026-06-09 07:00:22
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11010 Use after free in WebShare
Published on: 2026-06-09 07:00:25
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11019 Inappropriate implementation in Payments
Published on: 2026-06-09 07:00:36
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11034 Insufficient validation of untrusted input in Tab Group Sync
Published on: 2026-06-09 07:00:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11064 Uninitialized Use in GPU
Published on: 2026-06-09 07:00:28
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11077 Out of bounds read in Dawn
Published on: 2026-06-09 07:00:42
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11127 Inappropriate implementation in WebAPKs
Published on: 2026-06-09 07:00:36
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11163 Use after free in Messages
Published on: 2026-06-09 07:00:18
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11167 Inappropriate implementation in WebView
Published on: 2026-06-09 07:00:23
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11172 Incorrect security UI in Contact Picker
Published on: 2026-06-09 07:00:29
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11215 Inappropriate implementation in Cronet
Published on: 2026-06-09 07:00:16
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11247 Insufficient policy enforcement in CustomTabs
Published on: 2026-06-09 07:00:50
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11270 Inappropriate implementation in UI
Published on: 2026-06-09 07:00:16
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11278 Inappropriate implementation in CustomTabs
Published on: 2026-06-09 07:00:24
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11290 Integer overflow in WebView
Published on: 2026-06-09 07:00:36
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11035 Insufficient validation of untrusted input in Custom Tabs
Published on: 2026-06-09 07:00:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Chromium: CVE-2026-11097 Inappropriate implementation in WebView
Published on: 2026-06-09 07:00:04
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-42836 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-42837 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-42903 Windows Kerberos Denial of Service Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Information published.
CVE-2026-42904 Windows TCP/IP Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-42905 Windows DWM Core Library Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-42906 Windows Shell Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
CVE-2026-42907 Windows Shell Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
CVE-2026-42908 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-42980 NT OS Kernel Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42909 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42916 NT OS Kernel Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42911 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-42913 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42912 Windows Telephony Service Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-42914 Windows Kerberos Denial of Service Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Information published.
CVE-2026-42915 Windows TCP/IP Denial of Service Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.
CVE-2026-42968 Windows Telephony Server Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
CVE-2026-42972 Windows Hyper-V Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
CVE-2026-42969 Windows Push Notification Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42971 Windows Push Notification Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42970 Windows Push Notification Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42973 Windows Push Notification Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42984 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42981 Windows Performance Monitor Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-42974 Windows Performance Monitor Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-42986 Microsoft Graphics Component Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-42978 Windows Push Notifications Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42977 Windows Push Notifications Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42979 Windows Push Notifications Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42991 Windows Push Notifications Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42989 Winlogon Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-44809 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-44810 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
CVE-2026-42992 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-44805 Windows Network Controller (NC) Host Agent Denial of Service Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.
CVE-2026-44811 Windows DWM Core Library Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44808 Windows DWM Core Library Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44807 Windows DWM Core Library Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44799 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-44815 DHCP Client Service Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42983 Windows DWM Core Library Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44802 Windows DWM Core Library Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44814 Windows DWM Core Library Information Disclosure Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-44801 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42985 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42987 Windows Deployment Services (WDS) Remote Code Execution
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
CVE-2026-44803 Windows Graphics Component Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-44812 Windows Graphics Component Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-42993 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-44813 Windows DWM Core Library Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44804 Windows DWM Core Library Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Added links to June 2026 Exchange Server security updates. Microsoft recommends installing this updates as soon as possible.
CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Added Microsoft Excel for Android, Microsoft Word for Android, Microsoft Loop for Android, Microsoft PowerPoint for Android and Microsoft OneNote for Android softwares to the Security Updates table. Customers that are running supported version of these products are encouraged to update to the indicated versions to be protected from this vulnerability.
CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Added Office softwares to the Security Updates table. Customers that are running supported versions of Office are encouraged to update to the indicated versions to be protected from this vulnerability.
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Updated product information in the Software Update table. This is an informational change only.
CVE-2024-49075 Windows Remote Desktop Services Denial of Service Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating to the June 2026 version of your Windows operating systems.
CVE-2024-49123 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating to the June 2026 version of your Windows operating systems.
CVE-2024-49132 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating to the June 2026 version of your Windows operating systems.
CVE-2025-21330 Windows Remote Desktop Services Denial of Service Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating to the June 2026 version of your Windows operating systems.
CVE-2024-43582 Remote Desktop Protocol Server Remote Code Execution Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
To comprehensively address this vulnerability Windows 11 Version 26H1 for ARM64-based Systems and Windows 11 Version 26H1 for64-based Systems have been added to the Security Updates table. Microsoft recommend updating to the June 2026 version of your Windows operating systems.
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
Added links to June 2026 Windows security updates. Microsoft recommends installing this updates as soon as possible.
CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Published on: 2026-06-09 07:00:00
Link: View Details
To comprehensively address the vulnerability identified by CVE-2020-17103, Microsoft recommends installing the June 2026 updates for your Windows operating systems.
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
Published on: 2026-06-09 01:41:13
Link: View Details
Information published.
CVE-2026-32280 Unexpected work during chain building in crypto/x509
Published on: 2026-06-09 01:40:50
Link: View Details
Information published.
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Published on: 2026-06-09 01:41:06
Link: View Details
Information published.
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
Published on: 2026-06-09 01:40:58
Link: View Details
Information published.
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template
Published on: 2026-06-09 01:40:34
Link: View Details
Information published.
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Published on: 2026-06-09 01:43:49
Link: View Details
Information published.
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Published on: 2026-06-09 01:43:01
Link: View Details
Information published.
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Published on: 2026-06-09 01:43:19
Link: View Details
Information published.
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Published on: 2026-06-09 01:43:10
Link: View Details
Information published.
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Published on: 2026-06-09 01:43:27
Link: View Details
Information published.
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Published on: 2026-06-09 01:43:44
Link: View Details
Information published.
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Published on: 2026-06-09 01:44:40
Link: View Details
Information published.
CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory
Published on: 2026-06-09 01:43:56
Link: View Details
Information published.
CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification
Published on: 2026-06-09 01:44:21
Link: View Details
Information published.
CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
Published on: 2026-06-09 01:44:28
Link: View Details
Information published.
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Published on: 2026-06-09 01:41:44
Link: View Details
Information published.
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
Published on: 2026-06-09 01:41:49
Link: View Details
Information published.
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution
Published on: 2026-06-09 01:41:54
Link: View Details
Information published.
CVE-2026-33811 Crash when handling long CNAME response in net
Published on: 2026-06-09 01:42:02
Link: View Details
Information published.
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Published on: 2026-06-09 01:42:19
Link: View Details
Information published.
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Published on: 2026-06-09 01:42:39
Link: View Details
Information published.
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Published on: 2026-06-09 01:42:47
Link: View Details
Information published.
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Published on: 2026-06-09 01:42:54
Link: View Details
Information published.
CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c
Published on: 2026-06-09 01:44:02
Link: View Details
Information published.
CVE-2026-40510 OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c
Published on: 2026-06-09 01:44:08
Link: View Details
Information published.
CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation
Published on: 2026-06-09 01:44:15
Link: View Details
Information published.
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
Published on: 2026-06-09 01:44:35
Link: View Details
Information published.
CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward
Published on: 2026-06-09 01:44:47
Link: View Details
Information published.
CVE-2026-46250 MIPS: Work around LLVM bug when gp is used as global register variable
Published on: 2026-06-09 01:44:59
Link: View Details
Information published.
CVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime
Published on: 2026-06-09 01:45:18
Link: View Details
Information published.
CVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,
Published on: 2026-06-09 01:46:00
Link: View Details
Information published.
CVE-2026-10722 cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow
Published on: 2026-06-09 01:46:11
Link: View Details
Information published.
CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service
Published on: 2026-06-09 01:46:16
Link: View Details
Information published.
CVE-2026-11463 USCiLab Cereal Shared Pointer type confusion
Published on: 2026-06-09 01:01:24
Link: View Details
Information published.
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service
Published on: 2026-06-09 01:01:30
Link: View Details
Information published.
CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body
Published on: 2026-06-09 01:01:48
Link: View Details
Information published.
CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders
Published on: 2026-06-09 01:01:53
Link: View Details
Information published.
CVE-2026-50256 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch
Published on: 2026-06-09 01:02:04
Link: View Details
Information published.
CVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes
Published on: 2026-06-09 01:02:10
Link: View Details
Information published.
CVE-2026-50260 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()
Published on: 2026-06-09 01:02:16
Link: View Details
Information published.
CVE-2026-50257 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()
Published on: 2026-06-09 01:02:27
Link: View Details
Information published.
CVE-2026-50258 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels
Published on: 2026-06-09 01:02:33
Link: View Details
Information published.
CVE-2026-50263 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()
Published on: 2026-06-09 01:02:38
Link: View Details
Information published.
CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory
Published on: 2026-06-09 01:46:26
Link: View Details
Information published.
CVE-2026-50031 ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Two subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" were found to have exploitable buffer overflows on response messages.
Published on: 2026-06-09 01:44:54
Link: View Details
Information published.
CVE-2026-46272 coresight: tmc-etr: Fix race condition between sysfs and perf mode
Published on: 2026-06-09 01:45:04
Link: View Details
Information published.
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto
Published on: 2026-06-09 01:45:32
Link: View Details
Information published.
CVE-2026-50292 In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution
Published on: 2026-06-09 01:45:39
Link: View Details
Information published.
CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509
Published on: 2026-06-09 01:45:53
Link: View Details
Information published.
CVE-2026-37460 Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Published on: 2026-06-09 01:46:06
Link: View Details
Information published.
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
Published on: 2026-06-09 01:46:31
Link: View Details
Information published.
CVE-2026-50265 Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292
Published on: 2026-06-09 01:01:36
Link: View Details
Information published.
CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()
Published on: 2026-06-09 01:01:59
Link: View Details
Information published.
CVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing
Published on: 2026-06-09 01:02:22
Link: View Details
Information published.
CVE-2026-35429 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Published on: 2026-06-08 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Published on: 2026-06-08 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime
Published on: 2026-06-07 01:02:12
Link: View Details
Information published.
CVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,
Published on: 2026-06-07 01:01:28
Link: View Details
Information published.
CVE-2026-10722 cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow
Published on: 2026-06-07 01:01:56
Link: View Details
Information published.
CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service
Published on: 2026-06-07 01:02:47
Link: View Details
Information published.
CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory
Published on: 2026-06-07 01:03:04
Link: View Details
Information published.
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto
Published on: 2026-06-07 01:02:22
Link: View Details
Information published.
CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509
Published on: 2026-06-07 01:02:32
Link: View Details
Information published.
CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution
Published on: 2026-06-07 01:01:21
Link: View Details
Information published.
CVE-2026-37460 Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Published on: 2026-06-07 01:02:01
Link: View Details
Information published.
CVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal
Published on: 2026-06-07 01:02:38
Link: View Details
Information published.
CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities
Published on: 2026-06-07 01:02:54
Link: View Details
Information published.
CVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()
Published on: 2026-06-07 01:03:09
Link: View Details
Information published.
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
Published on: 2026-06-07 01:03:17
Link: View Details
Information published.
CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-06-05 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Published on: 2026-06-05 07:00:00
Link: View Details
This CVE was updated to fix the download link for .NET Framework 3.8 & 4.81 for Windows 2025
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
Published on: 2026-06-05 07:00:00
Link: View Details
This CVE was updated to fix the download link for .NET Framework 3.8 & 4.81 for Windows 2025
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Published on: 2026-06-05 01:41:22
Link: View Details
Information published.
