CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Published on: 2026-05-15 01:38:59
Link: View Details
Information published.
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Published on: 2026-05-15 01:42:14
Link: View Details
Information published.
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Published on: 2026-05-15 01:01:21
Link: View Details
Information published.
CVE-2026-4893 CVE-2026-4893
Published on: 2026-05-15 01:01:39
Link: View Details
Information published.
CVE-2026-2291 CVE-2026-2291
Published on: 2026-05-15 01:01:44
Link: View Details
Information published.
CVE-2026-5172 CVE-2026-5172
Published on: 2026-05-15 01:01:50
Link: View Details
Information published.
CVE-2026-4890 CVE-2026-4890
Published on: 2026-05-15 01:02:01
Link: View Details
Information published.
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling
Published on: 2026-05-15 01:02:12
Link: View Details
Information published.
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
Published on: 2026-05-15 01:02:18
Link: View Details
Information published.
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Published on: 2026-05-15 01:02:26
Link: View Details
Information published.
CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
Published on: 2026-05-15 01:02:32
Link: View Details
Information published.
CVE-2026-8295 Integer overflow in simdjson
Published on: 2026-05-15 01:01:28
Link: View Details
Information published.
CVE-2026-4891 CVE-2026-4891
Published on: 2026-05-15 01:01:33
Link: View Details
Information published.
CVE-2026-4892 CVE-2026-4892
Published on: 2026-05-15 01:01:55
Link: View Details
Information published.
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username
Published on: 2026-05-15 01:02:06
Link: View Details
Information published.
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
Published on: 2026-05-15 01:02:37
Link: View Details
Information published.
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Published on: 2026-05-15 01:02:43
Link: View Details
Information published.
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Published on: 2026-05-14 07:00:00
Link: View Details
New .NET Framework Packages have been added
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
Published on: 2026-05-14 07:00:00
Link: View Details
New .NET Framework Packages have been added
CVE-2026-41615 Microsoft Authenticator Information Disclosure Vulnerability
Published on: 2026-05-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.
CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability
Published on: 2026-05-14 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve
Published on: 2026-05-14 01:42:37
Link: View Details
Information published.
CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published on: 2026-05-13 07:00:00
Link: View Details
Updated the fixed version number. This is an informational change only.
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published on: 2026-05-13 07:00:00
Link: View Details
Acknowledgement Updated
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published on: 2026-05-13 07:00:00
Link: View Details
Updated the fixed version number. This is an informational change only.
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Published on: 2026-05-13 01:06:02
Link: View Details
Information published.
CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload
Published on: 2026-05-13 01:05:57
Link: View Details
Information published.
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Published on: 2026-05-13 01:03:48
Link: View Details
Information published.
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Published on: 2026-05-13 01:04:59
Link: View Details
Information published.
CVE-2026-45186
Published on: 2026-05-13 01:03:56
Link: View Details
Information published.
CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro
Published on: 2026-05-13 01:01:25
Link: View Details
Information published.
CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge
Published on: 2026-05-13 01:01:31
Link: View Details
Information published.
CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
Published on: 2026-05-13 01:01:36
Link: View Details
Information published.
CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains
Published on: 2026-05-13 01:01:42
Link: View Details
Information published.
CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f
Published on: 2026-05-13 01:01:47
Link: View Details
Information published.
CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode
Published on: 2026-05-13 01:01:53
Link: View Details
Information published.
CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls
Published on: 2026-05-13 01:01:58
Link: View Details
Information published.
CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences
Published on: 2026-05-13 01:05:27
Link: View Details
Information published.
CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
Published on: 2026-05-13 01:05:53
Link: View Details
Information published.
CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing
Published on: 2026-05-13 01:42:37
Link: View Details
Information published.
CVE-2026-6665 PgBouncer buffer overflow in SCRAM
Published on: 2026-05-13 01:42:44
Link: View Details
Information published.
CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command
Published on: 2026-05-13 01:42:50
Link: View Details
Information published.
CVE-2026-6666 PgBouncer crash in kill_pool_logins_server_error
Published on: 2026-05-13 01:42:57
Link: View Details
Information published.
CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading
Published on: 2026-05-13 01:43:04
Link: View Details
Information published.
CVE-2026-44656 Vim: OS Command Injection via 'path' completion
Published on: 2026-05-13 01:43:11
Link: View Details
Information published.
CVE-2026-33811 Crash when handling long CNAME response in net
Published on: 2026-05-13 01:05:35
Link: View Details
Information published.
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Published on: 2026-05-13 01:05:46
Link: View Details
Information published.
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Published on: 2026-05-13 01:05:10
Link: View Details
Information published.
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Published on: 2026-05-13 01:04:49
Link: View Details
Information published.
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Published on: 2026-05-13 01:04:28
Link: View Details
Information published.
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Published on: 2026-05-13 01:04:38
Link: View Details
Information published.
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Published on: 2026-05-13 01:04:07
Link: View Details
Information published.
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Published on: 2026-05-13 01:04:17
Link: View Details
Information published.
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Published on: 2026-05-13 01:05:20
Link: View Details
Information published.
CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)
Published on: 2026-05-13 01:01:20
Link: View Details
Information published.
CVE-2026-35469 SpdyStream: DOS on CRI
Published on: 2026-05-13 01:40:49
Link: View Details
Information published.
CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification
Published on: 2026-05-13 01:40:12
Link: View Details
Information published.
CVE-2026-41636 Apache Thrift: Node.js skip() recursion
Published on: 2026-05-13 01:40:27
Link: View Details
Information published.
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.
Published on: 2026-05-13 01:39:49
Link: View Details
Information published.
CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow
Published on: 2026-05-13 01:40:05
Link: View Details
Information published.
CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow
Published on: 2026-05-13 01:40:21
Link: View Details
Information published.
CVE-2026-32204 Azure Monitor Agent Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-33834 Windows Event Logging Service Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.
CVE-2026-33839 Win32k Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-33840 Win32k Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-34330 Win32k Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34331 Win32k Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34333 Windows Win32k Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34342 Windows Print Spooler Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34347 Windows Win32k Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34350 Windows Storport Miniport Driver Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.
CVE-2026-34351 Windows TCP/IP Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-35417 Windows Win32k Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-35419 Windows DWM Core Library Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-35420 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-35422 Windows TCP/IP Driver Security Feature Bypass Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
CVE-2026-35423 Windows 11 Telnet Client Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-35438 Windows Admin Center Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35440 Microsoft Word Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-40360 Microsoft Excel Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40363 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
CVE-2026-40399 Windows TCP/IP Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-40405 Windows TCP/IP Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
CVE-2026-40406 Windows TCP/IP Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-40410 Windows SMB Client Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
CVE-2026-40414 Windows TCP/IP Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
CVE-2026-40415 Windows TCP/IP Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.
CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-41089 Windows Netlogon Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
CVE-2026-41094 Microsoft Data Formulator Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.
CVE-2026-41095 Data Deduplication Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.
CVE-2026-41096 Windows DNS Client Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-41101 Microsoft Word for Android Spoofing Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
CVE-2026-41102 Microsoft PowerPoint for Android Spoofing Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-41610 Visual Studio Code Security Feature Bypass Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-41611 Visual Studio Code Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
CVE-2026-41612 Visual Studio Code Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
CVE-2026-41614 M365 Copilot for Desktop Spoofing Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.
CVE-2026-32185 Microsoft Teams Spoofing Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVE-2026-42831 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-32175 .NET Core Tampering Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.
To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.
The security update fixes the vulnerability by ensuring .NET Core properly handles files.
CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
ADV990001 Latest Servicing Stack Updates
Published on: 2026-05-12 07:00:00
Link: View Details
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
CVE-2026-42896 Windows DWM Core Library Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42899 ASP.NET Core Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-33110 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-33112 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-33837 Windows TCP/IP Local Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
CVE-2026-34332 Windows Kernel-Mode Driver Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
CVE-2026-34334 Windows TCP/IP Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34336 Windows DWM Core Library Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-34338 Windows Telephony Service Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
CVE-2026-40357 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40358 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40365 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40370 SQL Server Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-40369 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-40382 Windows Telephony Service Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-32209 Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
CVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-40401 Windows TCP/IP Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
CVE-2026-40403 Windows Graphics Component Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2026-40413 Windows TCP/IP Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-41097 Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-42823 Azure Logic Apps Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-42832 Microsoft Office Spoofing Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption
Published on: 2026-05-12 07:00:00
Link: View Details
This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible.
The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for more information:
* [AMD-SB-7052](https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html)
CVE-2026-42893 Microsoft Outlook for iOS Tampering Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.
CVE-2025-6965 Integer Truncation on SQLite
Published on: 2026-05-12 07:00:00
Link: View Details
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Published on: 2026-05-12 01:40:38
Link: View Details
Information published.
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Published on: 2026-05-12 01:40:31
Link: View Details
Information published.
CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue
Published on: 2026-05-12 01:42:08
Link: View Details
Information published.
CVE-2026-43500 rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
Published on: 2026-05-12 01:07:26
Link: View Details
Information published.
CVE-2026-20841 Windows Notepad App Remote Code Execution Vulnerability
Published on: 2026-05-11 07:00:00
Link: View Details
Added FAQ information. This is an informational change only.
CVE-2026-32226 .NET Framework Denial of Service Vulnerability
Published on: 2026-05-11 07:00:00
Link: View Details
This CVE has been updated to include additional Security Updates for .NET Framework
CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Published on: 2026-05-11 01:41:16
Link: View Details
Information published.
CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
Published on: 2026-05-11 01:38:29
Link: View Details
Information published.
CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP
Published on: 2026-05-11 01:45:00
Link: View Details
Information published.
CVE-2025-21885 RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers
Published on: 2026-05-11 01:45:18
Link: View Details
Information published.
CVE-2025-21833 iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
Published on: 2026-05-11 01:39:32
Link: View Details
Information published.
CVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM type
Published on: 2026-05-11 01:48:07
Link: View Details
Information published.
CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
Published on: 2026-05-11 01:48:16
Link: View Details
Information published.
CVE-2026-23214 btrfs: reject new transactions if the fs is fully read-only
Published on: 2026-05-11 01:46:46
Link: View Details
Information published.
CVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
Published on: 2026-05-11 01:46:30
Link: View Details
Information published.
CVE-2025-71225 md: suspend array while updating raid_disks via sysfs
Published on: 2026-05-11 01:46:38
Link: View Details
Information published.
CVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channels
Published on: 2026-05-11 01:46:56
Link: View Details
Information published.
CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler
Published on: 2026-05-11 01:47:22
Link: View Details
Information published.
CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().
Published on: 2026-05-11 01:42:15
Link: View Details
Information published.
CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown
Published on: 2026-05-11 01:42:25
Link: View Details
Information published.
CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().
Published on: 2026-05-11 01:42:33
Link: View Details
Information published.
CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()
Published on: 2026-05-11 01:42:41
Link: View Details
Information published.
CVE-2025-40158 ipv6: use RCU in ip6_output()
Published on: 2026-05-11 01:42:50
Link: View Details
Information published.
CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
Published on: 2026-05-11 01:42:59
Link: View Details
Information published.
CVE-2025-68201 drm/amdgpu: remove two invalid BUG_ON()s
Published on: 2026-05-11 01:43:54
Link: View Details
Information published.
CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough
Published on: 2026-05-11 01:44:02
Link: View Details
Information published.
CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition
Published on: 2026-05-11 01:44:11
Link: View Details
Information published.
CVE-2025-40355 sysfs: check visibility before changing group attribute ownership
Published on: 2026-05-11 01:44:19
Link: View Details
Information published.
CVE-2025-68209 mlx5: Fix default values in create CQ
Published on: 2026-05-11 01:44:28
Link: View Details
Information published.
CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side
Published on: 2026-05-11 01:44:45
Link: View Details
Information published.
CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work
Published on: 2026-05-11 01:45:02
Link: View Details
Information published.
CVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irq
Published on: 2026-05-11 01:45:11
Link: View Details
Information published.
CVE-2025-68736 landlock: Fix handling of disconnected directories
Published on: 2026-05-11 01:45:20
Link: View Details
Information published.
CVE-2025-68745 scsi: qla2xxx: Clear cmds after chip reset
Published on: 2026-05-11 01:45:29
Link: View Details
Information published.
CVE-2025-40289 drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
Published on: 2026-05-11 01:43:18
Link: View Details
Information published.
CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved
Published on: 2026-05-11 01:43:26
Link: View Details
Information published.
CVE-2025-68190 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()
Published on: 2026-05-11 01:43:45
Link: View Details
Information published.
CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
Published on: 2026-05-11 01:44:37
Link: View Details
Information published.
CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
Published on: 2026-05-11 01:44:53
Link: View Details
Information published.
CVE-2025-68356 gfs2: Prevent recursive memory reclaim
Published on: 2026-05-11 01:45:38
Link: View Details
Information published.
CVE-2025-68378 bpf: Fix stackmap overflow check in __bpf_get_stackid()
Published on: 2026-05-11 01:45:47
Link: View Details
Information published.
CVE-2025-68374 md: fix rcu protection in md_wakeup_thread
Published on: 2026-05-11 01:45:55
Link: View Details
Information published.
CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes
Published on: 2026-05-11 01:48:34
Link: View Details
Information published.
CVE-2025-38029 kasan: avoid sleepable page allocation from atomic context
Published on: 2026-05-11 01:48:52
Link: View Details
Information published.
CVE-2025-38064 virtio: break and reset virtio devices on device_shutdown()
Published on: 2026-05-11 01:48:43
Link: View Details
Information published.
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work
Published on: 2026-05-11 01:46:04
Link: View Details
Information published.
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
Published on: 2026-05-11 01:46:13
Link: View Details
Information published.
CVE-2025-71072 shmem: fix recovery on rename failures
Published on: 2026-05-11 01:46:21
Link: View Details
Information published.
CVE-2024-53201 drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
Published on: 2026-05-11 01:50:42
Link: View Details
Information published.
CVE-2024-56647 net: Fix icmp host relookup triggering ip_rt_bug
Published on: 2026-05-11 01:49:58
Link: View Details
Information published.
CVE-2024-53114 x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
Published on: 2026-05-11 01:49:14
Link: View Details
Information published.
CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO
Published on: 2026-05-11 01:42:20
Link: View Details
Information published.
CVE-2024-56712 udmabuf: fix memory leak on last export_udmabuf() error path
Published on: 2026-05-11 01:50:07
Link: View Details
Information published.
CVE-2024-56591 Bluetooth: hci_conn: Use disable_delayed_work_sync
Published on: 2026-05-11 01:44:08
Link: View Details
Information published.
CVE-2024-53133 drm/amd/display: Handle dml allocation failure to avoid crash
Published on: 2026-05-11 01:48:46
Link: View Details
Information published.
CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string
Published on: 2026-05-11 01:50:52
Link: View Details
Information published.
CVE-2025-38636 rv: Use strings in da monitors tracepoints
Published on: 2026-05-11 01:51:01
Link: View Details
Information published.
CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields
Published on: 2026-05-11 01:50:26
Link: View Details
Information published.
CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
Published on: 2026-05-11 01:43:09
Link: View Details
Information published.
CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
Published on: 2026-05-11 01:50:35
Link: View Details
Information published.
CVE-2025-38584 padata: Fix pd UAF once and for all
Published on: 2026-05-11 01:50:43
Link: View Details
Information published.
CVE-2023-52485 drm/amd/display: Wake DMCUB before sending a command
Published on: 2026-05-11 01:50:33
Link: View Details
Information published.
CVE-2024-25740 A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
Published on: 2026-05-11 01:38:29
Link: View Details
Information published.
CVE-2024-1151 Kernel: stack overflow problem in open vswitch kernel module leading to dos
Published on: 2026-05-11 01:40:50
Link: View Details
Information published.
CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta
Published on: 2026-05-11 01:43:42
Link: View Details
Information published.
CVE-2024-49888 bpf: Fix a sdiv overflow issue
Published on: 2026-05-11 01:46:23
Link: View Details
Information published.
CVE-2024-47662 drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection
Published on: 2026-05-11 01:42:58
Link: View Details
Information published.
CVE-2024-49940 l2tp: prevent possible tunnel refcount underflow
Published on: 2026-05-11 01:46:41
Link: View Details
Information published.
CVE-2024-49932 btrfs: don't readahead the relocation inode on RST
Published on: 2026-05-11 01:46:32
Link: View Details
Information published.
CVE-2024-49893 drm/amd/display: Check stream_status before it is used
Published on: 2026-05-11 01:44:44
Link: View Details
Information published.
CVE-2024-49885 mm, slub: avoid zeroing kmalloc redzone
Published on: 2026-05-11 01:46:50
Link: View Details
Information published.
CVE-2024-49972 drm/amd/display: Deallocate DML memory if allocation fails
Published on: 2026-05-11 01:45:20
Link: View Details
Information published.
CVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structure
Published on: 2026-05-11 01:45:29
Link: View Details
Information published.
CVE-2024-49920 drm/amd/display: Check null pointers before multiple uses
Published on: 2026-05-11 01:44:53
Link: View Details
Information published.
CVE-2024-47661 drm/amd/display: Avoid overflow from uint32_t to uint8_t
Published on: 2026-05-11 01:42:39
Link: View Details
Information published.
CVE-2024-49904 drm/amdgpu: add list empty check to avoid null pointer issue
Published on: 2026-05-11 01:44:00
Link: View Details
Information published.
CVE-2024-50028 thermal: core: Reference count the zone in thermal_zone_get_by_id()
Published on: 2026-05-11 01:44:09
Link: View Details
Information published.
CVE-2024-49922 drm/amd/display: Check null pointers before using them
Published on: 2026-05-11 01:44:27
Link: View Details
Information published.
CVE-2024-46870 drm/amd/display: Disable DMCUB timeout for DCN35
Published on: 2026-05-11 01:42:49
Link: View Details
Information published.
CVE-2024-49971 drm/amd/display: Increase array size of dummy_boolean
Published on: 2026-05-11 01:45:38
Link: View Details
Information published.
CVE-2024-49921 drm/amd/display: Check null pointers before used
Published on: 2026-05-11 01:44:18
Link: View Details
Information published.
CVE-2024-38608 net/mlx5e: Fix netif state handling
Published on: 2026-05-11 01:40:07
Link: View Details
Information published.
CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port
Published on: 2026-05-11 01:41:24
Link: View Details
Information published.
CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.
Published on: 2026-05-11 01:38:02
Link: View Details
Information published.
CVE-2024-46834 ethtool: fail closed if we can't get max channel used in indirection tables
Published on: 2026-05-11 01:42:21
Link: View Details
Information published.
CVE-2024-44951 serial: sc16is7xx: fix TX fifo corruption
Published on: 2026-05-11 01:42:30
Link: View Details
Information published.
CVE-2024-46730 drm/amd/display: Ensure array index tg_inst won't be -1
Published on: 2026-05-11 01:41:44
Link: View Details
Information published.
CVE-2024-46727 drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update
Published on: 2026-05-11 01:41:53
Link: View Details
Information published.
CVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.
Published on: 2026-05-11 01:43:23
Link: View Details
Information published.
CVE-2025-21976 fbdev: hyperv_fb: Allow graceful removal of framebuffer
Published on: 2026-05-11 01:47:49
Link: View Details
Information published.
CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying
Published on: 2026-05-11 01:41:25
Link: View Details
Information published.
CVE-2025-22108 bnxt_en: Mask the bd_cnt field in the TX BD properly
Published on: 2026-05-11 01:41:52
Link: View Details
Information published.
CVE-2025-22070 fs/9p: fix NULL pointer dereference on mkdir
Published on: 2026-05-11 01:40:42
Link: View Details
Information published.
CVE-2025-21961 eth: bnxt: fix truesize for mb-xdp-pass case
Published on: 2026-05-11 01:40:25
Link: View Details
Information published.
CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses
Published on: 2026-05-11 01:44:42
Link: View Details
Information published.
CVE-2025-22115 btrfs: fix block group refcount race in btrfs_create_pending_block_groups()
Published on: 2026-05-11 01:45:36
Link: View Details
Information published.
CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
Published on: 2026-05-11 01:40:08
Link: View Details
Information published.
CVE-2025-21949 LoongArch: Set hugetlb mmap base address aligned with pmd size
Published on: 2026-05-11 01:40:16
Link: View Details
Information published.
CVE-2025-23131 dlm: prevent NPD when writing a positive value to event_done
Published on: 2026-05-11 01:47:14
Link: View Details
Information published.
CVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folio
Published on: 2026-05-11 01:41:32
Link: View Details
Information published.
CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
Published on: 2026-05-11 01:41:40
Link: View Details
Information published.
CVE-2025-23135 RISC-V: KVM: Teardown riscv specific bits after kvm_exit
Published on: 2026-05-11 01:41:49
Link: View Details
Information published.
CVE-2025-22109 ax25: Remove broken autobind
Published on: 2026-05-11 01:41:08
Link: View Details
Information published.
CVE-2025-40325 md/raid10: wait barrier before returning discard request with REQ_NOWAIT
Published on: 2026-05-11 01:47:03
Link: View Details
Information published.
CVE-2025-37860 sfc: fix NULL dereferences in ef100_process_design_param()
Published on: 2026-05-11 01:40:33
Link: View Details
Information published.
CVE-2024-43901 drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401
Published on: 2026-05-11 01:39:58
Link: View Details
Information published.
CVE-2024-43872 RDMA/hns: Fix soft lockup under heavy CEQE load
Published on: 2026-05-11 01:40:24
Link: View Details
Information published.
CVE-2024-43819 kvm: s390: Reject memory region operations for ucontrol VMs
Published on: 2026-05-11 01:40:41
Link: View Details
Information published.
CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed
Published on: 2026-05-11 01:46:20
Link: View Details
Information published.
CVE-2025-38333 f2fs: fix to bail out in get_new_segment()
Published on: 2026-05-11 01:49:23
Link: View Details
Information published.
CVE-2025-38359 s390/mm: Fix in_atomic() handling in do_secure_storage_access()
Published on: 2026-05-11 01:50:17
Link: View Details
Information published.
CVE-2025-38264 nvme-tcp: sanitize request list handling
Published on: 2026-05-11 01:49:15
Link: View Details
Information published.
CVE-2025-38303 Bluetooth: eir: Fix possible crashes on eir_create_adv_data
Published on: 2026-05-11 01:49:33
Link: View Details
Information published.
CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping
Published on: 2026-05-11 01:49:41
Link: View Details
Information published.
CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
Published on: 2026-05-11 01:49:50
Link: View Details
Information published.
CVE-2025-38272 net: dsa: b53: do not enable EEE on bcm63xx
Published on: 2026-05-11 01:50:00
Link: View Details
Information published.
CVE-2025-38311 iavf: get rid of the crit lock
Published on: 2026-05-11 01:50:09
Link: View Details
Information published.
CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs
Published on: 2026-05-11 01:49:06
Link: View Details
Information published.
CVE-2024-42107 ice: Don't process extts if PTP is disabled
Published on: 2026-05-11 01:50:24
Link: View Details
Information published.
CVE-2024-42064 drm/amd/display: Skip pipe if the pipe idx not set properly
Published on: 2026-05-11 01:38:37
Link: View Details
Information published.
CVE-2024-42065 drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
Published on: 2026-05-11 01:39:14
Link: View Details
Information published.
CVE-2024-42066 drm/xe: Fix potential integer overflow in page size calculation
Published on: 2026-05-11 01:38:55
Link: View Details
Information published.
CVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_free
Published on: 2026-05-11 01:41:00
Link: View Details
Information published.
CVE-2024-42151 bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
Published on: 2026-05-11 01:48:38
Link: View Details
Information published.
CVE-2024-41008 drm/amdgpu: change vm->task_info handling
Published on: 2026-05-11 01:48:25
Link: View Details
Information published.
CVE-2024-41082 nvme-fabrics: use reserved tag for reg read/write command
Published on: 2026-05-11 01:41:43
Link: View Details
Information published.
CVE-2024-42134 virtio-pci: Check if is_avq is NULL
Published on: 2026-05-11 01:48:56
Link: View Details
Information published.
CVE-2024-40999 net: ena: Add validation for completion descriptors consistency
Published on: 2026-05-11 01:42:46
Link: View Details
Information published.
CVE-2024-42118 drm/amd/display: Do not return negative stream id for array
Published on: 2026-05-11 01:42:55
Link: View Details
Information published.
CVE-2024-39478 crypto: starfive - Do not free stack buffer
Published on: 2026-05-11 01:43:32
Link: View Details
Information published.
CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly
Published on: 2026-05-11 01:45:45
Link: View Details
Information published.
CVE-2024-42081 drm/xe/xe_devcoredump: Check NULL before assignments
Published on: 2026-05-11 01:39:05
Link: View Details
Information published.
CVE-2024-53050 drm/i915/hdcp: Add encoder check in hdcp2_get_capability
Published on: 2026-05-11 01:48:20
Link: View Details
Information published.
CVE-2024-53090 afs: Fix lock recursion
Published on: 2026-05-11 01:49:41
Link: View Details
Information published.
CVE-2024-53089 LoongArch: KVM: Mark hrtimer to expire in hard interrupt context
Published on: 2026-05-11 01:49:50
Link: View Details
Information published.
CVE-2024-50177 drm/amd/display: fix a UBSAN warning in DML2.1
Published on: 2026-05-11 01:48:29
Link: View Details
Information published.
CVE-2024-50277 dm: fix a crash if blk_alloc_disk fails
Published on: 2026-05-11 01:47:45
Link: View Details
Information published.
CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
Published on: 2026-05-11 01:47:00
Link: View Details
Information published.
CVE-2024-23848 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
Published on: 2026-05-11 01:38:08
Link: View Details
Information published.
CVE-2025-21696 mm: clear uffd-wp PTE/PMD state on mremap()
Published on: 2026-05-11 01:52:21
Link: View Details
Information published.
CVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
Published on: 2026-05-11 01:41:34
Link: View Details
Information published.
CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash
Published on: 2026-05-11 01:42:11
Link: View Details
Information published.
CVE-2025-21801 net: ravb: Fix missing rtnl lock in suspend/resume path
Published on: 2026-05-11 01:43:14
Link: View Details
Information published.
CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed
Published on: 2026-05-11 01:43:59
Link: View Details
Information published.
CVE-2025-21732 RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error
Published on: 2026-05-11 01:44:33
Link: View Details
Information published.
CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool
Published on: 2026-05-11 01:38:56
Link: View Details
Information published.
CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug
Published on: 2026-05-11 01:39:23
Link: View Details
Information published.
CVE-2024-58006 PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()
Published on: 2026-05-11 01:46:54
Link: View Details
Information published.
CVE-2025-21723 scsi: mpi3mr: Fix possible crash when setting up bsg fails
Published on: 2026-05-11 01:38:20
Link: View Details
Information published.
CVE-2025-21714 RDMA/mlx5: Fix implicit ODP use after free
Published on: 2026-05-11 01:39:05
Link: View Details
Information published.
CVE-2024-57872 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
Published on: 2026-05-11 01:51:27
Link: View Details
Information published.
CVE-2024-56775 drm/amd/display: Fix handling of plane refcount
Published on: 2026-05-11 01:50:51
Link: View Details
Information published.
CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap
Published on: 2026-05-11 01:44:16
Link: View Details
Information published.
CVE-2024-41932 sched: fix warning in sched_setaffinity
Published on: 2026-05-11 01:44:24
Link: View Details
Information published.
CVE-2024-57804 scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs
Published on: 2026-05-11 01:45:09
Link: View Details
Information published.
CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up
Published on: 2026-05-11 01:45:54
Link: View Details
Information published.
CVE-2025-21635 rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
Published on: 2026-05-11 01:52:36
Link: View Details
Information published.
CVE-2025-21649 net: hns3: fix kernel crash when 1588 is sent on HIP08 devices
Published on: 2026-05-11 01:51:35
Link: View Details
Information published.
CVE-2025-21634 cgroup/cpuset: remove kernfs active break
Published on: 2026-05-11 01:52:01
Link: View Details
Information published.
CVE-2024-57809 PCI: imx6: Fix suspend/resume support on i.MX6QDL
Published on: 2026-05-11 01:42:01
Link: View Details
Information published.
CVE-2024-56782 ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()
Published on: 2026-05-11 01:50:59
Link: View Details
Information published.
CVE-2024-47794 bpf: Prevent tailcall infinite loop caused by freplace
Published on: 2026-05-11 01:46:10
Link: View Details
Information published.
CVE-2024-57857 RDMA/siw: Remove direct link to net_device
Published on: 2026-05-11 01:39:14
Link: View Details
Information published.
CVE-2025-21672 afs: Fix merge preference rule failure condition
Published on: 2026-05-11 01:52:12
Link: View Details
Information published.
CVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
Published on: 2026-05-11 01:48:52
Link: View Details
Information published.
CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()
Published on: 2026-05-11 01:49:00
Link: View Details
Information published.
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Published on: 2026-05-11 01:50:33
Link: View Details
Information published.
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Published on: 2026-05-11 01:50:42
Link: View Details
Information published.
CVE-2026-31557 nvmet: move async event work off nvmet-wq
Published on: 2026-05-11 01:50:50
Link: View Details
Information published.