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Published on: 2026-06-05 01:41:01
Link: View Details
Information published.
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Published on: 2026-06-05 01:41:15
Link: View Details
Information published.
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Published on: 2026-06-05 01:41:08
Link: View Details
Information published.
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Published on: 2026-06-05 01:41:29
Link: View Details
Information published.
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Published on: 2026-06-05 01:41:37
Link: View Details
Information published.
CVE-2026-48567 Azure HorizonDB Elevation of Privilege Vulnerability
Published on: 2026-06-04 07:00:00
Link: View Details
Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability
Published on: 2026-06-04 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability
Published on: 2026-06-04 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
CVE-2026-47644 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
Published on: 2026-06-04 07:00:00
Link: View Details
Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
CVE-2026-47655 Microsoft Graph Information Disclosure Vulnerability
Published on: 2026-06-04 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network.
CVE-2026-48579 Microsoft Exchange Online Information Disclosure Vulnerability
Published on: 2026-06-04 07:00:00
Link: View Details
Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.
CVE-2025-1149 GNU Binutils ld xmalloc.c xstrdup memory leak
Published on: 2026-06-04 01:39:23
Link: View Details
Information published.
CVE-2026-35414 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
Published on: 2026-06-04 01:40:55
Link: View Details
Information published.
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
Published on: 2026-06-04 01:41:49
Link: View Details
Information published.
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Published on: 2026-06-04 01:45:02
Link: View Details
Information published.
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Published on: 2026-06-04 01:43:19
Link: View Details
Information published.
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Published on: 2026-06-04 01:45:09
Link: View Details
Information published.
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Published on: 2026-06-04 01:44:55
Link: View Details
Information published.
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Published on: 2026-06-04 01:44:26
Link: View Details
Information published.
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Published on: 2026-06-04 01:44:06
Link: View Details
Information published.
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Published on: 2026-06-04 01:42:55
Link: View Details
Information published.
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Published on: 2026-06-04 01:45:22
Link: View Details
Information published.
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Published on: 2026-06-04 01:45:29
Link: View Details
Information published.
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
Published on: 2026-06-04 01:45:36
Link: View Details
Information published.
CVE-2026-43964 Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
Published on: 2026-06-04 01:42:06
Link: View Details
Information published.
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Published on: 2026-06-04 01:43:47
Link: View Details
Information published.
CVE-2024-7598 Network restriction bypass via race condition during namespace termination
Published on: 2026-06-03 01:41:20
Link: View Details
Information published.
CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
Published on: 2026-06-03 01:41:38
Link: View Details
Information published.
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve
Published on: 2026-06-03 01:42:45
Link: View Details
Information published.
CVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).
Published on: 2026-06-03 01:44:50
Link: View Details
Information published.
CVE-2020-8561 Webhook redirect in kube-apiserver
Published on: 2026-06-03 01:02:13
Link: View Details
Information published.
CVE-2021-25740 Holes in EndpointSlice Validation Enable Host Network Hijack
Published on: 2026-06-03 01:02:08
Link: View Details
Information published.
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Published on: 2026-06-03 01:45:16
Link: View Details
Information published.
CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Published on: 2026-06-03 01:45:23
Link: View Details
Information published.
CVE-2025-5791 Users: `root` appended to group listings
Published on: 2026-06-03 01:42:36
Link: View Details
Information published.
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion
Published on: 2026-06-03 01:44:47
Link: View Details
Information published.
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
Published on: 2026-06-03 01:45:45
Link: View Details
Information published.
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Published on: 2026-06-03 01:44:06
Link: View Details
Information published.
CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Published on: 2026-06-03 01:43:44
Link: View Details
Information published.
CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
Published on: 2026-06-03 01:44:18
Link: View Details
Information published.
CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Published on: 2026-06-03 01:43:51
Link: View Details
Information published.
CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
Published on: 2026-06-03 01:43:59
Link: View Details
Information published.
CVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
Published on: 2026-06-03 01:42:07
Link: View Details
Information published.
CVE-2024-58251 In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.
Published on: 2026-06-03 01:41:47
Link: View Details
Information published.
CVE-2025-46394 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
Published on: 2026-06-03 01:41:57
Link: View Details
Information published.
CVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leak
Published on: 2026-06-03 01:42:12
Link: View Details
Information published.
CVE-2013-1633 easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
Published on: 2026-06-03 01:39:48
Link: View Details
Information published.
CVE-2024-58266 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
Published on: 2026-06-03 01:42:44
Link: View Details
Information published.
CVE-2023-27043 The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
Published on: 2026-06-03 01:39:34
Link: View Details
Information published.
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
Published on: 2026-06-03 01:42:29
Link: View Details
Information published.
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
Published on: 2026-06-03 01:42:20
Link: View Details
Information published.
CVE-2025-1151 GNU Binutils ld xmemdup.c xmemdup memory leak
Published on: 2026-06-03 01:40:45
Link: View Details
Information published.
CVE-2025-1150 GNU Binutils ld libbfd.c bfd_malloc memory leak
Published on: 2026-06-03 01:40:55
Link: View Details
Information published.
CVE-2025-1180 GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption
Published on: 2026-06-03 01:41:06
Link: View Details
Information published.
CVE-2025-1152 GNU Binutils ld xstrdup.c xstrdup memory leak
Published on: 2026-06-03 01:40:34
Link: View Details
Information published.
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Published on: 2026-06-03 01:47:52
Link: View Details
Information published.
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
Published on: 2026-06-03 01:49:33
Link: View Details
Information published.
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
Published on: 2026-06-03 01:48:03
Link: View Details
Information published.
CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
Published on: 2026-06-03 01:49:41
Link: View Details
Information published.
CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal
Published on: 2026-06-03 01:40:02
Link: View Details
Information published.
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Published on: 2026-06-03 01:42:21
Link: View Details
Information published.
CVE-2026-41607 Apache Thrift: C++ JSON OOB read
Published on: 2026-06-03 01:42:36
Link: View Details
Information published.
CVE-2026-41526 In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.
Published on: 2026-06-03 01:43:10
Link: View Details
Information published.
CVE-2026-40356 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
Published on: 2026-06-03 01:43:26
Link: View Details
Information published.
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
Published on: 2026-06-03 01:43:33
Link: View Details
Information published.
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Published on: 2026-06-03 01:44:56
Link: View Details
Information published.
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Published on: 2026-06-03 01:47:39
Link: View Details
Information published.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Published on: 2026-06-03 01:48:13
Link: View Details
Information published.
CVE-2026-32281 Inefficient policy validation in crypto/x509
Published on: 2026-06-03 01:49:08
Link: View Details
Information published.
CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template
Published on: 2026-06-03 01:48:23
Link: View Details
Information published.
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
Published on: 2026-06-03 01:48:34
Link: View Details
Information published.
CVE-2026-32280 Unexpected work during chain building in crypto/x509
Published on: 2026-06-03 01:48:45
Link: View Details
Information published.
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Published on: 2026-06-03 01:49:22
Link: View Details
Information published.
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
Published on: 2026-06-03 01:48:57
Link: View Details
Information published.
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Published on: 2026-06-03 01:39:41
Link: View Details
Information published.
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Published on: 2026-06-03 01:39:47
Link: View Details
Information published.
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Published on: 2026-06-03 01:39:54
Link: View Details
Information published.
CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal
Published on: 2026-06-03 01:40:08
Link: View Details
Information published.
CVE-2026-5450 scanf %mc off-by-one heap buffer overflow
Published on: 2026-06-03 01:40:16
Link: View Details
Information published.
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Published on: 2026-06-03 01:40:29
Link: View Details
Information published.
CVE-2026-40225 In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
Published on: 2026-06-03 01:41:19
Link: View Details
Information published.
CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path
Published on: 2026-06-03 01:41:27
Link: View Details
Information published.
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters
Published on: 2026-06-03 01:41:33
Link: View Details
Information published.
CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field
Published on: 2026-06-03 01:42:09
Link: View Details
Information published.
CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow
Published on: 2026-06-03 01:42:29
Link: View Details
Information published.
CVE-2026-40355 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
Published on: 2026-06-03 01:43:19
Link: View Details
Information published.
CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file
Published on: 2026-06-03 01:44:33
Link: View Details
Information published.
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
Published on: 2026-06-03 01:45:04
Link: View Details
Information published.
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
Published on: 2026-06-03 01:45:43
Link: View Details
Information published.
CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation
Published on: 2026-06-03 01:45:51
Link: View Details
Information published.
CVE-2024-30896 InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API.
Published on: 2026-06-03 01:40:11
Link: View Details
Information published.
CVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on drop
Published on: 2026-06-03 01:42:16
Link: View Details
Information published.
CVE-2019-11254 Kubernetes API Server denial of service vulnerability from malicious YAML payloads
Published on: 2026-06-03 01:39:56
Link: View Details
Information published.
CVE-2023-1386 Qemu: 9pfs: suid/sgid bits not dropped on file write
Published on: 2026-06-03 01:39:41
Link: View Details
Information published.
CVE-2026-2297 SourcelessFileLoader does not use io.open_code()
Published on: 2026-06-03 01:45:56
Link: View Details
Information published.
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template
Published on: 2026-06-03 01:46:17
Link: View Details
Information published.
CVE-2026-4224 Stack overflow parsing XML with deeply nested DTD content models
Published on: 2026-06-03 01:46:23
Link: View Details
Information published.
CVE-2026-3644 Incomplete control character validation in http.cookies
Published on: 2026-06-03 01:46:31
Link: View Details
Information published.
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
Published on: 2026-06-03 01:43:43
Link: View Details
Information published.
CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow
Published on: 2026-06-03 01:46:04
Link: View Details
Information published.
CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
Published on: 2026-06-03 01:46:37
Link: View Details
Information published.
CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message
Published on: 2026-06-03 01:47:31
Link: View Details
Information published.
CVE-2026-37457 An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.
Published on: 2026-06-03 01:45:17
Link: View Details
Information published.
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Published on: 2026-06-03 01:50:26
Link: View Details
Information published.
CVE-2026-33846 Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly
Published on: 2026-06-03 01:46:23
Link: View Details
Information published.
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Published on: 2026-06-03 01:47:40
Link: View Details
Information published.
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Published on: 2026-06-03 01:48:23
Link: View Details
Information published.
CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals
Published on: 2026-06-03 01:49:28
Link: View Details
Information published.
CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro
Published on: 2026-06-03 01:49:43
Link: View Details
Information published.
CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge
Published on: 2026-06-03 01:49:50
Link: View Details
Information published.
CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
Published on: 2026-06-03 01:49:56
Link: View Details
Information published.
CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains
Published on: 2026-06-03 01:50:03
Link: View Details
Information published.
CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f
Published on: 2026-06-03 01:50:09
Link: View Details
Information published.
CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences
Published on: 2026-06-03 01:50:18
Link: View Details
Information published.
CVE-2026-44777 jq: stack overflow in module loading on mutual `include`
Published on: 2026-06-03 01:50:33
Link: View Details
Information published.
CVE-2026-4873 connection reuse ignores TLS requirement
Published on: 2026-06-03 01:50:45
Link: View Details
Information published.
CVE-2026-6429 netrc credential leak with reused proxy connection
Published on: 2026-06-03 01:50:51
Link: View Details
Information published.