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use
Published on: 2026-05-11 01:50:58
Link: View Details
Information published.
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
Published on: 2026-05-11 01:51:23
Link: View Details
Information published.
CVE-2026-31645 net: lan966x: fix page pool leak in error paths
Published on: 2026-05-11 01:51:31
Link: View Details
Information published.
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction
Published on: 2026-05-11 01:51:40
Link: View Details
Information published.
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory
Published on: 2026-05-11 01:51:57
Link: View Details
Information published.
CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation
Published on: 2026-05-11 01:52:06
Link: View Details
Information published.
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
Published on: 2026-05-11 01:52:24
Link: View Details
Information published.
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output
Published on: 2026-05-11 01:52:16
Link: View Details
Information published.
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Published on: 2026-05-11 01:52:32
Link: View Details
Information published.
CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN
Published on: 2026-05-11 01:48:43
Link: View Details
Information published.
CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex
Published on: 2026-05-11 01:49:08
Link: View Details
Information published.
CVE-2026-31487 spi: use generic driver_override infrastructure
Published on: 2026-05-11 01:49:16
Link: View Details
Information published.
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
Published on: 2026-05-11 01:49:25
Link: View Details
Information published.
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation
Published on: 2026-05-11 01:49:33
Link: View Details
Information published.
CVE-2026-31506 net: bcmasp: fix double free of WoL irq
Published on: 2026-05-11 01:49:41
Link: View Details
Information published.
CVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse case
Published on: 2026-05-11 01:49:50
Link: View Details
Information published.
CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory
Published on: 2026-05-11 01:49:59
Link: View Details
Information published.
CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
Published on: 2026-05-11 01:50:07
Link: View Details
Information published.
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path
Published on: 2026-05-11 01:50:15
Link: View Details
Information published.
CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes
Published on: 2026-05-11 01:50:24
Link: View Details
Information published.
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Published on: 2026-05-11 01:51:06
Link: View Details
Information published.
CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag
Published on: 2026-05-11 01:51:15
Link: View Details
Information published.
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response
Published on: 2026-05-11 01:51:49
Link: View Details
Information published.
CVE-2026-31677 crypto: af_alg - limit RX SG extraction by receive buffer budget
Published on: 2026-05-11 01:38:31
Link: View Details
Information published.
CVE-2026-31688 driver core: enforce device_lock for driver_match_device()
Published on: 2026-05-11 01:38:40
Link: View Details
Information published.
CVE-2026-31499 Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()
Published on: 2026-05-11 01:38:48
Link: View Details
Information published.
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns
Published on: 2026-05-11 01:38:56
Link: View Details
Information published.
CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements
Published on: 2026-05-11 01:47:30
Link: View Details
Information published.
CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion
Published on: 2026-05-11 01:47:39
Link: View Details
Information published.
CVE-2026-23276 net: add xmit recursion limit to tunnel xmit functions
Published on: 2026-05-11 01:47:47
Link: View Details
Information published.
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz
Published on: 2026-05-11 01:48:09
Link: View Details
Information published.
CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
Published on: 2026-05-11 01:48:17
Link: View Details
Information published.
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
Published on: 2026-05-11 01:48:34
Link: View Details
Information published.
CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.
Published on: 2026-05-11 01:38:14
Link: View Details
Information published.
CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()
Published on: 2026-05-11 01:47:04
Link: View Details
Information published.
CVE-2026-23247 tcp: secure_seq: add back ports to TS offset
Published on: 2026-05-11 01:47:14
Link: View Details
Information published.
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
Published on: 2026-05-11 01:48:00
Link: View Details
Information published.
CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()
Published on: 2026-05-11 01:48:25
Link: View Details
Information published.
CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly
Published on: 2026-05-11 01:47:58
Link: View Details
Information published.
CVE-2024-35931 drm/amdgpu: Skip do PCI error slot reset during RAS recovery
Published on: 2026-05-11 01:43:05
Link: View Details
Information published.
CVE-2024-36024 drm/amd/display: Disable idle reallow as part of command/gpint execution
Published on: 2026-05-11 01:47:32
Link: View Details
Information published.
CVE-2024-35794 dm-raid: really frozen sync_thread during suspend
Published on: 2026-05-11 01:44:51
Link: View Details
Information published.
CVE-2025-37907 accel/ivpu: Fix locking order in ivpu_job_submit
Published on: 2026-05-11 01:47:40
Link: View Details
Information published.
CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio
Published on: 2026-05-11 01:42:29
Link: View Details
Information published.
CVE-2025-37870 drm/amd/display: prevent hang on link training fail
Published on: 2026-05-11 01:42:38
Link: View Details
Information published.
CVE-2025-37877 iommu: Clear iommu-dma ops on cleanup
Published on: 2026-05-11 01:43:41
Link: View Details
Information published.
CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
Published on: 2026-05-11 01:43:50
Link: View Details
Information published.
CVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
Published on: 2026-05-11 01:45:28
Link: View Details
Information published.
CVE-2025-37856 btrfs: harden block_group::bg_list against list_del() races
Published on: 2026-05-11 01:46:37
Link: View Details
Information published.
CVE-2025-37882 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
Published on: 2026-05-11 01:46:46
Link: View Details
Information published.
CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
Published on: 2026-05-11 01:40:50
Link: View Details
Information published.
CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap
Published on: 2026-05-11 01:46:28
Link: View Details
Information published.
CVE-2025-37747 perf: Fix hang while freeing sigtrap event
Published on: 2026-05-11 01:41:57
Link: View Details
Information published.
CVE-2025-37750 smb: client: fix UAF in decryption with multichannel
Published on: 2026-05-11 01:42:06
Link: View Details
Information published.
CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq
Published on: 2026-05-11 01:52:29
Link: View Details
Information published.
CVE-2023-52624 drm/amd/display: Wake DMCUB before executing GPINT commands
Published on: 2026-05-11 01:38:39
Link: View Details
Information published.
CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()
Published on: 2026-05-11 01:39:09
Link: View Details
Information published.
CVE-2026-31723 usb: gadget: f_subset: Fix net_device lifecycle with device_move
Published on: 2026-05-11 01:39:18
Link: View Details
Information published.
CVE-2026-31724 usb: gadget: f_eem: Fix net_device lifecycle with device_move
Published on: 2026-05-11 01:39:26
Link: View Details
Information published.
CVE-2026-43036 net: use skb_header_pointer() for TCPv4 GSO frag_off check
Published on: 2026-05-11 01:40:07
Link: View Details
Information published.
CVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()
Published on: 2026-05-11 01:40:16
Link: View Details
Information published.
CVE-2026-43042 mpls: add seqcount to protect the platform_label{,s} pair
Published on: 2026-05-11 01:40:41
Link: View Details
Information published.
CVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlers
Published on: 2026-05-11 01:40:50
Link: View Details
Information published.
CVE-2026-43052 wifi: mac80211: check tdls flag in ieee80211_tdls_oper
Published on: 2026-05-11 01:40:59
Link: View Details
Information published.
CVE-2026-31709 smb: client: validate the whole DACL before rewriting it in cifsacl
Published on: 2026-05-11 01:41:07
Link: View Details
Information published.
CVE-2026-43010 bpf: Reject sleepable kprobe_multi programs at attach time
Published on: 2026-05-11 01:41:24
Link: View Details
Information published.
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Published on: 2026-05-11 01:42:28
Link: View Details
Information published.
CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex
Published on: 2026-05-11 01:43:02
Link: View Details
Information published.
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Published on: 2026-05-11 01:43:12
Link: View Details
Information published.
CVE-2026-43245 ntfs: ->d_compare() must not block
Published on: 2026-05-11 01:43:28
Link: View Details
Information published.
CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference
Published on: 2026-05-11 01:43:37
Link: View Details
Information published.
CVE-2026-43234 team: avoid NETDEV_CHANGEMTU event when unregistering slave
Published on: 2026-05-11 01:43:53
Link: View Details
Information published.
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
Published on: 2026-05-11 01:44:27
Link: View Details
Information published.
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Published on: 2026-05-11 01:44:35
Link: View Details
Information published.
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Published on: 2026-05-11 01:44:59
Link: View Details
Information published.
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Published on: 2026-05-11 01:45:16
Link: View Details
Information published.
CVE-2026-43244 kcm: fix zero-frag skb in frag_list on partial sendmsg error
Published on: 2026-05-11 01:45:25
Link: View Details
Information published.
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
Published on: 2026-05-11 01:46:23
Link: View Details
Information published.
CVE-2026-43474 fs: init flags_valid before calling vfs_fileattr_get
Published on: 2026-05-11 01:47:52
Link: View Details
Information published.
CVE-2025-71302 drm/panthor: fix for dma-fence safe access rules
Published on: 2026-05-11 01:48:12
Link: View Details
Information published.
CVE-2026-43309 md raid: fix hang when stopping arrays with metadata through dm-raid
Published on: 2026-05-11 01:48:28
Link: View Details
Information published.
CVE-2026-43320 drm/amd/display: Fix dsc eDP issue
Published on: 2026-05-11 01:49:27
Link: View Details
Information published.
CVE-2026-43300 drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()
Published on: 2026-05-11 01:49:15
Link: View Details
Information published.
CVE-2026-43306 bpf: crypto: Use the correct destructor kfunc type
Published on: 2026-05-11 01:49:37
Link: View Details
Information published.
CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
Published on: 2026-05-11 01:49:46
Link: View Details
Information published.
CVE-2026-43319 spi: spidev: fix lock inversion between spi_lock and buf_lock
Published on: 2026-05-11 01:50:03
Link: View Details
Information published.
CVE-2026-43344 perf/x86/intel/uncore: Fix die ID init and look up bugs
Published on: 2026-05-11 01:50:11
Link: View Details
Information published.
CVE-2026-43305 drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path
Published on: 2026-05-11 01:50:40
Link: View Details
Information published.
CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC
Published on: 2026-05-11 01:51:15
Link: View Details
Information published.
CVE-2026-43400 drm/amdgpu: add upper bound check on user inputs in signal ioctl
Published on: 2026-05-11 01:51:07
Link: View Details
Information published.
CVE-2026-43292 mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node
Published on: 2026-05-11 01:51:43
Link: View Details
Information published.
CVE-2026-43398 drm/amdgpu: add upper bound check on user inputs in wait ioctl
Published on: 2026-05-11 01:51:52
Link: View Details
Information published.
CVE-2026-43311 soc/tegra: pmc: Fix unsafe generic_handle_irq() call
Published on: 2026-05-11 01:52:01
Link: View Details
Information published.
CVE-2026-43421 usb: gadget: f_ncm: Fix net_device lifecycle with device_move
Published on: 2026-05-11 01:52:10
Link: View Details
Information published.
CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
Published on: 2026-05-11 01:52:20
Link: View Details
Information published.
CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication
Published on: 2026-05-11 01:03:12
Link: View Details
Information published.
CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing
Published on: 2026-05-11 01:03:17
Link: View Details
Information published.
CVE-2026-45186
Published on: 2026-05-11 01:03:23
Link: View Details
Information published.
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault
Published on: 2026-05-11 01:03:28
Link: View Details
Information published.
CVE-2026-7568 Signed integer overflow in metaphone()
Published on: 2026-05-11 01:04:01
Link: View Details
Information published.
CVE-2026-43053 xfs: close crash window in attr dabtree inactivation
Published on: 2026-05-11 01:39:35
Link: View Details
Information published.
CVE-2026-43048 HID: core: Mitigate potential OOB by removing bogus memset()
Published on: 2026-05-11 01:39:43
Link: View Details
Information published.
CVE-2026-31777 ALSA: ctxfi: Check the error for index mapping
Published on: 2026-05-11 01:39:51
Link: View Details
Information published.
CVE-2026-31722 usb: gadget: f_rndis: Fix net_device lifecycle with device_move
Published on: 2026-05-11 01:39:59
Link: View Details
Information published.
CVE-2026-31725 usb: gadget: f_ecm: Fix net_device lifecycle with device_move
Published on: 2026-05-11 01:40:24
Link: View Details
Information published.
CVE-2026-43049 HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure
Published on: 2026-05-11 01:40:33
Link: View Details
Information published.
CVE-2026-31712 ksmbd: require minimum ACE size in smb_check_perm_dacl()
Published on: 2026-05-11 01:41:15
Link: View Details
Information published.
CVE-2026-43019 Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
Published on: 2026-05-11 01:41:32
Link: View Details
Information published.
CVE-2026-31729 usb: typec: ucsi: validate connector number in ucsi_notify_common()
Published on: 2026-05-11 01:41:40
Link: View Details
Information published.
CVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision tracking
Published on: 2026-05-11 01:41:49
Link: View Details
Information published.
CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
Published on: 2026-05-11 01:41:58
Link: View Details
Information published.
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function
Published on: 2026-05-11 01:42:11
Link: View Details
Information published.
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Published on: 2026-05-11 01:42:20
Link: View Details
Information published.
CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams
Published on: 2026-05-11 01:42:36
Link: View Details
Information published.
CVE-2026-43131 drm/amd/pm: Fix null pointer dereference issue
Published on: 2026-05-11 01:42:45
Link: View Details
Information published.
CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints
Published on: 2026-05-11 01:42:53
Link: View Details
Information published.
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Published on: 2026-05-11 01:43:20
Link: View Details
Information published.
CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU
Published on: 2026-05-11 01:43:45
Link: View Details
Information published.
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Published on: 2026-05-11 01:44:02
Link: View Details
Information published.
CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels
Published on: 2026-05-11 01:44:10
Link: View Details
Information published.
CVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminated
Published on: 2026-05-11 01:44:19
Link: View Details
Information published.
CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay
Published on: 2026-05-11 01:44:43
Link: View Details
Information published.
CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock
Published on: 2026-05-11 01:44:52
Link: View Details
Information published.
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM
Published on: 2026-05-11 01:45:08
Link: View Details
Information published.
CVE-2026-43258 alpha: fix user-space corruption during memory compaction
Published on: 2026-05-11 01:45:33
Link: View Details
Information published.
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Published on: 2026-05-11 01:45:42
Link: View Details
Information published.
CVE-2026-43107 xfrm: account XFRMA_IF_ID in aevent size calculation
Published on: 2026-05-11 01:45:50
Link: View Details
Information published.
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Published on: 2026-05-11 01:45:58
Link: View Details
Information published.
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet
Published on: 2026-05-11 01:46:07
Link: View Details
Information published.
CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports
Published on: 2026-05-11 01:46:15
Link: View Details
Information published.
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report
Published on: 2026-05-11 01:46:31
Link: View Details
Information published.
CVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp()
Published on: 2026-05-11 01:46:40
Link: View Details
Information published.
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Published on: 2026-05-11 01:46:48
Link: View Details
Information published.
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Published on: 2026-05-11 01:46:56
Link: View Details
Information published.
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Published on: 2026-05-11 01:47:04
Link: View Details
Information published.
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Published on: 2026-05-11 01:47:14
Link: View Details
Information published.
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Published on: 2026-05-11 01:47:31
Link: View Details
Information published.
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger
Published on: 2026-05-11 01:47:40
Link: View Details
Information published.
CVE-2026-43338 btrfs: reserve enough transaction items for qgroup ioctls
Published on: 2026-05-11 01:48:00
Link: View Details
Information published.
CVE-2026-43318 drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify
Published on: 2026-05-11 01:48:20
Link: View Details
Information published.
CVE-2026-43416 powerpc, perf: Check that current->mm is alive before getting user callchain
Published on: 2026-05-11 01:48:36
Link: View Details
Information published.
CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue
Published on: 2026-05-11 01:49:05
Link: View Details
Information published.
CVE-2026-43284 xfrm: esp: avoid in-place decrypt on shared skb frags
Published on: 2026-05-11 01:48:56
Link: View Details
Information published.
CVE-2025-71299 spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing
Published on: 2026-05-11 01:48:46
Link: View Details
Information published.
CVE-2026-43317 most: core: fix leak on early registration failure
Published on: 2026-05-11 01:49:54
Link: View Details
Information published.
CVE-2026-43321 bpf: Properly mark live registers for indirect jumps
Published on: 2026-05-11 01:50:22
Link: View Details
Information published.
CVE-2026-43456 bonding: fix type confusion in bond_setup_by_slave()
Published on: 2026-05-11 01:50:30
Link: View Details
Information published.
CVE-2026-43298 drm/amdgpu: Skip vcn poison irq release on VF
Published on: 2026-05-11 01:50:48
Link: View Details
Information published.
CVE-2026-43299 btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()
Published on: 2026-05-11 01:50:56
Link: View Details
Information published.
CVE-2026-43294 drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels
Published on: 2026-05-11 01:51:24
Link: View Details
Information published.
CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue
Published on: 2026-05-11 01:51:32
Link: View Details
Information published.
CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands
Published on: 2026-05-11 01:03:00
Link: View Details
Information published.
CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs
Published on: 2026-05-11 01:03:06
Link: View Details
Information published.
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD
Published on: 2026-05-11 01:03:34
Link: View Details
Information published.
CVE-2026-6722 Use-After-Free in SOAP using Apache map
Published on: 2026-05-11 01:03:39
Link: View Details
Information published.
CVE-2026-6735 XSS within PHP-FPM status endpoint
Published on: 2026-05-11 01:03:45
Link: View Details
Information published.
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>
Published on: 2026-05-11 01:03:50
Link: View Details
Information published.
CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings
Published on: 2026-05-11 01:03:55
Link: View Details
Information published.
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
Published on: 2026-05-11 01:04:06
Link: View Details
Information published.
CVE-2025-39779 btrfs: subpage: keep TOWRITE tag until folio is cleaned
Published on: 2026-05-11 01:52:01
Link: View Details
Information published.
CVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migration
Published on: 2026-05-11 01:52:11
Link: View Details
Information published.
CVE-2025-39762 drm/amd/display: add null check
Published on: 2026-05-11 01:52:20
Link: View Details
Information published.
CVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliable
Published on: 2026-05-11 01:52:28
Link: View Details
Information published.
CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup
Published on: 2026-05-11 01:52:35
Link: View Details
Information published.
CVE-2025-39789 crypto: x86/aegis - Add missing error checks
Published on: 2026-05-11 01:38:15
Link: View Details
Information published.
CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer
Published on: 2026-05-11 01:38:25
Link: View Details
Information published.
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
Published on: 2026-05-11 01:39:02
Link: View Details
Information published.
CVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog
Published on: 2026-05-11 01:39:11
Link: View Details
Information published.
CVE-2025-38705 drm/amd/pm: fix null pointer access
Published on: 2026-05-11 01:51:09
Link: View Details
Information published.
CVE-2025-38722 habanalabs: fix UAF in export_dmabuf()
Published on: 2026-05-11 01:51:18
Link: View Details
Information published.
CVE-2025-38717 net: kcm: Fix race condition in kcm_unattach()
Published on: 2026-05-11 01:51:27
Link: View Details
Information published.
CVE-2025-39705 drm/amd/display: fix a Null pointer dereference vulnerability
Published on: 2026-05-11 01:51:36
Link: View Details
Information published.
CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal
Published on: 2026-05-11 01:51:44
Link: View Details
Information published.
CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
Published on: 2026-05-11 01:51:53
Link: View Details
Information published.
CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown
Published on: 2026-05-11 01:38:35
Link: View Details
Information published.
CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object
Published on: 2026-05-11 01:38:44
Link: View Details
Information published.
CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart
Published on: 2026-05-11 01:38:52
Link: View Details
Information published.
CVE-2024-58241 Bluetooth: hci_core: Disable works on hci_unregister_dev
Published on: 2026-05-11 01:43:35
Link: View Details
Information published.
CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'
Published on: 2026-05-11 01:39:59
Link: View Details
Information published.
CVE-2024-26757 md: Don't ignore read-only array in md_check_recovery()
Published on: 2026-05-11 01:39:49
Link: View Details
Information published.
CVE-2024-26758 md: Don't ignore suspended array in md_check_recovery()
Published on: 2026-05-11 01:39:40
Link: View Details
Information published.
CVE-2024-26756 md: Don't register sync_thread for reshape directly
Published on: 2026-05-11 01:38:47
Link: View Details
Information published.
CVE-2024-26914 drm/amd/display: fix incorrect mpc_combine array size
Published on: 2026-05-11 01:47:23
Link: View Details
Information published.
CVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi module
Published on: 2026-05-11 01:46:02
Link: View Details
Information published.
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Published on: 2026-05-10 01:02:06
Link: View Details
Information published.
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Published on: 2026-05-10 01:02:38
Link: View Details
Information published.
CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals
Published on: 2026-05-10 01:03:33
Link: View Details
Information published.
CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing
Published on: 2026-05-10 01:01:21
Link: View Details
Information published.
CVE-2026-6665 PgBouncer buffer overflow in SCRAM
Published on: 2026-05-10 01:01:27
Link: View Details
Information published.
CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command
Published on: 2026-05-10 01:01:32
Link: View Details
Information published.
CVE-2026-6666 PgBouncer crash in kill_pool_logins_server_error
Published on: 2026-05-10 01:01:38
Link: View Details
Information published.
CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading
Published on: 2026-05-10 01:01:44
Link: View Details
Information published.
CVE-2026-44656 Vim: OS Command Injection via 'path' completion
Published on: 2026-05-10 01:01:50
Link: View Details
Information published.
CVE-2026-33811 Crash when handling long CNAME response in net
Published on: 2026-05-10 01:01:58
Link: View Details
Information published.
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Published on: 2026-05-10 01:02:14
Link: View Details
Information published.
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Published on: 2026-05-10 01:02:22
Link: View Details
Information published.
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Published on: 2026-05-10 01:02:30
Link: View Details
Information published.
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Published on: 2026-05-10 01:02:46
Link: View Details
Information published.
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Published on: 2026-05-10 01:02:55
Link: View Details
Information published.
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Published on: 2026-05-10 01:03:03
Link: View Details
Information published.
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Published on: 2026-05-10 01:03:11
Link: View Details
Information published.
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Published on: 2026-05-10 01:03:19
Link: View Details
Information published.
CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles
Published on: 2026-05-10 01:03:25
Link: View Details
Information published.
CVE-2026-41526
Published on: 2026-05-09 01:38:59
Link: View Details
Information published.
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
Published on: 2026-05-09 01:39:42
Link: View Details
Information published.
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
Published on: 2026-05-09 01:39:08
Link: View Details
Information published.
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Published on: 2026-05-08 01:42:25
Link: View Details
Information published.
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Published on: 2026-05-08 01:40:39
Link: View Details
Information published.
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
Published on: 2026-05-08 01:42:31
Link: View Details
Information published.
CVE-2026-37457
Published on: 2026-05-08 01:42:40
Link: View Details
Information published.
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Published on: 2026-05-08 01:42:58
Link: View Details
Information published.
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Published on: 2026-05-08 01:43:14
Link: View Details
Information published.
CVE-2026-43245 ntfs: ->d_compare() must not block
Published on: 2026-05-08 01:43:24
Link: View Details
Information published.
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Published on: 2026-05-08 01:43:50
Link: View Details
Information published.
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Published on: 2026-05-08 01:43:55
Link: View Details
Information published.
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Published on: 2026-05-08 01:44:02
Link: View Details
Information published.
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
Published on: 2026-05-08 01:01:40
Link: View Details
Information published.
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Published on: 2026-05-08 01:42:53
Link: View Details
Information published.
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Published on: 2026-05-08 01:43:19
Link: View Details
Information published.
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Published on: 2026-05-08 01:43:38
Link: View Details
Information published.
CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()
Published on: 2026-05-08 01:44:07
Link: View Details
Information published.
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Published on: 2026-05-08 01:44:19
Link: View Details
Information published.
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Published on: 2026-05-08 01:39:12
Link: View Details
Information published.
CVE-2026-43195 drm/amdgpu: validate user queue size constraints
Published on: 2026-05-08 01:39:28
Link: View Details
Information published.
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Published on: 2026-05-08 01:39:44
Link: View Details
Information published.
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Published on: 2026-05-08 01:39:53
Link: View Details
Information published.
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Published on: 2026-05-08 01:39:58
Link: View Details
Information published.
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Published on: 2026-05-08 01:40:04
Link: View Details
Information published.
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification
Published on: 2026-05-08 01:01:18
Link: View Details
Information published.
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
Published on: 2026-05-08 01:01:23
Link: View Details
Information published.
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization
Published on: 2026-05-08 01:01:29
Link: View Details
Information published.
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization
Published on: 2026-05-08 01:01:35
Link: View Details
Information published.
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Published on: 2026-05-08 01:01:46
Link: View Details
Information published.
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Published on: 2026-05-08 01:02:02
Link: View Details
Information published.
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
Published on: 2026-05-08 01:01:51
Link: View Details
Information published.
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger
Published on: 2026-05-08 01:02:08
Link: View Details
Information published.
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution
Published on: 2026-05-08 01:02:14
Link: View Details
Information published.
CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution
Published on: 2026-05-08 01:02:19
Link: View Details
Information published.
CVE-2026-25589 RedisBloom RESTORE invalid memory access may allow remote code execution
Published on: 2026-05-08 01:02:25
Link: View Details
Information published.
CVE-2026-26164 M365 Copilot Information Disclosure Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26129 M365 Copilot Information Disclosure Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Chromium: CVE-2026-8021 Script injection in UI
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8022 Inappropriate implementation in MHTML
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8019 Insufficient policy enforcement in WebApp
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8018 Insufficient policy enforcement in DevTools
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8017 Side-channel information leakage in Media
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8014 Inappropriate implementation in Preload
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8015 Inappropriate implementation in Media
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8016 Use after free in WebRTC
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8013 Insufficient validation of untrusted input in FedCM
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8012 Inappropriate implementation in MHTML
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8011 Insufficient policy enforcement in Search
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8010 Insufficient validation of untrusted input in SiteIsolation
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8009 Inappropriate implementation in Cast
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8008 Inappropriate implementation in DevTools
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8007 Insufficient validation of untrusted input in Cast
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8004 Insufficient policy enforcement in DevTools
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8006 Insufficient policy enforcement in DevTools
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8005 Insufficient validation of untrusted input in Cast
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8002 Use after free in Audio
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8003 Insufficient validation of untrusted input in TabGroups
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8001 Use after free in Printing
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-8000 Insufficient validation of untrusted input in ChromeDriver
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7999 Inappropriate implementation in V8
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7994 Inappropriate implementation in Chromoting
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7997 Insufficient validation of untrusted input in Updater
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7998 Insufficient validation of untrusted input in Dialog
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7995 Out of bounds read in AdFilter
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7996 Insufficient validation of untrusted input in SSL
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7991 Use after free in UI
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7988 Type Confusion in WebRTC
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7990 Insufficient validation of untrusted input in Updater
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7992 Insufficient validation of untrusted input in UI
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7989 Insufficient data validation in DataTransfer
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7987 Use after free in WebRTC
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7982 Uninitialized Use in WebCodecs
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7983 Out of bounds read in Dawn
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7986 Insufficient policy enforcement in Autofill
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7984 Use after free in ReadingMode
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7985 Use after free in GPU
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7981 Out of bounds read in Codecs
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7979 Inappropriate implementation in Media
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7980 Use after free in WebAudio
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7978 Inappropriate implementation in Companion
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7977 Inappropriate implementation in Canvas
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7976 Use after free in Views
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7975 Use after free in DevTools
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7974 Use after free in Blink
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7973 Integer overflow in Dawn
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7972 Uninitialized Use in GPU
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7971 Inappropriate implementation in ORB
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7970 Use after free in TopChrome
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7969 Integer overflow in Network
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7968 Insufficient validation of untrusted input in CORS
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7966 Insufficient validation of untrusted input in SiteIsolation
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7967 Insufficient validation of untrusted input in Navigation
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7965 Insufficient validation of untrusted input in DevTools
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7964 Insufficient validation of untrusted input in FileSystem
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7963 Inappropriate implementation in ServiceWorker
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7962 Insufficient policy enforcement in DirectSockets
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7961 Insufficient validation of untrusted input in Permissions
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7960 Race in Speech
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7959 Inappropriate implementation in Navigation
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7958 Inappropriate implementation in ServiceWorker
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7956 Use after free in Navigation
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7957 Out of bounds write in Media
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7955 Uninitialized Use in GPU
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7954 Race in Shared Storage
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7953 Insufficient validation of untrusted input in Omnibox
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7952 Insufficient policy enforcement in Extensions
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7951 Out of bounds write in WebRTC
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7950 Out of bounds read and write in GFX
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7949 Out of bounds read in Skia
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7947 Insufficient validation of untrusted input in Network
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7946 Insufficient policy enforcement in WebUI
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7948 Race in Chromoting
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7945 Insufficient validation of untrusted input in COOP
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cache
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7943 Insufficient validation of untrusted input in ANGLE
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7942 Integer overflow in ANGLE
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7940 Use after free in V8
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7938 Use after free in CSS
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7939 Inappropriate implementation in SanitizerAPI
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7937 Insufficient policy enforcement in DevTools
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7934 Insufficient validation of untrusted input in Popup Blocker
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7935 Inappropriate implementation in Speech
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7936 Object lifecycle issue in V8
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7933 Out of bounds read in WebCodecs
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7932 Insufficient policy enforcement in Downloads
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7929 Use after free in MediaRecording
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7930 Insufficient validation of untrusted input in Cookies
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7928 Use after free in WebRTC
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7926 Use after free in PresentationAPI
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7927 Type Confusion in Runtime
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7925 Use after free in Chromoting
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7922 Use after free in ServiceWorker
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7924 Uninitialized Use in Dawn
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7921 Use after free in Passwords
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7923 Out of bounds write in Skia
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7920 Use after free in Skia
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7919 Use after free in Aura
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7918 Use after free in GPU
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7916 Insufficient data validation in InterestGroups
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7917 Use after free in Fullscreen
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7914 Type Confusion in Accessibility
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7910 Use after free in Views
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7911 Use after free in Aura
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7909 Inappropriate implementation in ServiceWorker
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7908 Use after free in Fullscreen
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7907 Use after free in DOM
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7906 Use after free in SVG
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7903 Integer overflow in ANGLE
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7904 Out of bounds read in Fonts
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7902 Out of bounds memory access in V8
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7901 Use after free in ANGLE
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7900 Heap buffer overflow in ANGLE
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
CVE-2026-33821 Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
Chromium: CVE-2026-7899 Out of bounds read and write in V8
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7898 Use after free in Chromoting
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
Chromium: CVE-2026-7896 Integer overflow in Blink
Published on: 2026-05-07 07:00:11
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026Â ) for more information.
CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-33111 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-40379 Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32207 Azure Machine Learning Notebook Spoofing Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33823 Microsoft Team Events Portal Information Disclosure Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-34327 Microsoft Partner Center Spoofing Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-35435 Azure AI Foundry Elevation of Privilege Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-42826 Azure DevOps Information Disclosure Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
Published on: 2026-05-07 01:47:56
Link: View Details
Information published.
CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver
Published on: 2026-05-07 01:10:02
Link: View Details
Information published.
CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount
Published on: 2026-05-07 01:03:18
Link: View Details
Information published.
CVE-2026-34318
Published on: 2026-05-07 01:03:34
Link: View Details
Information published.
CVE-2026-34317
Published on: 2026-05-07 01:03:27
Link: View Details
Information published.
CVE-2026-34319
Published on: 2026-05-07 01:03:41
Link: View Details
Information published.
CVE-2026-33845 Gnutls: gnutls: denial of service via dtls zero-length fragment
Published on: 2026-05-07 01:10:44
Link: View Details
Information published.
CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison
Published on: 2026-05-07 01:10:52
Link: View Details
Information published.
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
Published on: 2026-05-07 01:11:00
Link: View Details
Information published.
CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation
Published on: 2026-05-07 01:12:30
Link: View Details
Information published.
CVE-2026-34875
Published on: 2026-05-07 01:12:41
Link: View Details
Information published.
CVE-2026-34874
Published on: 2026-05-07 01:12:47
Link: View Details
Information published.
CVE-2026-34876
Published on: 2026-05-07 01:12:52
Link: View Details
Information published.
CVE-2026-25835
Published on: 2026-05-07 01:12:58
Link: View Details
Information published.
CVE-2025-66442
Published on: 2026-05-07 01:13:04
Link: View Details
Information published.
CVE-2026-34873
Published on: 2026-05-07 01:13:10
Link: View Details
Information published.
CVE-2026-34871
Published on: 2026-05-07 01:13:15
Link: View Details
Information published.
CVE-2026-34872
Published on: 2026-05-07 01:13:21
Link: View Details
Information published.
CVE-2026-25834
Published on: 2026-05-07 01:13:26
Link: View Details
Information published.
CVE-2026-25833
Published on: 2026-05-07 01:13:32
Link: View Details
Information published.
CVE-2026-41082
Published on: 2026-05-07 01:13:38
Link: View Details
Information published.
CVE-2026-33190 CoreDNS TSIG authentication bypass on encrypted DNS transports
Published on: 2026-05-07 01:02:32
Link: View Details
Information published.
CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification
Published on: 2026-05-07 01:02:48
Link: View Details
Information published.
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
Published on: 2026-05-07 01:03:04
Link: View Details
Information published.
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Published on: 2026-05-07 01:03:49
Link: View Details
Information published.
CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload
Published on: 2026-05-07 01:03:58
Link: View Details
Information published.
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Published on: 2026-05-07 01:04:12
Link: View Details
Information published.
CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex
Published on: 2026-05-07 01:04:54
Link: View Details
Information published.
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Published on: 2026-05-07 01:05:01
Link: View Details
Information published.
CVE-2026-43245 ntfs: ->d_compare() must not block
Published on: 2026-05-07 01:05:48
Link: View Details
Information published.
CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference
Published on: 2026-05-07 01:06:02
Link: View Details
Information published.
CVE-2026-43234 team: avoid NETDEV_CHANGEMTU event when unregistering slave
Published on: 2026-05-07 01:06:17
Link: View Details
Information published.
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
Published on: 2026-05-07 01:06:52
Link: View Details
Information published.
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Published on: 2026-05-07 01:06:59
Link: View Details
Information published.
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Published on: 2026-05-07 01:07:17
Link: View Details
Information published.
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Published on: 2026-05-07 01:07:28
Link: View Details
Information published.
CVE-2026-43244 kcm: fix zero-frag skb in frag_list on partial sendmsg error
Published on: 2026-05-07 01:07:39
Link: View Details
Information published.
CVE-2026-43191 drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35
Published on: 2026-05-07 01:07:44
Link: View Details
Information published.
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
Published on: 2026-05-07 01:08:55
Link: View Details
Information published.
CVE-2026-43964
Published on: 2026-05-07 01:12:35
Link: View Details
Information published.
CVE-2026-33489 CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison
Published on: 2026-05-07 01:02:40
Link: View Details
Information published.
CVE-2026-32934 CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service
Published on: 2026-05-07 01:02:56
Link: View Details
Information published.
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function
Published on: 2026-05-07 01:03:11
Link: View Details
Information published.
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Published on: 2026-05-07 01:04:05
Link: View Details
Information published.
CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE
Published on: 2026-05-07 01:04:19
Link: View Details
Information published.
CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams
Published on: 2026-05-07 01:04:27
Link: View Details
Information published.
CVE-2026-43131 drm/amd/pm: Fix null pointer dereference issue
Published on: 2026-05-07 01:04:39
Link: View Details
Information published.
CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints
Published on: 2026-05-07 01:04:46
Link: View Details
Information published.
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Published on: 2026-05-07 01:05:40
Link: View Details
Information published.
CVE-2025-71290 misc: ti_fpc202: fix a potential memory leak in probe function
Published on: 2026-05-07 01:05:55
Link: View Details
Information published.
CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU
Published on: 2026-05-07 01:06:10
Link: View Details
Information published.
CVE-2025-71293 drm/amdgpu/ras: Move ras data alloc before bad page check
Published on: 2026-05-07 01:06:24
Link: View Details
Information published.
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Published on: 2026-05-07 01:06:32
Link: View Details
Information published.
CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels
Published on: 2026-05-07 01:06:39
Link: View Details
Information published.
CVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminated
Published on: 2026-05-07 01:06:45
Link: View Details
Information published.
CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay
Published on: 2026-05-07 01:07:05
Link: View Details
Information published.
CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock
Published on: 2026-05-07 01:07:11
Link: View Details
Information published.
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM
Published on: 2026-05-07 01:07:23
Link: View Details
Information published.
CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()
Published on: 2026-05-07 01:07:34
Link: View Details
Information published.
CVE-2026-43258 alpha: fix user-space corruption during memory compaction
Published on: 2026-05-07 01:07:50
Link: View Details
Information published.
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Published on: 2026-05-07 01:07:55
Link: View Details
Information published.
CVE-2026-43107 xfrm: account XFRMA_IF_ID in aevent size calculation
Published on: 2026-05-07 01:08:01
Link: View Details
Information published.
CVE-2026-43243 drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src
Published on: 2026-05-07 01:08:07
Link: View Details
Information published.
CVE-2025-71294 drm/amdgpu: fix NULL pointer issue buffer funcs
Published on: 2026-05-07 01:08:12
Link: View Details
Information published.
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Published on: 2026-05-07 01:08:18
Link: View Details
Information published.
CVE-2026-43237 drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4
Published on: 2026-05-07 01:08:23
Link: View Details
Information published.
CVE-2026-43201 APEI/GHES: ARM processor Error: don't go past allocated memory
Published on: 2026-05-07 01:08:28
Link: View Details
Information published.
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet
Published on: 2026-05-07 01:08:34
Link: View Details
Information published.
CVE-2026-43165 hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin
Published on: 2026-05-07 01:08:39
Link: View Details
Information published.
CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports
Published on: 2026-05-07 01:08:44
Link: View Details
Information published.
CVE-2026-43195 drm/amdgpu: validate user queue size constraints
Published on: 2026-05-07 01:08:49
Link: View Details
Information published.
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report
Published on: 2026-05-07 01:09:00
Link: View Details
Information published.
CVE-2026-43228 hfs: Replace BUG_ON with error handling for CNID count checks
Published on: 2026-05-07 01:09:06
Link: View Details
Information published.
CVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp()
Published on: 2026-05-07 01:09:11
Link: View Details
Information published.
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Published on: 2026-05-07 01:09:16
Link: View Details
Information published.
CVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon tracking
Published on: 2026-05-07 01:09:22
Link: View Details
Information published.
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Published on: 2026-05-07 01:09:27
Link: View Details
Information published.
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Published on: 2026-05-07 01:09:36
Link: View Details
Information published.
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Published on: 2026-05-07 01:09:41
Link: View Details
Information published.
CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability
Published on: 2026-05-07 01:09:49
Link: View Details
Information published.
CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
Published on: 2026-05-07 01:09:57
Link: View Details
Information published.
CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line
Published on: 2026-05-07 01:11:09
Link: View Details
Information published.
CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset
Published on: 2026-05-07 01:11:17
Link: View Details
Information published.
CVE-2026-34059 Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()
Published on: 2026-05-07 01:11:25
Link: View Details
Information published.
CVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)
Published on: 2026-05-07 01:11:33
Link: View Details
Information published.
CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
Published on: 2026-05-07 01:11:41
Link: View Details
Information published.
CVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack
Published on: 2026-05-07 01:11:49
Link: View Details
Information published.
CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash
Published on: 2026-05-07 01:11:57
Link: View Details
Information published.
CVE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crash
Published on: 2026-05-07 01:12:05
Link: View Details
Information published.
CVE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP response
Published on: 2026-05-07 01:12:14
Link: View Details
Information published.
CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions
Published on: 2026-05-07 01:12:22
Link: View Details
Information published.
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
Published on: 2026-05-06 01:41:49
Link: View Details
Information published.
CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling
Published on: 2026-05-06 01:42:13
Link: View Details
Information published.
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup
Published on: 2026-05-06 01:41:40
Link: View Details
Information published.
CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption
Published on: 2026-05-06 01:42:06
Link: View Details
Information published.
CVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access
Published on: 2026-05-06 01:42:20
Link: View Details
Information published.
CVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
Published on: 2026-05-06 01:01:29
Link: View Details
Information published.
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Published on: 2026-05-06 01:42:35
Link: View Details
Information published.
CVE-2026-43964
Published on: 2026-05-06 01:01:23
Link: View Details
Information published.
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
Published on: 2026-05-05 01:40:31
Link: View Details
Information published.
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
Published on: 2026-05-05 01:41:44
Link: View Details
Information published.
CVE-2026-35469 SpdyStream: DOS on CRI
Published on: 2026-05-05 01:02:50
Link: View Details
Information published.
CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions
Published on: 2026-05-05 01:02:55
Link: View Details
Information published.
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Published on: 2026-05-05 01:42:03
Link: View Details
Information published.
CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place
Published on: 2026-05-05 01:03:40
Link: View Details
Information published.
CVE-2026-42798
Published on: 2026-05-05 01:03:12
Link: View Details
Information published.
CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow
Published on: 2026-05-05 01:03:34
Link: View Details
Information published.
CVE-2026-37457
Published on: 2026-05-05 01:03:04
Link: View Details
Information published.
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Published on: 2026-05-05 01:03:22
Link: View Details
Information published.
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
Published on: 2026-05-05 01:41:55
Link: View Details
Information published.
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion
Published on: 2026-05-03 01:03:05
Link: View Details
Information published.
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
Published on: 2026-05-03 01:02:16
Link: View Details
Information published.
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Published on: 2026-05-03 01:03:24
Link: View Details
Information published.
CVE-2026-37555
Published on: 2026-05-03 01:01:33
Link: View Details
Information published.
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Published on: 2026-05-03 01:02:43
Link: View Details
Information published.
CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place
Published on: 2026-05-03 01:01:37
Link: View Details
Information published.
CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file
Published on: 2026-05-03 01:01:52
Link: View Details
Information published.
CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing
Published on: 2026-05-03 01:02:05
Link: View Details
Information published.
CVE-2026-30656
Published on: 2026-05-03 01:02:35
Link: View Details
Information published.
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
Published on: 2026-05-03 01:02:51
Link: View Details
Information published.
CVE-2017-20230 Storable versions before 3.05 for Perl has a stack overflow
Published on: 2026-05-03 01:03:00
Link: View Details
Information published.
CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass
Published on: 2026-05-03 01:03:30
Link: View Details
Information published.
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
Published on: 2026-05-03 01:02:26
Link: View Details
Information published.
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Published on: 2026-05-03 01:01:24
Link: View Details
Information published.
CVE-2026-43058 media: vidtv: fix pass-by-value structs causing MSAN warnings
Published on: 2026-05-03 01:01:44
Link: View Details
Information published.
CVE-2026-41080
Published on: 2026-05-02 01:38:30
Link: View Details
Information published.
CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page
Published on: 2026-05-02 01:41:29
Link: View Details
Information published.
CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write
Published on: 2026-05-02 01:41:49
Link: View Details
Information published.
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()
Published on: 2026-05-02 01:42:00
Link: View Details
Information published.
CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions
Published on: 2026-05-02 01:01:30
Link: View Details
Information published.
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
Published on: 2026-05-02 01:01:24
Link: View Details
Information published.
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
Published on: 2026-05-01 01:39:25
Link: View Details
Information published.
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization
Published on: 2026-05-01 01:39:32
Link: View Details
Information published.
CVE-2026-41080
Published on: 2026-05-01 01:03:04
Link: View Details
Information published.
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use
Published on: 2026-05-01 01:02:19
Link: View Details
Information published.
CVE-2026-31605 fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
Published on: 2026-05-01 01:02:14
Link: View Details
Information published.
CVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections
Published on: 2026-05-01 01:01:58
Link: View Details
Information published.
CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page
Published on: 2026-05-01 01:02:03
Link: View Details
Information published.
CVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc
Published on: 2026-05-01 01:02:34
Link: View Details
Information published.
CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write
Published on: 2026-05-01 01:01:53
Link: View Details
Information published.
CVE-2026-31603 staging: sm750fb: fix division by zero in ps_to_hz()
Published on: 2026-05-01 01:02:09
Link: View Details
Information published.
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()
Published on: 2026-05-01 01:02:24
Link: View Details
Information published.
CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]
Published on: 2026-05-01 01:02:40
Link: View Details
Information published.
CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()
Published on: 2026-05-01 01:02:45
Link: View Details
Information published.
CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
Published on: 2026-05-01 01:01:47
Link: View Details
Information published.
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Published on: 2026-05-01 01:04:44
Link: View Details
Information published.
CVE-2026-41607 Apache Thrift: C++ JSON OOB read
Published on: 2026-05-01 01:04:23
Link: View Details
Information published.
CVE-2026-41636 Apache Thrift: Node.js skip() recursion
Published on: 2026-05-01 01:04:09
Link: View Details
Information published.
CVE-2026-31533 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
Published on: 2026-05-01 01:01:32
Link: View Details
Information published.
CVE-2026-41526
Published on: 2026-05-01 01:03:38
Link: View Details
Information published.
CVE-2026-40356
Published on: 2026-05-01 01:03:54
Link: View Details
Information published.
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
Published on: 2026-05-01 01:04:55
Link: View Details
Information published.
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Published on: 2026-05-01 01:39:24
Link: View Details
Information published.
CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()
Published on: 2026-05-01 01:01:37
Link: View Details
Information published.
CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend
Published on: 2026-05-01 01:01:42
Link: View Details
Information published.
CVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()
Published on: 2026-05-01 01:02:29
Link: View Details
Information published.
CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field
Published on: 2026-05-01 01:01:23
Link: View Details
Information published.
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.
Published on: 2026-05-01 01:04:14
Link: View Details
Information published.
CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow
Published on: 2026-05-01 01:03:27
Link: View Details
Information published.
CVE-2026-41604 Apache Thrift: Swift Range crash in skip()
Published on: 2026-05-01 01:04:03
Link: View Details
Information published.
CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow
Published on: 2026-05-01 01:04:28
Link: View Details
Information published.
CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow
Published on: 2026-05-01 01:03:58
Link: View Details
Information published.
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns
Published on: 2026-05-01 01:02:51
Link: View Details
Information published.
CVE-2026-40355
Published on: 2026-05-01 01:03:46
Link: View Details
Information published.
CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds
Published on: 2026-05-01 01:38:14
Link: View Details
Information published.
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Published on: 2026-05-01 01:38:46
Link: View Details
Information published.
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Published on: 2026-05-01 01:38:33
Link: View Details
Information published.
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Published on: 2026-05-01 01:38:53
Link: View Details
Information published.
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Published on: 2026-05-01 01:39:01
Link: View Details
Information published.
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Published on: 2026-05-01 01:39:09
Link: View Details
Information published.
Chromium: CVE-2026-7343 Use after free in Views
Published on: 2026-05-01 00:15:50
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7363 Use after free in Canvas
Published on: 2026-05-01 00:15:45
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7359 Use after free in ANGLE
Published on: 2026-05-01 00:15:53
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7333 Use after free in GPU
Published on: 2026-05-01 00:15:51
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7360 Insufficient validation of untrusted input in Compositing
Published on: 2026-05-01 00:15:52
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7344 Use after free in Accessibility
Published on: 2026-05-01 00:15:49
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7358 Use after free in Animation
Published on: 2026-05-01 00:15:54
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7334 Use after free in Views
Published on: 2026-05-01 00:15:55
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7357 Use after free in GPU
Published on: 2026-05-01 00:15:56
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7356 Use after free in Navigation
Published on: 2026-05-01 00:15:57
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7353 Heap buffer overflow in Skia
Published on: 2026-05-01 00:15:59
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7351 Race in MHTML
Published on: 2026-05-01 00:16:00
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7354 Out of bounds read and write in Angle
Published on: 2026-05-01 00:15:58
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7349 Use after free in Cast
Published on: 2026-05-01 00:16:02
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7348 Use after free in Codecs
Published on: 2026-05-01 00:16:03
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7335 Use after free in media
Published on: 2026-05-01 00:16:04
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7336 Use after free in WebRTC
Published on: 2026-05-01 00:16:05
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7350 Use after free in WebMIDI
Published on: 2026-05-01 00:16:01
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7345 Insufficient validation of untrusted input in Feedback
Published on: 2026-05-01 00:16:09
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7347 Use after free in Chromoting
Published on: 2026-05-01 00:16:07
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7346 Inappropriate implementation in Tint
Published on: 2026-05-01 00:16:08
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7337 Type Confusion in V8
Published on: 2026-05-01 00:16:06
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7338 Use after free in Cast
Published on: 2026-05-01 00:16:10
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7341 Use after free in WebRTC
Published on: 2026-05-01 00:16:11
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7340 Integer overflow in ANGLE
Published on: 2026-05-01 00:16:13
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7339 Heap buffer overflow in WebRTC
Published on: 2026-05-01 00:16:12
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-7355 Use after free in Media
Published on: 2026-05-01 00:16:14
Link: View Details
This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability
Published on: 2026-04-30 07:00:00
Link: View Details
Added FAQ information. This is an informational change only.
CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP
Published on: 2026-04-30 01:45:58
Link: View Details
Information published.
CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
Published on: 2026-04-30 01:48:36
Link: View Details
Information published.
CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking
Published on: 2026-04-30 01:55:30
Link: View Details
Information published.
CVE-2026-21620 TFTP Path Traversal
Published on: 2026-04-30 01:39:45
Link: View Details
Information published.
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve
Published on: 2026-04-30 01:12:05
Link: View Details
Information published.
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference
Published on: 2026-04-30 01:52:39
Link: View Details
Information published.
CVE-2022-2068 The c_rehash script allows command injection
Published on: 2026-04-30 01:47:30
Link: View Details
Information published.
CVE-2019-1543 ChaCha20-Poly1305 with long nonces
Published on: 2026-04-30 01:54:24
Link: View Details
Information published.
CVE-2019-1551 rsaz_512_sqr overflow bug on x86_64
Published on: 2026-04-30 01:53:50
Link: View Details
Information published.
CVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_free
Published on: 2026-04-30 01:42:30
Link: View Details
Information published.
CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly
Published on: 2026-04-30 01:46:36
Link: View Details
Information published.
CVE-2017-3736
Published on: 2026-04-30 01:52:04
Link: View Details
Information published.
CVE-2018-0734 Timing attack against DSA
Published on: 2026-04-30 01:52:46
Link: View Details
Information published.
CVE-2018-0735 Timing attack against ECDSA signature generation
Published on: 2026-04-30 01:52:26
Link: View Details
Information published.
CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash
Published on: 2026-04-30 01:43:29
Link: View Details
Information published.
CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed
Published on: 2026-04-30 01:45:01
Link: View Details
Information published.
CVE-2019-1547 ECDSA remote timing attack
Published on: 2026-04-30 01:54:38
Link: View Details
Information published.
CVE-2019-1549 Fork Protection
Published on: 2026-04-30 01:50:47
Link: View Details
Information published.
CVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
Published on: 2026-04-30 01:54:07
Link: View Details
Information published.
CVE-2024-41932 sched: fix warning in sched_setaffinity
Published on: 2026-04-30 01:45:27
Link: View Details
Information published.
CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)
Published on: 2026-04-30 01:49:24
Link: View Details
Information published.
CVE-2026-31410 ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION
Published on: 2026-04-30 01:48:55
Link: View Details
Information published.
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Published on: 2026-04-30 01:53:04
Link: View Details
Information published.
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Published on: 2026-04-30 01:49:59
Link: View Details
Information published.
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Published on: 2026-04-30 01:50:39
Link: View Details
Information published.
CVE-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
Published on: 2026-04-30 01:53:12
Link: View Details
Information published.
CVE-2026-5448 1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore
Published on: 2026-04-30 01:41:04
Link: View Details
Information published.
CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.
Published on: 2026-04-30 01:54:33
Link: View Details
Information published.
CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3
Published on: 2026-04-30 01:39:29
Link: View Details
Information published.
CVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse
Published on: 2026-04-30 01:39:49
Link: View Details
Information published.
CVE-2026-31476 ksmbd: do not expire session on binding failure
Published on: 2026-04-30 01:53:14
Link: View Details
Information published.
CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()
Published on: 2026-04-30 01:44:02
Link: View Details
Information published.
CVE-2026-31432 ksmbd: fix OOB write in QUERY_INFO for compound requests
Published on: 2026-04-30 01:45:19
Link: View Details
Information published.
CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports
Published on: 2026-04-30 01:45:07
Link: View Details
Information published.
CVE-2026-31495 netfilter: ctnetlink: use netlink policy range checks
Published on: 2026-04-30 01:10:44
Link: View Details
Information published.
CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()
Published on: 2026-04-30 01:46:51
Link: View Details
Information published.
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()
Published on: 2026-04-30 01:47:15
Link: View Details
Information published.
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
Published on: 2026-04-30 01:47:35
Link: View Details
Information published.
CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
Published on: 2026-04-30 01:48:21
Link: View Details
Information published.
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Published on: 2026-04-30 01:13:35
Link: View Details
Information published.
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds
Published on: 2026-04-30 01:13:42
Link: View Details
Information published.
CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()
Published on: 2026-04-30 01:49:48
Link: View Details
Information published.
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Published on: 2026-04-30 01:14:00
Link: View Details
Information published.
CVE-2026-41988
Published on: 2026-04-30 01:50:14
Link: View Details
Information published.
CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup
Published on: 2026-04-30 01:11:00
Link: View Details
Information published.
CVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION
Published on: 2026-04-30 01:02:21
Link: View Details
Information published.
CVE-2026-31618 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
Published on: 2026-04-30 01:02:36
Link: View Details
Information published.
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
Published on: 2026-04-30 01:51:31
Link: View Details
Information published.
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift
Published on: 2026-04-30 01:04:22
Link: View Details
Information published.
CVE-2026-23422 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler
Published on: 2026-04-30 01:45:46
Link: View Details
Information published.
CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
Published on: 2026-04-30 01:52:23
Link: View Details
Information published.
CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers
Published on: 2026-04-30 01:05:21
Link: View Details
Information published.
CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits
Published on: 2026-04-30 01:38:55
Link: View Details
Information published.
CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
Published on: 2026-04-30 01:48:29
Link: View Details
Information published.
CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap
Published on: 2026-04-30 01:49:10
Link: View Details
Information published.
CVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crash
Published on: 2026-04-30 01:40:36
Link: View Details
Information published.
CVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check
Published on: 2026-04-30 01:50:12
Link: View Details
Information published.
CVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checks
Published on: 2026-04-30 01:41:34
Link: View Details
Information published.
CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established
Published on: 2026-04-30 01:42:17
Link: View Details
Information published.
CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
Published on: 2026-04-30 01:43:12
Link: View Details
Information published.
CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
Published on: 2026-04-30 01:09:52
Link: View Details
Information published.
CVE-2026-31622 NFC: digital: Bounds check NFC-A cascade depth in SDD response handler
Published on: 2026-04-30 01:10:24
Link: View Details
Information published.
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Published on: 2026-04-30 01:10:40
Link: View Details
Information published.
CVE-2026-31686 mm/kasan: fix double free for kasan pXds
Published on: 2026-04-30 01:53:06
Link: View Details
Information published.
CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer
Published on: 2026-04-30 01:55:17
Link: View Details
Information published.
CVE-2026-31545 NFC: nxp-nci: allow GPIOs to sleep
Published on: 2026-04-30 01:10:09
Link: View Details
Information published.
CVE-2026-31546 net: bonding: fix NULL deref in bond_debug_rlb_hash_show
Published on: 2026-04-30 01:10:18
Link: View Details
Information published.
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Published on: 2026-04-30 01:10:45
Link: View Details
Information published.
CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification
Published on: 2026-04-30 01:11:14
Link: View Details
Information published.
CVE-2026-41607 Apache Thrift: C++ JSON OOB read
Published on: 2026-04-30 01:11:49
Link: View Details
Information published.
CVE-2026-41636 Apache Thrift: Node.js skip() recursion
Published on: 2026-04-30 01:11:57
Link: View Details
Information published.
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Published on: 2026-04-30 01:51:05
Link: View Details
Information published.
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Published on: 2026-04-30 01:52:51
Link: View Details
Information published.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Published on: 2026-04-30 01:52:26
Link: View Details
Information published.
CVE-2026-32281 Inefficient policy validation in crypto/x509
Published on: 2026-04-30 01:51:24
Link: View Details
Information published.
CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template
Published on: 2026-04-30 01:51:54
Link: View Details
Information published.
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
Published on: 2026-04-30 01:52:10
Link: View Details
Information published.
CVE-2026-34477 Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass
Published on: 2026-04-30 01:53:25
Link: View Details
Information published.
CVE-2026-31420 bridge: mrp: reject zero test interval to avoid OOM panic
Published on: 2026-04-30 01:53:33
Link: View Details
Information published.
CVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS
Published on: 2026-04-30 01:53:42
Link: View Details
Information published.
CVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext Recovery
Published on: 2026-04-30 01:53:50
Link: View Details
Information published.
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer
Published on: 2026-04-30 01:53:59
Link: View Details
Information published.
CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName
Published on: 2026-04-30 01:54:08
Link: View Details
Information published.
CVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OID
Published on: 2026-04-30 01:54:16
Link: View Details
Information published.
CVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSL
Published on: 2026-04-30 01:54:25
Link: View Details
Information published.
CVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier
Published on: 2026-04-30 01:38:49
Link: View Details
Information published.
CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation
Published on: 2026-04-30 01:39:09
Link: View Details
Information published.
CVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streaming
Published on: 2026-04-30 01:41:19
Link: View Details
Information published.
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Published on: 2026-04-30 01:40:12
Link: View Details
Information published.
CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
Published on: 2026-04-30 01:40:26
Link: View Details
Information published.
CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters
Published on: 2026-04-30 01:40:38
Link: View Details
Information published.
CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
Published on: 2026-04-30 01:40:51
Link: View Details
Information published.
CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head
Published on: 2026-04-30 01:41:58
Link: View Details
Information published.
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Published on: 2026-04-30 01:49:55
Link: View Details
Information published.
CVE-2026-31524 HID: asus: avoid memory leak in asus_report_fixup()
Published on: 2026-04-30 01:04:37
Link: View Details
Information published.
CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex
Published on: 2026-04-30 01:04:52
Link: View Details
Information published.
CVE-2026-31487 spi: use generic driver_override infrastructure
Published on: 2026-04-30 01:05:08
Link: View Details
Information published.
CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc
Published on: 2026-04-30 01:05:23
Link: View Details
Information published.
CVE-2026-31515 af_key: validate families in pfkey_send_migrate()
Published on: 2026-04-30 01:05:39
Link: View Details
Information published.
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
Published on: 2026-04-30 01:06:15
Link: View Details
Information published.
CVE-2026-31527 driver core: platform: use generic driver_override infrastructure
Published on: 2026-04-30 01:43:00
Link: View Details
Information published.
CVE-2026-31504 net: fix fanout UAF in packet_release() via NETDEV_UP race
Published on: 2026-04-30 01:07:11
Link: View Details
Information published.
CVE-2026-31523 nvme-pci: ensure we're polling a polled queue
Published on: 2026-04-30 01:07:37
Link: View Details
Information published.
CVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indices
Published on: 2026-04-30 01:07:53
Link: View Details
Information published.
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path
Published on: 2026-04-30 01:08:29
Link: View Details
Information published.
CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb
Published on: 2026-04-30 01:08:58
Link: View Details
Information published.
CVE-2026-31482 s390/entry: Scrub r12 register on kernel entry
Published on: 2026-04-30 01:44:39
Link: View Details
Information published.
CVE-2026-31518 esp: fix skb leak with espintcp and async crypto
Published on: 2026-04-30 01:09:33
Link: View Details
Information published.
CVE-2026-31519 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create
Published on: 2026-04-30 01:10:13
Link: View Details
Information published.
CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests
Published on: 2026-04-30 01:45:42
Link: View Details
Information published.
CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)
Published on: 2026-04-30 01:10:31
Link: View Details
Information published.
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
Published on: 2026-04-30 01:10:57
Link: View Details
Information published.
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
Published on: 2026-04-30 01:11:14
Link: View Details
Information published.
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
Published on: 2026-04-30 01:11:31
Link: View Details
Information published.
CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
Published on: 2026-04-30 01:11:54
Link: View Details
Information published.
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Published on: 2026-04-30 01:46:36
Link: View Details
Information published.
CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device
Published on: 2026-04-30 01:12:16
Link: View Details
Information published.
CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2
Published on: 2026-04-30 01:12:38
Link: View Details
Information published.
CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop
Published on: 2026-04-30 01:47:57
Link: View Details
Information published.
CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it
Published on: 2026-04-30 01:48:09
Link: View Details
Information published.
CVE-2026-31494 net: macb: use the current queue number for stats
Published on: 2026-04-30 01:13:23
Link: View Details
Information published.
CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input
Published on: 2026-04-30 01:49:27
Link: View Details
Information published.
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
Published on: 2026-04-30 01:49:37
Link: View Details
Information published.
CVE-2026-23428 ksmbd: fix use-after-free of share_conf in compound request
Published on: 2026-04-30 01:50:21
Link: View Details
Information published.
CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable
Published on: 2026-04-30 01:50:35
Link: View Details
Information published.
CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()
Published on: 2026-04-30 01:01:48
Link: View Details
Information published.
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Published on: 2026-04-30 01:02:50
Link: View Details
Information published.
CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()
Published on: 2026-04-30 01:51:24
Link: View Details
Information published.
CVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnect
Published on: 2026-04-30 01:52:14
Link: View Details
Information published.
CVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failure
Published on: 2026-04-30 01:11:25
Link: View Details
Information published.
CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
Published on: 2026-04-30 01:07:06
Link: View Details
Information published.
CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length
Published on: 2026-04-30 01:49:43
Link: View Details
Information published.
CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()
Published on: 2026-04-30 01:40:49
Link: View Details
Information published.
CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect
Published on: 2026-04-30 01:42:36
Link: View Details
Information published.
CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values
Published on: 2026-04-30 01:09:31
Link: View Details
Information published.
CVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
Published on: 2026-04-30 01:52:52
Link: View Details
Information published.
CVE-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes
Published on: 2026-04-30 01:52:58
Link: View Details
Information published.
CVE-2026-31584 media: mediatek: vcodec: fix use-after-free in encoder release path
Published on: 2026-04-30 01:53:23
Link: View Details
Information published.
CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path
Published on: 2026-04-30 01:09:35
Link: View Details
Information published.
CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers
Published on: 2026-04-30 01:54:45
Link: View Details
Information published.
CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document
Published on: 2026-04-30 01:54:53
Link: View Details
Information published.
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters
Published on: 2026-04-30 01:55:25
Link: View Details
Information published.
CVE-2026-31508 net: openvswitch: Avoid releasing netdev before teardown completes
Published on: 2026-04-30 01:09:52
Link: View Details
Information published.
CVE-2026-31540 drm/i915/gt: Check set_default_submission() before deferencing
Published on: 2026-04-30 01:10:00
Link: View Details
Information published.
CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field
Published on: 2026-04-30 01:10:27
Link: View Details
Information published.
CVE-2026-31499 Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()
Published on: 2026-04-30 01:10:36
Link: View Details
Information published.
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.
Published on: 2026-04-30 01:10:55
Link: View Details
Information published.
CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow
Published on: 2026-04-30 01:11:04
Link: View Details
Information published.
CVE-2026-41604 Apache Thrift: Swift Range crash in skip()
Published on: 2026-04-30 01:11:22
Link: View Details
Information published.
CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow
Published on: 2026-04-30 01:11:30
Link: View Details
Information published.
CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow
Published on: 2026-04-30 01:11:39
Link: View Details
Information published.
CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly
Published on: 2026-04-30 01:48:20
Link: View Details
Information published.
CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio
Published on: 2026-04-30 01:43:51
Link: View Details
Information published.
CVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path
Published on: 2026-04-30 01:42:44
Link: View Details
Information published.
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path
Published on: 2026-04-30 01:43:05
Link: View Details
Information published.
CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior
Published on: 2026-04-30 01:45:14
Link: View Details
Information published.
CVE-2025-66037 OpenSC: Out of Bounds vulnerability
Published on: 2026-04-30 01:47:31
Link: View Details
Information published.
CVE-2025-69648
Published on: 2026-04-30 01:40:27
Link: View Details
Information published.
CVE-2026-32776
Published on: 2026-04-30 01:40:44
Link: View Details
Information published.
CVE-2026-32778
Published on: 2026-04-30 01:41:23
Link: View Details
Information published.
CVE-2026-32777
Published on: 2026-04-30 01:41:00
Link: View Details
Information published.
CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read
Published on: 2026-04-30 01:43:47
Link: View Details
Information published.
CVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V
Published on: 2026-04-30 01:43:33
Link: View Details
Information published.
CVE-2026-3229 Integer Overflow in Certificate Chain Allocation
Published on: 2026-04-30 01:43:19
Link: View Details
Information published.
CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown
Published on: 2026-04-30 01:44:55
Link: View Details
Information published.
CVE-2026-23364 ksmbd: Compare MACs in constant time
Published on: 2026-04-30 01:44:42
Link: View Details
Information published.
CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion
Published on: 2026-04-30 01:45:27
Link: View Details
Information published.
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers
Published on: 2026-04-30 01:45:45
Link: View Details
Information published.
CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection
Published on: 2026-04-30 01:46:08
Link: View Details
Information published.
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Published on: 2026-04-30 01:46:54
Link: View Details
Information published.
CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur
Published on: 2026-04-30 01:47:48
Link: View Details
Information published.
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Published on: 2026-04-30 01:47:08
Link: View Details
Information published.
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
Published on: 2026-04-30 01:46:20
Link: View Details
Information published.
CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters
Published on: 2026-04-30 01:48:01
Link: View Details
Information published.
CVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer names
Published on: 2026-04-30 01:48:15
Link: View Details
Information published.
CVE-2017-3731 Truncated packet could crash via OOB read
Published on: 2026-04-30 01:51:04
Link: View Details
Information published.
CVE-2026-21246 Windows Graphics Component Elevation of Privilege Vulnerability
Published on: 2026-04-29 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-22701 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock
Published on: 2026-04-29 01:43:24
Link: View Details
Information published.
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
Published on: 2026-04-29 01:11:05
Link: View Details
Information published.
CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking
Published on: 2026-04-29 01:11:00
Link: View Details
Information published.
CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure
Published on: 2026-04-29 01:42:41
Link: View Details
Information published.
CVE-2022-2068 The c_rehash script allows command injection
Published on: 2026-04-29 01:08:17
Link: View Details
Information published.
CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation
Published on: 2026-04-29 01:43:13
Link: View Details
Information published.
CVE-2017-3735
Published on: 2026-04-29 01:41:30
Link: View Details
Information published.
CVE-2017-3736
Published on: 2026-04-29 01:43:24
Link: View Details
Information published.
CVE-2018-0734 Timing attack against DSA
Published on: 2026-04-29 01:44:28
Link: View Details
Information published.
CVE-2018-0735 Timing attack against ECDSA signature generation
Published on: 2026-04-29 01:43:55
Link: View Details
Information published.
CVE-2019-1547 ECDSA remote timing attack
Published on: 2026-04-29 01:09:27
Link: View Details
Information published.
CVE-2019-1549 Fork Protection
Published on: 2026-04-29 01:40:58
Link: View Details
Information published.
CVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
Published on: 2026-04-29 01:08:42
Link: View Details
Information published.
CVE-2026-34591 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write
Published on: 2026-04-29 01:47:49
Link: View Details
Information published.
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Published on: 2026-04-29 01:10:54
Link: View Details
Information published.
CVE-2026-31476 ksmbd: do not expire session on binding failure
Published on: 2026-04-29 01:01:47
Link: View Details
Information published.
CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()
Published on: 2026-04-29 01:01:53
Link: View Details
Information published.
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
Published on: 2026-04-29 01:02:03
Link: View Details
Information published.
CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup
Published on: 2026-04-29 01:47:36
Link: View Details
Information published.
CVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users
Published on: 2026-04-29 01:01:20
Link: View Details
Information published.
CVE-2026-31557 nvmet: move async event work off nvmet-wq
Published on: 2026-04-29 01:39:58
Link: View Details
Information published.
CVE-2026-31667 Input: uinput - fix circular locking dependency with ff-core
Published on: 2026-04-29 01:40:29
Link: View Details
Information published.
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
Published on: 2026-04-29 01:41:05
Link: View Details
Information published.
CVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytes
Published on: 2026-04-29 01:05:26
Link: View Details
Information published.
CVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
Published on: 2026-04-29 01:41:43
Link: View Details
Information published.
CVE-2026-31637 rxrpc: reject undecryptable rxkad response tickets
Published on: 2026-04-29 01:41:56
Link: View Details
Information published.
CVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()
Published on: 2026-04-29 01:42:06
Link: View Details
Information published.
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift
Published on: 2026-04-29 01:42:15
Link: View Details
Information published.
CVE-2026-31651 mmc: vub300: fix NULL-deref on disconnect
Published on: 2026-04-29 01:05:01
Link: View Details
Information published.
CVE-2026-31672 wifi: rt2x00usb: fix devres lifetime
Published on: 2026-04-29 01:06:26
Link: View Details
Information published.
CVE-2026-31565 RDMA/irdma: Fix deadlock during netdev reset with active connections
Published on: 2026-04-29 01:02:52
Link: View Details
Information published.
CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
Published on: 2026-04-29 01:42:44
Link: View Details
Information published.
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
Published on: 2026-04-29 01:42:52
Link: View Details
Information published.
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
Published on: 2026-04-29 01:06:42
Link: View Details
Information published.
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames
Published on: 2026-04-29 01:39:36
Link: View Details
Information published.
CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits
Published on: 2026-04-29 01:43:36
Link: View Details
Information published.
CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]
Published on: 2026-04-29 01:43:49
Link: View Details
Information published.
CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT
Published on: 2026-04-29 01:40:02
Link: View Details
Information published.
CVE-2026-31627 i2c: s3c24xx: check the size of the SMBUS message before using it
Published on: 2026-04-29 01:44:07
Link: View Details
Information published.
CVE-2026-31671 xfrm_user: fix info leak in build_report()
Published on: 2026-04-29 01:06:21
Link: View Details
Information published.
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction
Published on: 2026-04-29 01:02:47
Link: View Details
Information published.
CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()
Published on: 2026-04-29 01:44:43
Link: View Details
Information published.
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory
Published on: 2026-04-29 01:02:57
Link: View Details
Information published.
CVE-2026-31587 ASoC: qcom: q6apm: move component registration to unmanaged version
Published on: 2026-04-29 01:44:56
Link: View Details
Information published.
CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation
Published on: 2026-04-29 01:03:13
Link: View Details
Information published.
CVE-2026-31662 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
Published on: 2026-04-29 01:45:03
Link: View Details
Information published.
CVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crash
Published on: 2026-04-29 01:03:39
Link: View Details
Information published.
CVE-2026-31657 batman-adv: hold claim backbone gateways by reference
Published on: 2026-04-29 01:45:20
Link: View Details
Information published.
CVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checks
Published on: 2026-04-29 01:45:33
Link: View Details
Information published.
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
Published on: 2026-04-29 01:03:34
Link: View Details
Information published.
CVE-2026-31628 x86/CPU: Fix FPDSS on Zen1
Published on: 2026-04-29 01:45:49
Link: View Details
Information published.
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output
Published on: 2026-04-29 01:45:40
Link: View Details
Information published.
CVE-2026-31649 net: stmmac: fix integer underflow in chain mode
Published on: 2026-04-29 01:46:14
Link: View Details
Information published.
CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established
Published on: 2026-04-29 01:45:59
Link: View Details
Information published.
CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
Published on: 2026-04-29 01:46:28
Link: View Details
Information published.
CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
Published on: 2026-04-29 01:46:39
Link: View Details
Information published.
CVE-2026-31578 media: as102: fix to not free memory after the device is registered in as102_usb_probe()
Published on: 2026-04-29 01:46:46
Link: View Details
Information published.
CVE-2026-31682 bridge: br_nd_send: linearize skb before parsing ND options
Published on: 2026-04-29 01:42:04
Link: View Details
Information published.
CVE-2026-31659 batman-adv: reject oversized global TT response buffers
Published on: 2026-04-29 01:05:21
Link: View Details
Information published.