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
Published on: 2026-06-03 01:50:57
Link: View Details
Information published.
CVE-2026-6253 proxy credentials leak over redirect-to proxy
Published on: 2026-06-03 01:39:53
Link: View Details
Information published.
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Published on: 2026-06-03 01:40:11
Link: View Details
Information published.
CVE-2026-4893 CVE-2026-4893
Published on: 2026-06-03 01:40:28
Link: View Details
Information published.
CVE-2026-2291 CVE-2026-2291
Published on: 2026-06-03 01:40:36
Link: View Details
Information published.
CVE-2026-5172 CVE-2026-5172
Published on: 2026-06-03 01:40:44
Link: View Details
Information published.
CVE-2026-4890 CVE-2026-4890
Published on: 2026-06-03 01:40:53
Link: View Details
Information published.
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
Published on: 2026-06-03 01:41:11
Link: View Details
Information published.
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Published on: 2026-06-03 01:41:18
Link: View Details
Information published.
CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
Published on: 2026-06-03 01:41:27
Link: View Details
Information published.
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
Published on: 2026-06-03 01:42:37
Link: View Details
Information published.
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
Published on: 2026-06-03 01:42:52
Link: View Details
Information published.
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Published on: 2026-06-03 01:48:48
Link: View Details
Information published.
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Published on: 2026-06-03 01:44:03
Link: View Details
Information published.
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Published on: 2026-06-03 01:49:01
Link: View Details
Information published.
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Published on: 2026-06-03 01:46:33
Link: View Details
Information published.
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Published on: 2026-06-03 01:48:34
Link: View Details
Information published.
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
Published on: 2026-06-03 01:48:10
Link: View Details
Information published.
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Published on: 2026-06-03 01:48:22
Link: View Details
Information published.
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Published on: 2026-06-03 01:45:53
Link: View Details
Information published.
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Published on: 2026-06-03 01:45:24
Link: View Details
Information published.
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
Published on: 2026-06-03 01:49:14
Link: View Details
Information published.
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Published on: 2026-06-03 01:43:11
Link: View Details
Information published.
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Published on: 2026-06-03 01:46:49
Link: View Details
Information published.
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Published on: 2026-06-03 01:47:08
Link: View Details
Information published.
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Published on: 2026-06-03 01:49:46
Link: View Details
Information published.
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Published on: 2026-06-03 01:45:59
Link: View Details
Information published.
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
Published on: 2026-06-03 01:46:07
Link: View Details
Information published.
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution
Published on: 2026-06-03 01:46:14
Link: View Details
Information published.
CVE-2026-33811 Crash when handling long CNAME response in net
Published on: 2026-06-03 01:46:33
Link: View Details
Information published.
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Published on: 2026-06-03 01:47:51
Link: View Details
Information published.
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Published on: 2026-06-03 01:48:01
Link: View Details
Information published.
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Published on: 2026-06-03 01:48:12
Link: View Details
Information published.
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Published on: 2026-06-03 01:48:34
Link: View Details
Information published.
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Published on: 2026-06-03 01:48:44
Link: View Details
Information published.
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Published on: 2026-06-03 01:48:55
Link: View Details
Information published.
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Published on: 2026-06-03 01:49:07
Link: View Details
Information published.
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Published on: 2026-06-03 01:49:17
Link: View Details
Information published.
CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)
Published on: 2026-06-03 01:49:36
Link: View Details
Information published.
CVE-2026-6276 stale custom cookie host causes cookie leak
Published on: 2026-06-03 01:50:39
Link: View Details
Information published.
CVE-2026-7168 cross-proxy Digest auth state leak
Published on: 2026-06-03 01:40:02
Link: View Details
Information published.
CVE-2026-4891 CVE-2026-4891
Published on: 2026-06-03 01:40:20
Link: View Details
Information published.
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username
Published on: 2026-06-03 01:41:01
Link: View Details
Information published.
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
Published on: 2026-06-03 01:41:35
Link: View Details
Information published.
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Published on: 2026-06-03 01:41:43
Link: View Details
Information published.
CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects
Published on: 2026-06-03 01:41:56
Link: View Details
Information published.
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
Published on: 2026-06-03 01:42:04
Link: View Details
Information published.
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Published on: 2026-06-03 01:47:58
Link: View Details
Information published.
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Published on: 2026-06-03 01:44:53
Link: View Details
Information published.
CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
Published on: 2026-06-03 01:49:24
Link: View Details
Information published.
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Published on: 2026-06-03 01:49:36
Link: View Details
Information published.
CVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directive
Published on: 2026-06-03 01:50:01
Link: View Details
Information published.
CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability
Published on: 2026-06-03 01:50:08
Link: View Details
Information published.
CVE-2025-55551 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
Published on: 2026-06-03 01:43:17
Link: View Details
Information published.
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
Published on: 2026-06-03 01:44:39
Link: View Details
Information published.
CVE-2025-55554 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
Published on: 2026-06-03 01:43:24
Link: View Details
Information published.
CVE-2026-40361 Microsoft Outlook and Word Remote Code Execution Vulnerability
Published on: 2026-06-02 07:00:00
Link: View Details
Updated CVE title. This is an informational change only.
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference
Published on: 2026-06-02 01:47:58
Link: View Details
Information published.
CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
Published on: 2026-06-02 01:46:51
Link: View Details
Information published.
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Published on: 2026-06-02 01:47:02
Link: View Details
Information published.
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Published on: 2026-06-02 01:48:29
Link: View Details
Information published.
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Published on: 2026-06-02 01:48:14
Link: View Details
Information published.
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Published on: 2026-06-02 01:44:10
Link: View Details
Information published.
CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
Published on: 2026-06-02 01:43:58
Link: View Details
Information published.
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Published on: 2026-06-02 01:46:56
Link: View Details
Information published.
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Published on: 2026-06-02 01:47:32
Link: View Details
Information published.
CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
Published on: 2026-06-02 01:47:47
Link: View Details
Information published.
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Published on: 2026-06-02 01:48:03
Link: View Details
Information published.
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Published on: 2026-06-02 01:46:41
Link: View Details
Information published.
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Published on: 2026-06-02 01:47:20
Link: View Details
Information published.
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Published on: 2026-06-02 01:46:46
Link: View Details
Information published.
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Published on: 2026-06-02 01:48:09
Link: View Details
Information published.
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Published on: 2026-06-02 01:47:42
Link: View Details
Information published.
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Published on: 2026-06-02 01:47:07
Link: View Details
Information published.
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Published on: 2026-06-02 01:48:19
Link: View Details
Information published.
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Published on: 2026-06-02 01:48:24
Link: View Details
Information published.
CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`.
This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.
The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.
Impact:
* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
Published on: 2026-06-02 01:40:32
Link: View Details
Information published.
CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.
The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.
This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
Published on: 2026-06-02 01:42:25
Link: View Details
Information published.
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Published on: 2026-06-02 01:47:52
Link: View Details
Information published.
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Published on: 2026-06-02 01:47:26
Link: View Details
Information published.
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Published on: 2026-06-02 01:47:14
Link: View Details
Information published.
CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.
As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.
This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.
Published on: 2026-06-02 01:47:37
Link: View Details
Information published.
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
Published on: 2026-06-02 01:44:29
Link: View Details
Information published.
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault
Published on: 2026-06-02 01:44:52
Link: View Details
Information published.
CVE-2026-7568 Signed integer overflow in metaphone()
Published on: 2026-06-02 01:45:26
Link: View Details
Information published.
CVE-2026-3592 Amplification vulnerabilities via self-pointed glue records
Published on: 2026-06-02 01:40:26
Link: View Details
Information published.
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
Published on: 2026-06-02 01:40:34
Link: View Details
Information published.
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Published on: 2026-06-02 01:40:39
Link: View Details
Information published.
CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading
Published on: 2026-06-02 01:40:45
Link: View Details
Information published.
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Published on: 2026-06-02 01:43:53
Link: View Details
Information published.
CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows
Published on: 2026-06-02 01:40:51
Link: View Details
Information published.
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Published on: 2026-06-02 01:42:25
Link: View Details
Information published.
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Published on: 2026-06-02 01:43:47
Link: View Details
Information published.
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Published on: 2026-06-02 01:43:33
Link: View Details
Information published.
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:42:56
Link: View Details
Information published.
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:43:02
Link: View Details
Information published.
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:42:16
Link: View Details
Information published.
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:41:25
Link: View Details
Information published.
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:42:48
Link: View Details
Information published.
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:43:11
Link: View Details
Information published.
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:43:16
Link: View Details
Information published.
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:41:48
Link: View Details
Information published.
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Published on: 2026-06-02 01:42:30
Link: View Details
Information published.
CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:41:43
Link: View Details
Information published.
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Published on: 2026-06-02 01:43:39
Link: View Details
Information published.
CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
Published on: 2026-06-02 01:42:36
Link: View Details
Information published.
CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Published on: 2026-06-02 01:43:59
Link: View Details
Information published.
CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments
Published on: 2026-06-02 01:44:12
Link: View Details
Information published.
CVE-2026-44708 Mistune Math Plugin XSS Escape Bypass
Published on: 2026-06-02 01:44:20
Link: View Details
Information published.
CVE-2026-44897 Mistune Heading ID Attribute Injection XSS
Published on: 2026-06-02 01:44:27
Link: View Details
Information published.
CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()
Published on: 2026-06-02 01:44:53
Link: View Details
Information published.
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Published on: 2026-06-02 01:46:22
Link: View Details
Information published.
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
Published on: 2026-06-02 01:45:32
Link: View Details
Information published.
CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups
Published on: 2026-06-02 01:45:43
Link: View Details
Information published.
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
Published on: 2026-06-02 01:45:48
Link: View Details
Information published.
CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Published on: 2026-06-02 01:45:58
Link: View Details
Information published.
CVE-2026-10028 Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain
Published on: 2026-06-02 01:01:14
Link: View Details
Information published.
CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error
Published on: 2026-06-02 01:01:20
Link: View Details
Information published.
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Published on: 2026-06-02 01:44:22
Link: View Details
Information published.
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD
Published on: 2026-06-02 01:44:57
Link: View Details
Information published.
CVE-2026-6722 Use-After-Free in SOAP using Apache map
Published on: 2026-06-02 01:45:03
Link: View Details
Information published.
CVE-2026-6735 XSS within PHP-FPM status endpoint
Published on: 2026-06-02 01:45:08
Link: View Details
Information published.
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>
Published on: 2026-06-02 01:45:14
Link: View Details
Information published.
CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings
Published on: 2026-06-02 01:45:20
Link: View Details
Information published.
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
Published on: 2026-06-02 01:45:31
Link: View Details
Information published.
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Published on: 2026-06-02 01:42:02
Link: View Details
Information published.
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Published on: 2026-06-02 01:43:25
Link: View Details
Information published.
CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
Published on: 2026-06-02 01:42:42
Link: View Details
Information published.
CVE-2026-44898 Mistune TOC Anchor Injection XSS
Published on: 2026-06-02 01:44:33
Link: View Details
Information published.
CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()
Published on: 2026-06-02 01:44:44
Link: View Details
Information published.
CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually
Published on: 2026-06-02 01:45:21
Link: View Details
Information published.
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback
Published on: 2026-06-02 01:45:27
Link: View Details
Information published.
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams
Published on: 2026-06-02 01:45:38
Link: View Details
Information published.
CVE-2026-46143 ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens
Published on: 2026-06-02 01:44:58
Link: View Details
Information published.
CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size
Published on: 2026-06-02 01:45:04
Link: View Details
Information published.
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
Published on: 2026-06-02 01:45:10
Link: View Details
Information published.
CVE-2026-46184 sound: ua101: fix division by zero at probe
Published on: 2026-06-02 01:45:15
Link: View Details
Information published.
CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs
Published on: 2026-06-02 01:46:04
Link: View Details
Information published.
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling
Published on: 2026-06-02 01:46:29
Link: View Details
Information published.
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
Published on: 2026-06-02 01:48:35
Link: View Details
Information published.
CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI
Published on: 2026-06-02 01:48:40
Link: View Details
Information published.
CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward
Published on: 2026-06-02 01:01:25
Link: View Details
Information published.
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published on: 2026-06-01 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-45494 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Published on: 2026-06-01 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability
Published on: 2026-06-01 07:00:00
Link: View Details
Updated Hotpatch links. This is in informational change only.
CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption
Published on: 2026-06-01 07:00:00
Link: View Details
Updated Hotpatch links. This is in informational change only.
CVE-2025-6965 Integer Truncation on SQLite
Published on: 2026-06-01 07:00:00
Link: View Details
Added Visual Studio software to the Security Updates table. Customers that are running supported version of Visual Studio are encouraged to update to the indicated version to be protected from this vulnerability.
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Published on: 2026-06-01 01:42:15
Link: View Details
Information published.
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Published on: 2026-06-01 01:41:51
Link: View Details
Information published.
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Published on: 2026-06-01 01:42:03
Link: View Details
Information published.
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published on: 2026-05-31 01:41:09
Link: View Details
Information published.
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published on: 2026-05-31 01:41:02
Link: View Details
Information published.
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published on: 2026-05-31 01:40:55
Link: View Details
Information published.
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference
Published on: 2026-05-31 01:03:56
Link: View Details
Information published.
CVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.
Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.
Published on: 2026-05-31 01:40:05
Link: View Details
Information published.
CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.
This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.
This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
Published on: 2026-05-31 01:39:56
Link: View Details
Information published.
CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
Published on: 2026-05-31 01:02:54
Link: View Details
Information published.
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Published on: 2026-05-31 01:03:05
Link: View Details
Information published.
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Published on: 2026-05-31 01:04:27
Link: View Details
Information published.
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Published on: 2026-05-31 01:04:12
Link: View Details
Information published.
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Published on: 2026-05-31 01:02:59
Link: View Details
Information published.
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Published on: 2026-05-31 01:03:34
Link: View Details
Information published.
CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
Published on: 2026-05-31 01:03:44
Link: View Details
Information published.
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Published on: 2026-05-31 01:04:01
Link: View Details
Information published.
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Published on: 2026-05-31 01:02:44
Link: View Details
Information published.
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Published on: 2026-05-31 01:03:22
Link: View Details
Information published.
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Published on: 2026-05-31 01:02:49
Link: View Details
Information published.
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Published on: 2026-05-31 01:04:07
Link: View Details
Information published.
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Published on: 2026-05-31 01:03:39
Link: View Details
Information published.
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Published on: 2026-05-31 01:03:10
Link: View Details
Information published.
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Published on: 2026-05-31 01:04:17
Link: View Details
Information published.
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Published on: 2026-05-31 01:04:22
Link: View Details
Information published.
CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`.
This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.
The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.
Impact:
* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
Published on: 2026-05-31 01:40:30
Link: View Details
Information published.
CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.
The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.
This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
Published on: 2026-05-31 01:41:41
Link: View Details
Information published.
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Published on: 2026-05-31 01:03:50
Link: View Details
Information published.
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Published on: 2026-05-31 01:03:29
Link: View Details
Information published.
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Published on: 2026-05-31 01:03:16
Link: View Details
Information published.
CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.
As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.
This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.
Published on: 2026-05-31 01:01:15
Link: View Details
Information published.
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Published on: 2026-05-31 01:01:48
Link: View Details
Information published.
CVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAF
Published on: 2026-05-31 01:01:32
Link: View Details
Information published.
CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification
Published on: 2026-05-31 01:01:59
Link: View Details
Information published.
CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans
Published on: 2026-05-31 01:02:22
Link: View Details
Information published.
CVE-2026-9804 Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read
Published on: 2026-05-31 01:02:34
Link: View Details
Information published.
CVE-2026-48864 Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data
Published on: 2026-05-31 01:02:40
Link: View Details
Information published.
CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
Published on: 2026-05-31 01:04:34
Link: View Details
Information published.
CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule
Published on: 2026-05-31 01:04:52
Link: View Details
Information published.
CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c
Published on: 2026-05-31 01:01:21
Link: View Details
Information published.
CVE-2026-40510 OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c
Published on: 2026-05-31 01:01:27
Link: View Details
Information published.
CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation
Published on: 2026-05-31 01:01:54
Link: View Details
Information published.
CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name
Published on: 2026-05-31 01:02:05
Link: View Details
Information published.
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling
Published on: 2026-05-31 01:02:11
Link: View Details
Information published.
CVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchange
Published on: 2026-05-31 01:02:16
Link: View Details
Information published.
CVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability
Published on: 2026-05-31 01:02:29
Link: View Details
Information published.
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
Published on: 2026-05-31 01:04:39
Link: View Details
Information published.
CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI
Published on: 2026-05-31 01:04:44
Link: View Details
Information published.
CVE-2026-46219 spi: mpc52xx: fix use-after-free on unbind
Published on: 2026-05-30 01:41:47
Link: View Details
Information published.
CVE-2026-46214 vsock/virtio: fix accept queue count leak on transport mismatch
Published on: 2026-05-30 01:41:57
Link: View Details
Information published.
CVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-race
Published on: 2026-05-30 01:42:07
Link: View Details
Information published.
CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length
Published on: 2026-05-30 01:42:18
Link: View Details
Information published.
CVE-2026-46172 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()
Published on: 2026-05-30 01:42:23
Link: View Details
Information published.
CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt
Published on: 2026-05-30 01:42:33
Link: View Details
Information published.
CVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX path
Published on: 2026-05-30 01:42:43
Link: View Details
Information published.
CVE-2026-46131 KVM: x86: check for nEPT/nNPT in slow flush hypercalls
Published on: 2026-05-30 01:42:52
Link: View Details
Information published.
CVE-2026-46128 ipmi: Check event message buffer response for bad data
Published on: 2026-05-30 01:43:19
Link: View Details
Information published.
CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails
Published on: 2026-05-30 01:43:38
Link: View Details
Information published.
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
Published on: 2026-05-30 01:43:59
Link: View Details
Information published.
CVE-2026-46220 drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
Published on: 2026-05-30 01:44:04
Link: View Details
Information published.
CVE-2026-46107 dm-thin: fix metadata refcount underflow
Published on: 2026-05-30 01:44:14
Link: View Details
Information published.
CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
Published on: 2026-05-30 01:44:19
Link: View Details
Information published.
CVE-2026-46116 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
Published on: 2026-05-30 01:44:30
Link: View Details
Information published.
CVE-2026-46236 media: rc: xbox_remote: heed DMA restrictions
Published on: 2026-05-30 01:44:35
Link: View Details
Information published.
CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups
Published on: 2026-05-30 01:44:39
Link: View Details
Information published.
CVE-2026-46177 ipmi: Add limits to event and receive message requests
Published on: 2026-05-30 01:44:50
Link: View Details
Information published.
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
Published on: 2026-05-30 01:44:54
Link: View Details
Information published.
CVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if last
Published on: 2026-05-30 01:45:05
Link: View Details
Information published.
CVE-2026-46230 drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg
Published on: 2026-05-30 01:45:10
Link: View Details
Information published.
CVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_put
Published on: 2026-05-30 01:45:15
Link: View Details
Information published.
CVE-2026-46108 ipmi:si: Return state to normal if message allocation fails
Published on: 2026-05-30 01:45:20
Link: View Details
Information published.
CVE-2026-46152 wifi: mac80211: drop stray 'static' from fast-RX rx_result
Published on: 2026-05-30 01:45:30
Link: View Details
Information published.
CVE-2026-46112 RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
Published on: 2026-05-30 01:45:50
Link: View Details
Information published.
CVE-2026-46114 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads
Published on: 2026-05-30 01:45:45
Link: View Details
Information published.
CVE-2026-46125 wifi: mac80211: remove station if connection prep fails
Published on: 2026-05-30 01:45:40
Link: View Details
Information published.
CVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
Published on: 2026-05-30 01:39:45
Link: View Details
Information published.
CVE-2026-46153 8021q: delete cleared egress QoS mappings
Published on: 2026-05-30 01:39:51
Link: View Details
Information published.
CVE-2026-46150 fanotify: fix false positive on permission events
Published on: 2026-05-30 01:46:05
Link: View Details
Information published.
CVE-2026-46241 spi: mpc52xx: fix use-after-free on registration failure
Published on: 2026-05-30 01:46:00
Link: View Details
Information published.
CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()
Published on: 2026-05-30 01:40:01
Link: View Details
Information published.
CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown
Published on: 2026-05-30 01:40:26
Link: View Details
Information published.
CVE-2026-46189 RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
Published on: 2026-05-30 01:40:11
Link: View Details
Information published.
CVE-2026-46199 drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg
Published on: 2026-05-30 01:40:51
Link: View Details
Information published.
CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response
Published on: 2026-05-30 01:40:56
Link: View Details
Information published.
CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget
Published on: 2026-05-30 01:41:06
Link: View Details
Information published.
CVE-2026-46106 eventfs: Hold eventfs_mutex and SRCU when remount walks events
Published on: 2026-05-30 01:41:16
Link: View Details
Information published.
CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
Published on: 2026-05-30 01:41:36
Link: View Details
Information published.
CVE-2026-46178 RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()
Published on: 2026-05-30 01:41:42
Link: View Details
Information published.
CVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insert
Published on: 2026-05-30 01:41:52
Link: View Details
Information published.
CVE-2026-46200 spi: mpc52xx: fix controller deregistration
Published on: 2026-05-30 01:42:02
Link: View Details
Information published.
CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
Published on: 2026-05-30 01:42:13
Link: View Details
Information published.
CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually
Published on: 2026-05-30 01:42:28
Link: View Details
Information published.
CVE-2026-46198 batman-adv: fix integer overflow on buff_pos
Published on: 2026-05-30 01:42:38
Link: View Details
Information published.
CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync
Published on: 2026-05-30 01:42:47
Link: View Details
Information published.
CVE-2026-46195 smb: client: validate dacloffset before building DACL pointers
Published on: 2026-05-30 01:42:59
Link: View Details
Information published.
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback
Published on: 2026-05-30 01:43:04
Link: View Details
Information published.
CVE-2026-46109 usb: ulpi: fix memory leak on ulpi_register() error paths
Published on: 2026-05-30 01:43:09
Link: View Details
Information published.
CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
Published on: 2026-05-30 01:43:14
Link: View Details
Information published.
CVE-2026-46173 exit: prevent preemption of oopsing TASK_DEAD task
Published on: 2026-05-30 01:43:24
Link: View Details
Information published.
CVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directory
Published on: 2026-05-30 01:43:29
Link: View Details
Information published.
CVE-2026-46180 wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task
Published on: 2026-05-30 01:43:34
Link: View Details
Information published.
CVE-2026-46185 smb/client: fix out-of-bounds read in symlink_data()
Published on: 2026-05-30 01:43:43
Link: View Details
Information published.
CVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
Published on: 2026-05-30 01:43:48
Link: View Details
Information published.
CVE-2026-46212 batman-adv: bla: prevent use-after-free when deleting claims
Published on: 2026-05-30 01:43:53
Link: View Details
Information published.
CVE-2026-46234 vsock: fix buffer size clamping order
Published on: 2026-05-30 01:44:09
Link: View Details
Information published.
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams
Published on: 2026-05-30 01:44:25
Link: View Details
Information published.
CVE-2026-46196 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()
Published on: 2026-05-30 01:44:44
Link: View Details
Information published.
CVE-2026-46133 RDMA/rxe: Reject unknown opcodes before ICRC processing
Published on: 2026-05-30 01:45:25
Link: View Details
Information published.
CVE-2026-46129 btrfs: fix double free in create_space_info() error path
Published on: 2026-05-30 01:45:00
Link: View Details
Information published.
CVE-2026-46204 drm/amdgpu/vcn4: Prevent OOB reads when parsing IB
Published on: 2026-05-30 01:45:35
Link: View Details
Information published.
CVE-2026-46156 LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()
Published on: 2026-05-30 01:45:55
Link: View Details
Information published.
CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt
Published on: 2026-05-30 01:46:10
Link: View Details
Information published.
CVE-2026-46187 wifi: rsi: fix kthread lifetime race between self-exit and external-stop
Published on: 2026-05-30 01:39:56
Link: View Details
Information published.
CVE-2026-46167 usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl
Published on: 2026-05-30 01:40:06
Link: View Details
Information published.
CVE-2026-46113 KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
Published on: 2026-05-30 01:40:16
Link: View Details
Information published.
CVE-2026-46206 batman-adv: reject new tp_meter sessions during teardown
Published on: 2026-05-30 01:40:36
Link: View Details
Information published.
CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3)
Published on: 2026-05-30 01:40:46
Link: View Details
Information published.
CVE-2026-46119 libceph: Fix slab-out-of-bounds access in auth message processing
Published on: 2026-05-30 01:40:21
Link: View Details
Information published.
CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size
Published on: 2026-05-30 01:40:41
Link: View Details
Information published.
CVE-2026-46142 net: libwx: fix VF illegal register access
Published on: 2026-05-30 01:41:01
Link: View Details
Information published.
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
Published on: 2026-05-30 01:41:11
Link: View Details
Information published.
CVE-2026-46144 RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()
Published on: 2026-05-30 01:40:31
Link: View Details
Information published.
CVE-2026-46184 sound: ua101: fix division by zero at probe
Published on: 2026-05-30 01:41:21
Link: View Details
Information published.
CVE-2026-46174 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache
Published on: 2026-05-30 01:41:31
Link: View Details
Information published.
CVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacks
Published on: 2026-05-30 01:41:26
Link: View Details
Information published.
CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs
Published on: 2026-05-30 01:01:18
Link: View Details
Information published.
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-05-29 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-24293 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-05-29 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-05-29 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published on: 2026-05-29 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary check
Published on: 2026-05-29 01:42:20
Link: View Details
Information published.
CVE-2026-45930 net: mctp: ensure our nlmsg responses are initialised
Published on: 2026-05-29 01:42:31
Link: View Details
Information published.
CVE-2026-46021 thermal: core: Fix thermal zone governor cleanup issues
Published on: 2026-05-29 01:42:39
Link: View Details
Information published.
CVE-2026-46084 RDMA/mana_ib: Disable RX steering on RSS QP destroy
Published on: 2026-05-29 01:42:47
Link: View Details
Information published.
CVE-2026-46004 ALSA: caiaq: Handle probe errors properly
Published on: 2026-05-29 01:43:02
Link: View Details
Information published.
CVE-2026-46080 ocfs2: split transactions in dio completion to avoid credit exhaustion
Published on: 2026-05-29 01:43:13
Link: View Details
Information published.
CVE-2026-45894 iommu/vt-d: Clear Present bit before tearing down PASID entry
Published on: 2026-05-29 01:43:18
Link: View Details
Information published.
CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies
Published on: 2026-05-29 01:43:32
Link: View Details
Information published.
CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks
Published on: 2026-05-29 01:43:40
Link: View Details
Information published.
CVE-2026-45991 udf: fix partition descriptor append bookkeeping
Published on: 2026-05-29 01:43:48
Link: View Details
Information published.
CVE-2026-46053 net: rds: fix MR cleanup on copy error
Published on: 2026-05-29 01:44:03
Link: View Details
Information published.
CVE-2026-45835 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()
Published on: 2026-05-29 01:52:47
Link: View Details
Information published.
CVE-2026-45834 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()
Published on: 2026-05-29 01:52:52
Link: View Details
Information published.
CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given
Published on: 2026-05-29 01:44:16
Link: View Details
Information published.
CVE-2026-45839 bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()
Published on: 2026-05-29 01:44:29
Link: View Details
Information published.
CVE-2026-45940 net: stmmac: fix oops when split header is enabled
Published on: 2026-05-29 01:44:35
Link: View Details
Information published.
CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory
Published on: 2026-05-29 01:44:46
Link: View Details
Information published.
CVE-2026-46017 mm: fix deferred split queue races during migration
Published on: 2026-05-29 01:53:01
Link: View Details
Information published.
CVE-2026-45986 crypto: ccree - fix a memory leak in cc_mac_digest()
Published on: 2026-05-29 01:53:18
Link: View Details
Information published.
CVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()
Published on: 2026-05-29 01:53:23
Link: View Details
Information published.
CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks
Published on: 2026-05-29 01:53:28
Link: View Details
Information published.
CVE-2026-46052 ceph: only d_add() negative dentries when they are unhashed
Published on: 2026-05-29 01:53:33
Link: View Details
Information published.
CVE-2026-46009 PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown
Published on: 2026-05-29 01:53:13
Link: View Details
Information published.
CVE-2026-46043 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
Published on: 2026-05-29 01:53:42
Link: View Details
Information published.
CVE-2026-46069 wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()
Published on: 2026-05-29 01:53:49
Link: View Details
Information published.
CVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation
Published on: 2026-05-29 01:54:03
Link: View Details
Information published.
CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT
Published on: 2026-05-29 01:54:10
Link: View Details
Information published.
CVE-2026-46086 net: bridge: use a stable FDB dst snapshot in RCU readers
Published on: 2026-05-29 01:54:37
Link: View Details
Information published.
CVE-2026-45861 gfs2: Fix slab-use-after-free in qd_put
Published on: 2026-05-29 01:40:10
Link: View Details
Information published.
CVE-2026-46056 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
Published on: 2026-05-29 01:40:29
Link: View Details
Information published.
CVE-2026-45998 rxrpc: Fix potential UAF after skb_unshare() failure
Published on: 2026-05-29 01:40:52
Link: View Details
Information published.
CVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()
Published on: 2026-05-29 01:41:06
Link: View Details
Information published.
CVE-2026-46006 drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
Published on: 2026-05-29 01:41:34
Link: View Details
Information published.
CVE-2026-46219 spi: mpc52xx: fix use-after-free on unbind
Published on: 2026-05-29 01:01:29
Link: View Details
Information published.
CVE-2026-46214 vsock/virtio: fix accept queue count leak on transport mismatch
Published on: 2026-05-29 01:01:46
Link: View Details
Information published.
CVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-race
Published on: 2026-05-29 01:02:01
Link: View Details
Information published.
CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length
Published on: 2026-05-29 01:02:17
Link: View Details
Information published.
CVE-2026-46172 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()
Published on: 2026-05-29 01:02:25
Link: View Details
Information published.
CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt
Published on: 2026-05-29 01:02:39
Link: View Details
Information published.
CVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX path
Published on: 2026-05-29 01:02:55
Link: View Details
Information published.
CVE-2026-46131 KVM: x86: check for nEPT/nNPT in slow flush hypercalls
Published on: 2026-05-29 01:03:10
Link: View Details
Information published.
CVE-2026-46110 net: stmmac: Prevent NULL deref when RX memory exhausted
Published on: 2026-05-29 01:03:24
Link: View Details
Information published.
CVE-2026-46128 ipmi: Check event message buffer response for bad data
Published on: 2026-05-29 01:03:53
Link: View Details
Information published.
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Published on: 2026-05-29 01:04:11
Link: View Details
Information published.
CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails
Published on: 2026-05-29 01:04:23
Link: View Details
Information published.
CVE-2026-46159 btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak
Published on: 2026-05-29 01:04:26
Link: View Details
Information published.
CVE-2026-46226 spi: fsl: fix controller deregistration
Published on: 2026-05-29 01:04:34
Link: View Details
Information published.
CVE-2026-46165 openvswitch: vport: fix self-deadlock on release of tunnel ports
Published on: 2026-05-29 01:04:42
Link: View Details
Information published.
CVE-2026-46158 mptcp: pm: ADD_ADDR rtx: always decrease sk refcount
Published on: 2026-05-29 01:04:50
Link: View Details
Information published.
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
Published on: 2026-05-29 01:04:52
Link: View Details
Information published.
CVE-2026-46197 drm/amdkfd: validate SVM ioctl nattr against buffer size
Published on: 2026-05-29 01:04:57
Link: View Details
Information published.
CVE-2026-46220 drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
Published on: 2026-05-29 01:04:59
Link: View Details
Information published.
CVE-2026-46107 dm-thin: fix metadata refcount underflow
Published on: 2026-05-29 01:05:13
Link: View Details
Information published.
CVE-2026-46176 RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()
Published on: 2026-05-29 01:05:19
Link: View Details
Information published.
CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
Published on: 2026-05-29 01:05:21
Link: View Details
Information published.
CVE-2026-46208 batman-adv: stop tp_meter sessions during mesh teardown
Published on: 2026-05-29 01:05:27
Link: View Details
Information published.
CVE-2026-46116 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
Published on: 2026-05-29 01:05:37
Link: View Details
Information published.
CVE-2026-46225 spi: rspi: fix controller deregistration
Published on: 2026-05-29 01:05:37
Link: View Details
Information published.
CVE-2026-46236 media: rc: xbox_remote: heed DMA restrictions
Published on: 2026-05-29 01:05:44
Link: View Details
Information published.
CVE-2026-46164 btrfs: fix double free in create_space_info_sub_group() error path
Published on: 2026-05-29 01:05:44
Link: View Details
Information published.
CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups
Published on: 2026-05-29 01:05:51
Link: View Details
Information published.
CVE-2026-46127 RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()
Published on: 2026-05-29 01:05:51
Link: View Details
Information published.
CVE-2026-46177 ipmi: Add limits to event and receive message requests
Published on: 2026-05-29 01:06:06
Link: View Details
Information published.
CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()
Published on: 2026-05-29 01:06:07
Link: View Details
Information published.
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
Published on: 2026-05-29 01:06:14
Link: View Details
Information published.
CVE-2026-46136 wifi: mt76: mt7921: fix a potential clc buffer length underflow
Published on: 2026-05-29 01:06:14
Link: View Details
Information published.
CVE-2026-46132 net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo
Published on: 2026-05-29 01:05:59
Link: View Details
Information published.
CVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if last
Published on: 2026-05-29 01:06:28
Link: View Details
Information published.
CVE-2026-46190 mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
Published on: 2026-05-29 01:06:29
Link: View Details
Information published.
CVE-2026-46230 drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg
Published on: 2026-05-29 01:06:35
Link: View Details
Information published.
CVE-2026-46175 f2fs: fix fsck inconsistency caused by FGGC of node block
Published on: 2026-05-29 01:06:21
Link: View Details
Information published.
CVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_put
Published on: 2026-05-29 01:06:43
Link: View Details
Information published.
CVE-2026-46238 batman-adv: stop caching unowned originator pointers in BAT IV
Published on: 2026-05-29 01:06:59
Link: View Details
Information published.
CVE-2026-46120 ip6_gre: Use cached t->net in ip6erspan_changelink().
Published on: 2026-05-29 01:07:07
Link: View Details
Information published.
CVE-2026-46108 ipmi:si: Return state to normal if message allocation fails
Published on: 2026-05-29 01:06:50
Link: View Details
Information published.
CVE-2026-46152 wifi: mac80211: drop stray 'static' from fast-RX rx_result
Published on: 2026-05-29 01:07:04
Link: View Details
Information published.
CVE-2026-46112 RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
Published on: 2026-05-29 01:07:30
Link: View Details
Information published.
CVE-2026-46114 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads
Published on: 2026-05-29 01:07:24
Link: View Details
Information published.
CVE-2026-46122 wifi: b43: enforce bounds check on firmware key index in b43_rx()
Published on: 2026-05-29 01:07:28
Link: View Details
Information published.
CVE-2026-46146 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()
Published on: 2026-05-29 01:07:15
Link: View Details
Information published.
CVE-2026-46125 wifi: mac80211: remove station if connection prep fails
Published on: 2026-05-29 01:07:18
Link: View Details
Information published.
CVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
Published on: 2026-05-29 01:07:33
Link: View Details
Information published.
CVE-2026-46153 8021q: delete cleared egress QoS mappings
Published on: 2026-05-29 01:07:40
Link: View Details
Information published.
CVE-2026-46150 fanotify: fix false positive on permission events
Published on: 2026-05-29 01:07:48
Link: View Details
Information published.
CVE-2026-46241 spi: mpc52xx: fix use-after-free on registration failure
Published on: 2026-05-29 01:07:42
Link: View Details
Information published.
CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()
Published on: 2026-05-29 01:07:53
Link: View Details
Information published.
CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown
Published on: 2026-05-29 01:08:22
Link: View Details
Information published.
CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory
Published on: 2026-05-29 01:08:01
Link: View Details
Information published.
CVE-2026-46189 RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
Published on: 2026-05-29 01:08:05
Link: View Details
Information published.
CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Published on: 2026-05-29 01:08:13
Link: View Details
Information published.
CVE-2026-46199 drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg
Published on: 2026-05-29 01:08:50
Link: View Details
Information published.
CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response
Published on: 2026-05-29 01:08:56
Link: View Details
Information published.
CVE-2026-42497 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory
Published on: 2026-05-29 01:08:07
Link: View Details
Information published.
CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget
Published on: 2026-05-29 01:09:07
Link: View Details
Information published.
CVE-2026-46106 eventfs: Hold eventfs_mutex and SRCU when remount walks events
Published on: 2026-05-29 01:09:19
Link: View Details
Information published.
CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
Published on: 2026-05-29 01:09:41
Link: View Details
Information published.
CVE-2026-46178 RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()
Published on: 2026-05-29 01:09:46
Link: View Details
Information published.
CVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()
Published on: 2026-05-29 01:43:26
Link: View Details
Information published.
CVE-2026-46091 media: rc: igorplugusb: heed coherency rules
Published on: 2026-05-29 01:44:40
Link: View Details
Information published.
CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()
Published on: 2026-05-29 01:44:52
Link: View Details
Information published.
CVE-2026-46089 zram: do not forget to endio for partial discard requests
Published on: 2026-05-29 01:45:00
Link: View Details
Information published.
CVE-2026-46033 crypto: authencesn - reject short ahash digests during instance creation
Published on: 2026-05-29 01:53:06
Link: View Details
Information published.
CVE-2026-46044 ipmi:ssif: Clean up kthread on errors
Published on: 2026-05-29 01:54:25
Link: View Details
Information published.
CVE-2026-46072 ntfs3: add buffer boundary checks to run_unpack()
Published on: 2026-05-29 01:54:20
Link: View Details
Information published.
CVE-2026-46099 net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
Published on: 2026-05-29 01:40:16
Link: View Details
Information published.
CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation
Published on: 2026-05-29 01:40:44
Link: View Details
Information published.
CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop
Published on: 2026-05-29 01:41:00
Link: View Details
Information published.
CVE-2026-45993 LoongArch: Add spectre boundry for syscall dispatch table
Published on: 2026-05-29 01:41:19
Link: View Details
Information published.
CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
Published on: 2026-05-29 01:41:43
Link: View Details
Information published.
CVE-2026-46094 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access
Published on: 2026-05-29 01:41:48
Link: View Details
Information published.
CVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insert
Published on: 2026-05-29 01:01:38
Link: View Details
Information published.
CVE-2026-46200 spi: mpc52xx: fix controller deregistration
Published on: 2026-05-29 01:01:53
Link: View Details
Information published.
CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
Published on: 2026-05-29 01:02:09
Link: View Details
Information published.
CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually
Published on: 2026-05-29 01:02:32
Link: View Details
Information published.
CVE-2026-46198 batman-adv: fix integer overflow on buff_pos
Published on: 2026-05-29 01:02:47
Link: View Details
Information published.
CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync
Published on: 2026-05-29 01:03:02
Link: View Details
Information published.
CVE-2026-46195 smb: client: validate dacloffset before building DACL pointers
Published on: 2026-05-29 01:03:17
Link: View Details
Information published.
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback
Published on: 2026-05-29 01:03:31
Link: View Details
Information published.
CVE-2026-46109 usb: ulpi: fix memory leak on ulpi_register() error paths
Published on: 2026-05-29 01:03:39
Link: View Details
Information published.
CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
Published on: 2026-05-29 01:03:46
Link: View Details
Information published.
CVE-2026-46173 exit: prevent preemption of oopsing TASK_DEAD task
Published on: 2026-05-29 01:04:00
Link: View Details
Information published.
CVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directory
Published on: 2026-05-29 01:04:08
Link: View Details
Information published.
CVE-2026-46180 wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task
Published on: 2026-05-29 01:04:16
Link: View Details
Information published.
CVE-2026-46115 block: add pgmap check to biovec_phys_mergeable
Published on: 2026-05-29 01:04:19
Link: View Details
Information published.
CVE-2026-46185 smb/client: fix out-of-bounds read in symlink_data()
Published on: 2026-05-29 01:04:30
Link: View Details
Information published.
CVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
Published on: 2026-05-29 01:04:38
Link: View Details
Information published.
CVE-2026-46212 batman-adv: bla: prevent use-after-free when deleting claims
Published on: 2026-05-29 01:04:45
Link: View Details
Information published.
CVE-2026-46205 staging: media: atomisp: Disallow all private IOCTLs
Published on: 2026-05-29 01:05:04
Link: View Details
Information published.
CVE-2026-46234 vsock: fix buffer size clamping order
Published on: 2026-05-29 01:05:06
Link: View Details
Information published.
CVE-2026-46171 riscv: kvm: fix vector context allocation leak
Published on: 2026-05-29 01:05:11
Link: View Details
Information published.
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams
Published on: 2026-05-29 01:05:27
Link: View Details
Information published.
CVE-2026-46196 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()
Published on: 2026-05-29 01:05:58
Link: View Details
Information published.
CVE-2026-46143 ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens
Published on: 2026-05-29 01:06:43
Link: View Details
Information published.
CVE-2026-46145 RDMA/mana: Validate rx_hash_key_len
Published on: 2026-05-29 01:06:36
Link: View Details
Information published.
CVE-2026-46133 RDMA/rxe: Reject unknown opcodes before ICRC processing
Published on: 2026-05-29 01:06:57
Link: View Details
Information published.
CVE-2026-46129 btrfs: fix double free in create_space_info() error path
Published on: 2026-05-29 01:06:21
Link: View Details
Information published.
CVE-2026-46218 drm/amdgpu: Add bounds checking to ib_{get,set}_value
Published on: 2026-05-29 01:06:51
Link: View Details
Information published.
CVE-2026-46204 drm/amdgpu/vcn4: Prevent OOB reads when parsing IB
Published on: 2026-05-29 01:07:12
Link: View Details
Information published.
CVE-2026-46233 batman-adv: bla: only purge non-released claims
Published on: 2026-05-29 01:07:22
Link: View Details
Information published.
CVE-2026-46156 LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()
Published on: 2026-05-29 01:07:36
Link: View Details
Information published.
CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt
Published on: 2026-05-29 01:07:55
Link: View Details
Information published.
CVE-2026-46187 wifi: rsi: fix kthread lifetime race between self-exit and external-stop
Published on: 2026-05-29 01:07:46
Link: View Details
Information published.
CVE-2026-46167 usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl
Published on: 2026-05-29 01:07:59
Link: View Details
Information published.
CVE-2026-46113 KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
Published on: 2026-05-29 01:08:10
Link: View Details
Information published.
CVE-2026-46206 batman-adv: reject new tp_meter sessions during teardown
Published on: 2026-05-29 01:08:33
Link: View Details
Information published.
CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3)
Published on: 2026-05-29 01:08:44
Link: View Details
Information published.
CVE-2026-46119 libceph: Fix slab-out-of-bounds access in auth message processing
Published on: 2026-05-29 01:08:16
Link: View Details
Information published.
CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size
Published on: 2026-05-29 01:08:39
Link: View Details
Information published.
CVE-2026-46142 net: libwx: fix VF illegal register access
Published on: 2026-05-29 01:09:01
Link: View Details
Information published.
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
Published on: 2026-05-29 01:09:12
Link: View Details
Information published.
CVE-2026-46144 RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()
Published on: 2026-05-29 01:08:27
Link: View Details
Information published.
CVE-2026-46184 sound: ua101: fix division by zero at probe
Published on: 2026-05-29 01:09:24
Link: View Details
Information published.
CVE-2026-46174 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache
Published on: 2026-05-29 01:09:35
Link: View Details
Information published.
CVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacks
Published on: 2026-05-29 01:09:30
Link: View Details
Information published.
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Published on: 2026-05-28 01:43:35
Link: View Details
Information published.
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Published on: 2026-05-28 01:47:14
Link: View Details
Information published.
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Published on: 2026-05-28 01:44:45
Link: View Details
Information published.
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Published on: 2026-05-28 01:47:36
Link: View Details
Information published.
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Published on: 2026-05-28 01:45:34
Link: View Details
Information published.
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Published on: 2026-05-28 01:46:11
Link: View Details
Information published.
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Published on: 2026-05-28 01:46:42
Link: View Details
Information published.
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Published on: 2026-05-28 01:47:27
Link: View Details
Information published.
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Published on: 2026-05-28 01:47:41
Link: View Details
Information published.
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
Published on: 2026-05-28 01:47:46
Link: View Details
Information published.
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Published on: 2026-05-28 01:48:11
Link: View Details
Information published.
CVE-2026-46050 md/raid10: fix deadlock with check operation and nowait requests
Published on: 2026-05-28 01:01:27
Link: View Details
Information published.
CVE-2026-46011 media: mtk-jpeg: fix use-after-free in release path due to uncancelled work
Published on: 2026-05-28 01:01:40
Link: View Details
Information published.
CVE-2026-45877 HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients
Published on: 2026-05-28 01:01:58
Link: View Details
Information published.
CVE-2026-45917 ipvs: do not keep dest_dst if dev is going down
Published on: 2026-05-28 01:02:04
Link: View Details
Information published.
CVE-2026-45841 netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO
Published on: 2026-05-28 01:02:11
Link: View Details
Information published.
CVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary check
Published on: 2026-05-28 01:02:23
Link: View Details
Information published.
CVE-2026-46005 xfs: fix a resource leak in xfs_alloc_buftarg()
Published on: 2026-05-28 01:02:35
Link: View Details
Information published.
CVE-2026-45930 net: mctp: ensure our nlmsg responses are initialised
Published on: 2026-05-28 01:02:41
Link: View Details
Information published.
CVE-2026-46021 thermal: core: Fix thermal zone governor cleanup issues
Published on: 2026-05-28 01:02:53
Link: View Details
Information published.
CVE-2026-46037 ipv4: icmp: validate reply type before using icmp_pointers
Published on: 2026-05-28 01:03:06
Link: View Details
Information published.
CVE-2026-46084 RDMA/mana_ib: Disable RX steering on RSS QP destroy
Published on: 2026-05-28 01:03:12
Link: View Details
Information published.
CVE-2026-46012 rxrpc: Fix memory leaks in rxkad_verify_response()
Published on: 2026-05-28 01:03:18
Link: View Details
Information published.
CVE-2026-46085 rxrpc: Fix rxkad crypto unalignment handling
Published on: 2026-05-28 01:03:24
Link: View Details
Information published.
CVE-2026-46059 KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN
Published on: 2026-05-28 01:03:36
Link: View Details
Information published.
CVE-2026-46004 ALSA: caiaq: Handle probe errors properly
Published on: 2026-05-28 01:03:42
Link: View Details
Information published.
CVE-2026-45901 netfilter: nf_tables: revert commit_mutex usage in reset path
Published on: 2026-05-28 01:03:53
Link: View Details
Information published.
CVE-2026-46080 ocfs2: split transactions in dio completion to avoid credit exhaustion
Published on: 2026-05-28 01:04:04
Link: View Details
Information published.
CVE-2026-45894 iommu/vt-d: Clear Present bit before tearing down PASID entry
Published on: 2026-05-28 01:04:10
Link: View Details
Information published.
CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies
Published on: 2026-05-28 01:04:29
Link: View Details
Information published.
CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks
Published on: 2026-05-28 01:04:40
Link: View Details
Information published.
CVE-2026-45991 udf: fix partition descriptor append bookkeeping
Published on: 2026-05-28 01:04:53
Link: View Details
Information published.
CVE-2026-46027 net/smc: avoid early lgr access in smc_clc_wait_msg
Published on: 2026-05-28 01:04:59
Link: View Details
Information published.
CVE-2026-46088 ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()
Published on: 2026-05-28 01:05:05
Link: View Details
Information published.
CVE-2026-46051 md/raid5: fix soft lockup in retry_aligned_read()
Published on: 2026-05-28 01:05:17
Link: View Details
Information published.
CVE-2026-46053 net: rds: fix MR cleanup on copy error
Published on: 2026-05-28 01:05:23
Link: View Details
Information published.
CVE-2026-46018 ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES
Published on: 2026-05-28 01:05:30
Link: View Details
Information published.
CVE-2026-45835 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()
Published on: 2026-05-28 01:05:43
Link: View Details
Information published.
CVE-2026-45834 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()
Published on: 2026-05-28 01:05:49
Link: View Details
Information published.
CVE-2026-45944 iommu/vt-d: Clear Present bit before tearing down context entry
Published on: 2026-05-28 01:05:48
Link: View Details
Information published.
CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given
Published on: 2026-05-28 01:05:54
Link: View Details
Information published.
CVE-2026-45836 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()
Published on: 2026-05-28 01:05:55
Link: View Details
Information published.
CVE-2026-45961 gfs2: fix memory leaks in gfs2_fill_super error path
Published on: 2026-05-28 01:06:00
Link: View Details
Information published.
CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments
Published on: 2026-05-28 01:06:03
Link: View Details
Information published.
CVE-2026-45839 bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()
Published on: 2026-05-28 01:06:07
Link: View Details
Information published.
CVE-2026-45940 net: stmmac: fix oops when split header is enabled
Published on: 2026-05-28 01:06:13
Link: View Details
Information published.
CVE-2026-44708 Mistune Math Plugin XSS Escape Bypass
Published on: 2026-05-28 01:06:16
Link: View Details
Information published.
CVE-2026-44897 Mistune Heading ID Attribute Injection XSS
Published on: 2026-05-28 01:06:27
Link: View Details
Information published.
CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory
Published on: 2026-05-28 01:06:31
Link: View Details
Information published.
CVE-2026-45943 erofs: fix inline data read failure for ztailpacking pclusters
Published on: 2026-05-28 01:06:46
Link: View Details
Information published.
CVE-2026-46017 mm: fix deferred split queue races during migration
Published on: 2026-05-28 01:06:52
Link: View Details
Information published.
CVE-2026-45897 netfilter: nft_counter: serialize reset with spinlock
Published on: 2026-05-28 01:06:49
Link: View Details
Information published.
CVE-2026-45997 scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails
Published on: 2026-05-28 01:07:02
Link: View Details
Information published.
CVE-2026-45986 crypto: ccree - fix a memory leak in cc_mac_digest()
Published on: 2026-05-28 01:07:18
Link: View Details
Information published.
CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()
Published on: 2026-05-28 01:07:24
Link: View Details
Information published.
CVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()
Published on: 2026-05-28 01:07:25
Link: View Details
Information published.
CVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directories
Published on: 2026-05-28 01:07:30
Link: View Details
Information published.
CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks
Published on: 2026-05-28 01:07:31
Link: View Details
Information published.
CVE-2026-46052 ceph: only d_add() negative dentries when they are unhashed
Published on: 2026-05-28 01:07:37
Link: View Details
Information published.
CVE-2026-46009 PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown
Published on: 2026-05-28 01:07:12
Link: View Details
Information published.
CVE-2026-46070 md/raid5: validate payload size before accessing journal metadata
Published on: 2026-05-28 01:07:42
Link: View Details
Information published.
CVE-2026-46043 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
Published on: 2026-05-28 01:07:54
Link: View Details
Information published.
CVE-2026-45994 ibmasm: fix OOB reads in command_file_write due to missing size checks
Published on: 2026-05-28 01:08:00
Link: View Details
Information published.
CVE-2026-46069 wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()
Published on: 2026-05-28 01:08:06
Link: View Details
Information published.
CVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation
Published on: 2026-05-28 01:08:39
Link: View Details
Information published.
CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT
Published on: 2026-05-28 01:09:02
Link: View Details
Information published.
CVE-2026-46101 netfilter: reject zero shift in nft_bitwise
Published on: 2026-05-28 01:09:29
Link: View Details
Information published.
CVE-2026-46014 KVM: SVM: Add missing save/restore handling of LBR MSRs
Published on: 2026-05-28 01:09:40
Link: View Details
Information published.
CVE-2026-45845 net/sched: taprio: fix NULL pointer dereference in class dump
Published on: 2026-05-28 01:09:34
Link: View Details
Information published.
CVE-2026-46086 net: bridge: use a stable FDB dst snapshot in RCU readers
Published on: 2026-05-28 01:09:46
Link: View Details
Information published.
CVE-2026-46065 fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info
Published on: 2026-05-28 01:09:51
Link: View Details
Information published.
CVE-2026-46098 net: caif: clear client service pointer on teardown
Published on: 2026-05-28 01:09:57
Link: View Details
Information published.
CVE-2026-45861 gfs2: Fix slab-use-after-free in qd_put
Published on: 2026-05-28 01:10:08
Link: View Details
Information published.
CVE-2026-46077 crypto: atmel-tdes - fix DMA sync direction
Published on: 2026-05-28 01:10:19
Link: View Details
Information published.
CVE-2026-46063 x86/shstk: Prevent deadlock during shstk sigreturn
Published on: 2026-05-28 01:10:24
Link: View Details
Information published.
CVE-2026-46056 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
Published on: 2026-05-28 01:10:41
Link: View Details
Information published.
CVE-2026-45956 drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()
Published on: 2026-05-28 01:10:35
Link: View Details
Information published.
CVE-2026-46068 crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
Published on: 2026-05-28 01:10:53
Link: View Details
Information published.
CVE-2026-45843 slip: bound decode() reads against the compressed packet length
Published on: 2026-05-28 01:11:04
Link: View Details
Information published.
CVE-2026-46024 libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()
Published on: 2026-05-28 01:11:21
Link: View Details
Information published.
CVE-2026-45963 ASoC: nau8821: Cancel delayed work on component remove
Published on: 2026-05-28 01:11:32
Link: View Details
Information published.
CVE-2026-45998 rxrpc: Fix potential UAF after skb_unshare() failure
Published on: 2026-05-28 01:11:26
Link: View Details
Information published.
CVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()
Published on: 2026-05-28 01:11:43
Link: View Details
Information published.
CVE-2026-45844 netfilter: arp_tables: fix IEEE1394 ARP payload parsing
Published on: 2026-05-28 01:11:49
Link: View Details
Information published.
CVE-2026-45892 ext4: drop extent cache after doing PARTIAL_VALID1 zeroout
Published on: 2026-05-28 01:11:54
Link: View Details
Information published.
CVE-2026-46022 misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()
Published on: 2026-05-28 01:12:05
Link: View Details
Information published.
CVE-2026-46102 net: strparser: fix skb_head leak in strp_abort_strp()
Published on: 2026-05-28 01:12:18
Link: View Details
Information published.
CVE-2026-46016 remoteproc: xlnx: Only access buffer information if IPI is buffered
Published on: 2026-05-28 01:12:23
Link: View Details
Information published.
CVE-2026-46000 rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
Published on: 2026-05-28 01:12:29
Link: View Details
Information published.
CVE-2025-71305 drm/display/dp_mst: Add protection against 0 vcpi
Published on: 2026-05-28 01:12:34
Link: View Details
Information published.
CVE-2026-46006 drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
Published on: 2026-05-28 01:12:45
Link: View Details
Information published.
CVE-2026-46003 net: qrtr: ns: Limit the total number of nodes
Published on: 2026-05-28 01:12:51
Link: View Details
Information published.
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Published on: 2026-05-28 01:42:33
Link: View Details
Information published.
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Published on: 2026-05-28 01:48:03
Link: View Details
Information published.
CVE-2026-46048 ALSA: caiaq: fix usb_dev refcount leak on probe failure
Published on: 2026-05-28 01:01:21
Link: View Details
Information published.
CVE-2026-46002 ext2: reject inodes with zero i_nlink and valid mode in ext2_iget()
Published on: 2026-05-28 01:01:33
Link: View Details
Information published.
CVE-2026-46078 erofs: fix the out-of-bounds nameoff handling for trailing dirents
Published on: 2026-05-28 01:01:46
Link: View Details
Information published.
CVE-2026-46064 ibmasm: fix heap over-read in ibmasm_send_i2o_message()
Published on: 2026-05-28 01:01:51
Link: View Details
Information published.
CVE-2026-46075 crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path
Published on: 2026-05-28 01:02:17
Link: View Details
Information published.
CVE-2026-45973 RDMA/mlx5: Fix UMR hang in LAG error state unload
Published on: 2026-05-28 01:02:29
Link: View Details
Information published.
CVE-2026-45838 bpf: fix end-of-list detection in cgroup_storage_get_next_key()
Published on: 2026-05-28 01:02:48
Link: View Details
Information published.
CVE-2026-45899 ext4: drop extent cache when splitting extent fails
Published on: 2026-05-28 01:02:59
Link: View Details
Information published.
CVE-2026-46071 KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12
Published on: 2026-05-28 01:03:30
Link: View Details
Information published.
CVE-2026-46049 ALSA: ctxfi: Add fallback to default RSR for S/PDIF
Published on: 2026-05-28 01:03:58
Link: View Details
Information published.
CVE-2026-46066 ceph: fix num_ops off-by-one when crypto allocation fails
Published on: 2026-05-28 01:04:16
Link: View Details
Information published.
CVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()
Published on: 2026-05-28 01:04:23
Link: View Details
Information published.
CVE-2026-45855 ata: libata-scsi: avoid Non-NCQ command starvation
Published on: 2026-05-28 01:04:34
Link: View Details
Information published.
CVE-2026-46058 media: amphion: Fix race between m2m job_abort and device_run
Published on: 2026-05-28 01:04:46
Link: View Details
Information published.
CVE-2026-46031 net: ks8851: Reinstate disabling of BHs around IRQ handler
Published on: 2026-05-28 01:05:11
Link: View Details
Information published.
CVE-2026-45912 ext4: don't cache extent during splitting extent
Published on: 2026-05-28 01:05:36
Link: View Details
Information published.
CVE-2026-45999 erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()
Published on: 2026-05-28 01:05:42
Link: View Details
Information published.
CVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directive
Published on: 2026-05-28 01:06:08
Link: View Details
Information published.
CVE-2026-46091 media: rc: igorplugusb: heed coherency rules
Published on: 2026-05-28 01:06:20
Link: View Details
Information published.
CVE-2026-45958 drm/exynos: vidi: fix to avoid directly dereferencing user pointer
Published on: 2026-05-28 01:06:37
Link: View Details
Information published.
CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()
Published on: 2026-05-28 01:06:43
Link: View Details
Information published.
CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability
Published on: 2026-05-28 01:06:40
Link: View Details
Information published.
CVE-2026-44898 Mistune TOC Anchor Injection XSS
Published on: 2026-05-28 01:06:34
Link: View Details
Information published.
CVE-2026-46089 zram: do not forget to endio for partial discard requests
Published on: 2026-05-28 01:06:56
Link: View Details
Information published.
CVE-2026-46033 crypto: authencesn - reject short ahash digests during instance creation
Published on: 2026-05-28 01:06:59
Link: View Details
Information published.
CVE-2026-46046 ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()
Published on: 2026-05-28 01:07:05
Link: View Details
Information published.
CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()
Published on: 2026-05-28 01:07:14
Link: View Details
Information published.
CVE-2026-45570 go-git: Improper single-quote escaping in go-git SSH transport
Published on: 2026-05-28 01:07:36
Link: View Details
Information published.
CVE-2026-46038 net: qrtr: ns: Free the node during ctrl_cmd_bye()
Published on: 2026-05-28 01:07:48
Link: View Details
Information published.
CVE-2026-46040 inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails
Published on: 2026-05-28 01:08:17
Link: View Details
Information published.
CVE-2026-45988 rxrpc: Fix re-decryption of RESPONSE packets
Published on: 2026-05-28 01:08:34
Link: View Details
Information published.
CVE-2026-45996 spi: imx: fix use-after-free on unbind
Published on: 2026-05-28 01:08:11
Link: View Details
Information published.
CVE-2026-45942 ext4: fix e4b bitmap inconsistency reports
Published on: 2026-05-28 01:08:22
Link: View Details
Information published.
CVE-2026-46019 crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup
Published on: 2026-05-28 01:08:51
Link: View Details
Information published.
CVE-2026-46103 can: ucan: fix devres lifetime
Published on: 2026-05-28 01:08:28
Link: View Details
Information published.
CVE-2026-46092 wifi: rtw88: check for PCI upstream bridge existence
Published on: 2026-05-28 01:08:56
Link: View Details
Information published.
CVE-2026-45842 slip: reject VJ receive packets on instances with no rstate array
Published on: 2026-05-28 01:09:07
Link: View Details
Information published.
CVE-2026-45949 hwrng: core - use RCU and work_struct to fix race condition
Published on: 2026-05-28 01:09:12
Link: View Details
Information published.
CVE-2026-46044 ipmi:ssif: Clean up kthread on errors
Published on: 2026-05-28 01:09:24
Link: View Details
Information published.
CVE-2026-46072 ntfs3: add buffer boundary checks to run_unpack()
Published on: 2026-05-28 01:09:18
Link: View Details
Information published.
CVE-2026-46079 rbd: fix null-ptr-deref when device_add_disk() fails
Published on: 2026-05-28 01:10:02
Link: View Details
Information published.
CVE-2026-46099 net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
Published on: 2026-05-28 01:10:13
Link: View Details
Information published.
CVE-2026-46083 spi: fix resource leaks on device setup failure
Published on: 2026-05-28 01:10:30
Link: View Details
Information published.
CVE-2026-45987 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2
Published on: 2026-05-28 01:10:46
Link: View Details
Information published.
CVE-2026-46015 tcp: call sk_data_ready() after listener migration
Published on: 2026-05-28 01:10:59
Link: View Details
Information published.
CVE-2026-45858 ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1
Published on: 2026-05-28 01:11:10
Link: View Details
Information published.
CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation
Published on: 2026-05-28 01:11:16
Link: View Details
Information published.
CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop
Published on: 2026-05-28 01:11:37
Link: View Details
Information published.
CVE-2026-46082 KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0
Published on: 2026-05-28 01:12:00
Link: View Details
Information published.
CVE-2026-45993 LoongArch: Add spectre boundry for syscall dispatch table
Published on: 2026-05-28 01:12:12
Link: View Details
Information published.
CVE-2026-46026 net: qrtr: ns: Limit the maximum number of lookups
Published on: 2026-05-28 01:12:40
Link: View Details
Information published.
CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
Published on: 2026-05-28 01:12:56
Link: View Details
Information published.
CVE-2026-46094 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access
Published on: 2026-05-28 01:13:02
Link: View Details
Information published.
CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
Published on: 2026-05-27 01:40:43
Link: View Details
Information published.
CVE-2026-40225 In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
Published on: 2026-05-27 01:42:56
Link: View Details
Information published.
CVE-2026-4893 CVE-2026-4893
Published on: 2026-05-27 01:39:54
Link: View Details
Information published.
CVE-2026-2291 CVE-2026-2291
Published on: 2026-05-27 01:40:02
Link: View Details
Information published.
CVE-2026-5172 CVE-2026-5172
Published on: 2026-05-27 01:40:10
Link: View Details
Information published.
CVE-2026-4890 CVE-2026-4890
Published on: 2026-05-27 01:40:17
Link: View Details
Information published.
CVE-2026-43503 net: skbuff: propagate shared-frag marker through frag-transfer helpers
Published on: 2026-05-27 01:01:26
Link: View Details
Information published.
CVE-2026-46300 net: skbuff: preserve shared-frag marker during coalescing
Published on: 2026-05-27 01:01:32
Link: View Details
Information published.
CVE-2026-41401 libyang - Heap Use-After-Free Write in XML Metadata Parsing
Published on: 2026-05-27 01:01:38
Link: View Details
Information published.
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Published on: 2026-05-27 01:05:02
Link: View Details
Information published.
CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows
Published on: 2026-05-27 01:08:22
Link: View Details
Information published.
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Published on: 2026-05-27 01:09:30
Link: View Details
Information published.
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Published on: 2026-05-27 01:10:38
Link: View Details
Information published.
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Published on: 2026-05-27 01:11:48
Link: View Details
Information published.
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:12:24
Link: View Details
Information published.
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:12:59
Link: View Details
Information published.
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:13:34
Link: View Details
Information published.
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:14:09
Link: View Details
Information published.
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:14:45
Link: View Details
Information published.
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:15:20
Link: View Details
Information published.
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:15:56
Link: View Details
Information published.
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:16:38
Link: View Details
Information published.
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Published on: 2026-05-27 01:17:17
Link: View Details
Information published.
CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:17:33
Link: View Details
Information published.
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Published on: 2026-05-27 01:17:49
Link: View Details
Information published.
CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
Published on: 2026-05-27 01:18:00
Link: View Details
Information published.
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Published on: 2026-05-27 01:18:07
Link: View Details
Information published.
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
Published on: 2026-05-27 01:18:12
Link: View Details
Information published.
CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability
Published on: 2026-05-27 01:18:17
Link: View Details
Information published.
CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Published on: 2026-05-27 01:18:22
Link: View Details
Information published.
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Published on: 2026-05-27 01:18:44
Link: View Details
Information published.
CVE-2026-4891 CVE-2026-4891
Published on: 2026-05-27 01:39:47
Link: View Details
Information published.
CVE-2026-8711 NGINX JavaScript vulnerability
Published on: 2026-05-27 01:40:27
Link: View Details
Information published.
CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds
Published on: 2026-05-27 01:01:43
Link: View Details
Information published.
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Published on: 2026-05-27 01:03:52
Link: View Details
Information published.
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Published on: 2026-05-27 01:06:09
Link: View Details
Information published.
CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
Published on: 2026-05-27 01:16:55
Link: View Details
Information published.
CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
Published on: 2026-05-27 01:18:28
Link: View Details
Information published.
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Published on: 2026-05-27 01:18:36
Link: View Details
Information published.
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published on: 2026-05-26 07:00:00
Link: View Details
CWE added. Informational change only.
CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability
Published on: 2026-05-26 07:00:00
Link: View Details
CWE added. Informational change only.
CVE-2026-41091 Microsoft Defender Elevation of Privilege Vulnerability
Published on: 2026-05-26 07:00:00
Link: View Details
In the Security Updates table, added links to the Release Notes. This is an informational change only.
CVE-2026-45584 Microsoft Defender Remote Code Execution Vulnerability
Published on: 2026-05-26 07:00:00
Link: View Details
In the Security Updates table, added links to the Release Notes. This is an informational change only.
CVE-2026-45659 Microsoft SharePoint Remote Code Execution Vulnerability
Published on: 2026-05-26 07:00:00
Link: View Details
Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who have already installed the May 2026 updates do not need to take any further action.
CVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leak
Published on: 2026-05-26 01:38:55
Link: View Details
Information published.
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
Published on: 2026-05-26 01:39:11
Link: View Details
Information published.
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
Published on: 2026-05-26 01:39:03
Link: View Details
Information published.
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Published on: 2026-05-26 01:41:55
Link: View Details
Information published.
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Published on: 2026-05-26 01:38:14
Link: View Details
Information published.
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
Published on: 2026-05-26 01:38:25
Link: View Details
Information published.
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Published on: 2026-05-26 01:38:33
Link: View Details
Information published.
CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks
Published on: 2026-05-26 01:38:43
Link: View Details
Information published.