CVE-2026-31625 HID: alps: fix NULL pointer dereference in alps_raw_event()
Published on: 2026-04-29 01:04:09
Link: View Details
Information published.
CVE-2026-31679 openvswitch: validate MPLS set/set_masked payload length
Published on: 2026-04-29 01:42:22
Link: View Details
Information published.
CVE-2026-31674 netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()
Published on: 2026-04-29 01:42:14
Link: View Details
Information published.
CVE-2026-31664 xfrm: clear trailing padding in build_polexpire()
Published on: 2026-04-29 01:05:50
Link: View Details
Information published.
CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
Published on: 2026-04-29 01:47:10
Link: View Details
Information published.
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Published on: 2026-04-29 01:47:18
Link: View Details
Information published.
CVE-2026-31656 drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
Published on: 2026-04-29 01:05:06
Link: View Details
Information published.
CVE-2026-31686 mm/kasan: fix double free for kasan pXds
Published on: 2026-04-29 01:01:32
Link: View Details
Information published.
CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer
Published on: 2026-04-29 01:10:17
Link: View Details
Information published.
CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling
Published on: 2026-04-29 01:11:14
Link: View Details
Information published.
CVE-2026-23406 apparmor: fix side-effect bug in match_char() macro usage
Published on: 2026-04-29 01:38:51
Link: View Details
Information published.
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Published on: 2026-04-29 01:38:49
Link: View Details
Information published.
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Published on: 2026-04-29 01:39:29
Link: View Details
Information published.
CVE-2026-41254
Published on: 2026-04-29 01:41:27
Link: View Details
Information published.
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Published on: 2026-04-29 01:01:58
Link: View Details
Information published.
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
Published on: 2026-04-29 01:01:42
Link: View Details
Information published.
CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable
Published on: 2026-04-29 01:10:21
Link: View Details
Information published.
CVE-2026-31555 futex: Clear stale exiting pointer in futex_lock_pi() retry path
Published on: 2026-04-29 01:40:07
Link: View Details
Information published.
CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()
Published on: 2026-04-29 01:40:20
Link: View Details
Information published.
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Published on: 2026-04-29 01:40:48
Link: View Details
Information published.
CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()
Published on: 2026-04-29 01:40:57
Link: View Details
Information published.
CVE-2026-31638 rxrpc: Only put the call ref if one was acquired
Published on: 2026-04-29 01:41:15
Link: View Details
Information published.
CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag
Published on: 2026-04-29 01:03:08
Link: View Details
Information published.
CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend
Published on: 2026-04-29 01:41:30
Link: View Details
Information published.
CVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnect
Published on: 2026-04-29 01:42:35
Link: View Details
Information published.
CVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map
Published on: 2026-04-29 01:03:23
Link: View Details
Information published.
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
Published on: 2026-04-29 01:39:21
Link: View Details
Information published.
CVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroy
Published on: 2026-04-29 01:43:08
Link: View Details
Information published.
CVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being created
Published on: 2026-04-29 01:06:16
Link: View Details
Information published.
CVE-2026-31642 rxrpc: Fix call removal to use RCU safe deletion
Published on: 2026-04-29 01:43:58
Link: View Details
Information published.
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response
Published on: 2026-04-29 01:44:24
Link: View Details
Information published.
CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
Published on: 2026-04-29 01:44:36
Link: View Details
Information published.
CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length
Published on: 2026-04-29 01:40:33
Link: View Details
Information published.
CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()
Published on: 2026-04-29 01:45:13
Link: View Details
Information published.
CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel
Published on: 2026-04-29 01:06:06
Link: View Details
Information published.
CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect
Published on: 2026-04-29 01:46:07
Link: View Details
Information published.
CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values
Published on: 2026-04-29 01:46:21
Link: View Details
Information published.
CVE-2026-31675 net/sched: sch_netem: fix out-of-bounds access in packet corruption
Published on: 2026-04-29 01:41:43
Link: View Details
Information published.
CVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring()
Published on: 2026-04-29 01:04:40
Link: View Details
Information published.
CVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()
Published on: 2026-04-29 01:47:26
Link: View Details
Information published.
CVE-2026-31689 EDAC/mc: Fix error path ordering in edac_mc_alloc()
Published on: 2026-04-29 01:01:26
Link: View Details
Information published.
CVE-2026-31688 driver core: enforce device_lock for driver_match_device()
Published on: 2026-04-29 01:01:38
Link: View Details
Information published.
CVE-2026-31548 wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down
Published on: 2026-04-29 01:02:09
Link: View Details
Information published.
CVE-2026-31549 i2c: cp2615: fix serial string NULL-deref at probe
Published on: 2026-04-29 01:02:15
Link: View Details
Information published.
CVE-2026-31550 pmdomain: bcm: bcm2835-power: Increase ASB control timeout
Published on: 2026-04-29 01:02:20
Link: View Details
Information published.
CVE-2026-31551 wifi: mac80211: Fix static_branch_dec() underflow for aql_disable.
Published on: 2026-04-29 01:02:26
Link: View Details
Information published.
CVE-2026-31552 wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom
Published on: 2026-04-29 01:02:32
Link: View Details
Information published.
CVE-2026-31584 media: mediatek: vcodec: fix use-after-free in encoder release path
Published on: 2026-04-29 01:04:04
Link: View Details
Information published.
CVE-2026-31661 wifi: brcmsmac: Fix dma_free_coherent() size
Published on: 2026-04-29 01:05:35
Link: View Details
Information published.
CVE-2026-31563 net: macb: Use dev_consume_skb_any() to free TX SKBs
Published on: 2026-04-29 01:06:32
Link: View Details
Information published.
CVE-2026-31648 mm: filemap: fix nr_pages calculation overflow in filemap_map_pages()
Published on: 2026-04-29 01:06:38
Link: View Details
Information published.
CVE-2026-40225
Published on: 2026-04-29 01:06:51
Link: View Details
Information published.
CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path
Published on: 2026-04-29 01:07:02
Link: View Details
Information published.
CVE-2026-40556 Insecure Directory Permissions in GNU nano Leading to Privilege Abuse
Published on: 2026-04-29 01:07:07
Link: View Details
Information published.
CVE-2026-6861 Emacs: emacs: memory corruption vulnerability when processing svg css
Published on: 2026-04-29 01:09:36
Link: View Details
Information published.
CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers
Published on: 2026-04-29 01:09:44
Link: View Details
Information published.
CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document
Published on: 2026-04-29 01:09:52
Link: View Details
Information published.
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters
Published on: 2026-04-29 01:10:33
Link: View Details
Information published.
CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption
Published on: 2026-04-29 01:11:22
Link: View Details
Information published.
CVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access
Published on: 2026-04-29 01:11:30
Link: View Details
Information published.
CVE-2026-3783 token leak with redirect and netrc
Published on: 2026-04-29 01:43:47
Link: View Details
Information published.
CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal
Published on: 2026-04-29 01:38:21
Link: View Details
Information published.
CVE-2026-1965 bad reuse of HTTP Negotiate connection
Published on: 2026-04-29 01:43:35
Link: View Details
Information published.
CVE-2026-3784 wrong proxy connection reuse with credentials
Published on: 2026-04-29 01:43:59
Link: View Details
Information published.
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Published on: 2026-04-29 01:45:13
Link: View Details
Information published.
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
Published on: 2026-04-29 01:45:33
Link: View Details
Information published.
CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
Published on: 2026-04-29 01:44:52
Link: View Details
Information published.
CVE-2026-23388 Squashfs: check metadata block offset is within range
Published on: 2026-04-29 01:47:41
Link: View Details
Information published.
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
Published on: 2026-04-29 01:38:30
Link: View Details
Information published.
CVE-2026-31788 xen/privcmd: restrict usage in unprivileged domU
Published on: 2026-04-29 01:39:04
Link: View Details
Information published.
Chromium: CVE-2026-6920 Out of bounds read in GPU
Published on: 2026-04-28 07:00:42
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Published on: 2026-04-28 07:00:00
Link: View Details
Added acknowledgements. This is an informational change only.
Chromium: CVE-2026-6919 Use after free in DevTools
Published on: 2026-04-28 07:00:00
Link: View Details
Added a second Security Only package to Edge security update. This is an informational change only.
CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability
Published on: 2026-04-28 07:00:00
Link: View Details
This CVE has been updated to include the Visual Studios 2026 18.5 as an Affected Software
CVE-2026-26149 Microsoft Power Apps Desktop Client Spoofing Vulnerability
Published on: 2026-04-27 07:00:00
Link: View Details
CVE-2026-32202 Windows Shell Spoofing Vulnerability
Published on: 2026-04-27 07:00:00
Link: View Details
Corrected the Exploitability Index, Exploited flag and CVSS vector which was incorrect at the time of publication on 4/14/2026. This is an informational change only.
CVE-2018-0734 Timing attack against DSA
Published on: 2026-04-27 01:04:58
Link: View Details
Information published.
CVE-2018-0735 Timing attack against ECDSA signature generation
Published on: 2026-04-27 01:04:35
Link: View Details
Information published.
CVE-2022-2068 The c_rehash script allows command injection
Published on: 2026-04-26 01:05:30
Link: View Details
Information published.
CVE-2026-23405 apparmor: fix: limit the number of levels of policy namespaces
Published on: 2026-04-26 01:03:11
Link: View Details
Information published.
CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup
Published on: 2026-04-26 01:01:24
Link: View Details
Information published.
CVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users
Published on: 2026-04-26 01:01:24
Link: View Details
Information published.
CVE-2026-31557 nvmet: move async event work off nvmet-wq
Published on: 2026-04-26 01:01:31
Link: View Details
Information published.
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use
Published on: 2026-04-26 01:01:42
Link: View Details
Information published.
CVE-2026-31646 net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()
Published on: 2026-04-26 01:01:48
Link: View Details
Information published.
CVE-2026-31620 ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0
Published on: 2026-04-26 01:02:00
Link: View Details
Information published.
CVE-2026-31593 KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU
Published on: 2026-04-26 01:02:06
Link: View Details
Information published.
CVE-2026-31667 Input: uinput - fix circular locking dependency with ff-core
Published on: 2026-04-26 01:02:13
Link: View Details
Information published.
CVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION
Published on: 2026-04-26 01:02:19
Link: View Details
Information published.
CVE-2026-31618 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
Published on: 2026-04-26 01:02:25
Link: View Details
Information published.
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
Published on: 2026-04-26 01:02:43
Link: View Details
Information published.
CVE-2026-31589 mm: call ->free_folio() directly in folio_unmap_invalidate()
Published on: 2026-04-26 01:02:55
Link: View Details
Information published.
CVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytes
Published on: 2026-04-26 01:03:07
Link: View Details
Information published.
CVE-2026-31605 fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
Published on: 2026-04-26 01:03:19
Link: View Details
Information published.
CVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
Published on: 2026-04-26 01:03:25
Link: View Details
Information published.
CVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections
Published on: 2026-04-26 01:03:29
Link: View Details
Information published.
CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page
Published on: 2026-04-26 01:03:30
Link: View Details
Information published.
CVE-2026-31637 rxrpc: reject undecryptable rxkad response tickets
Published on: 2026-04-26 01:03:37
Link: View Details
Information published.
CVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()
Published on: 2026-04-26 01:03:43
Link: View Details
Information published.
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift
Published on: 2026-04-26 01:03:49
Link: View Details
Information published.
CVE-2026-31651 mmc: vub300: fix NULL-deref on disconnect
Published on: 2026-04-26 01:03:54
Link: View Details
Information published.
CVE-2026-23420 wifi: wlcore: Fix a locking bug
Published on: 2026-04-26 01:03:57
Link: View Details
Information published.
CVE-2026-31672 wifi: rt2x00usb: fix devres lifetime
Published on: 2026-04-26 01:04:00
Link: View Details
Information published.
CVE-2026-23422 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler
Published on: 2026-04-26 01:04:04
Link: View Details
Information published.
CVE-2026-31565 RDMA/irdma: Fix deadlock during netdev reset with active connections
Published on: 2026-04-26 01:04:07
Link: View Details
Information published.
CVE-2026-31621 bnge: return after auxiliary_device_uninit() in error path
Published on: 2026-04-26 01:04:10
Link: View Details
Information published.
CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
Published on: 2026-04-26 01:04:18
Link: View Details
Information published.
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
Published on: 2026-04-26 01:04:24
Link: View Details
Information published.
CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers
Published on: 2026-04-26 01:04:42
Link: View Details
Information published.
CVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc
Published on: 2026-04-26 01:04:47
Link: View Details
Information published.
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
Published on: 2026-04-26 01:04:41
Link: View Details
Information published.
CVE-2026-31645 net: lan966x: fix page pool leak in error paths
Published on: 2026-04-26 01:04:53
Link: View Details
Information published.
CVE-2026-41907 uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided
Published on: 2026-04-26 01:04:53
Link: View Details
Information published.
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames
Published on: 2026-04-26 01:05:00
Link: View Details
Information published.
CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write
Published on: 2026-04-26 01:05:00
Link: View Details
Information published.
CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits
Published on: 2026-04-26 01:05:12
Link: View Details
Information published.
CVE-2026-23414 tls: Purge async_hold in tls_decrypt_async_wait()
Published on: 2026-04-26 01:05:18
Link: View Details
Information published.
CVE-2026-31603 staging: sm750fb: fix division by zero in ps_to_hz()
Published on: 2026-04-26 01:05:17
Link: View Details
Information published.
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()
Published on: 2026-04-26 01:05:27
Link: View Details
Information published.
CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]
Published on: 2026-04-26 01:05:33
Link: View Details
Information published.
CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT
Published on: 2026-04-26 01:05:40
Link: View Details
Information published.
CVE-2026-31600 arm64: mm: Handle invalid large leaf mappings correctly
Published on: 2026-04-26 01:05:45
Link: View Details
Information published.
CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
Published on: 2026-04-26 01:06:07
Link: View Details
Information published.
CVE-2026-31627 i2c: s3c24xx: check the size of the SMBUS message before using it
Published on: 2026-04-26 01:05:51
Link: View Details
Information published.
CVE-2026-31671 xfrm_user: fix info leak in build_report()
Published on: 2026-04-26 01:05:57
Link: View Details
Information published.
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction
Published on: 2026-04-26 01:06:02
Link: View Details
Information published.
CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap
Published on: 2026-04-26 01:06:33
Link: View Details
Information published.
CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()
Published on: 2026-04-26 01:06:27
Link: View Details
Information published.
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory
Published on: 2026-04-26 01:06:33
Link: View Details
Information published.
CVE-2026-31587 ASoC: qcom: q6apm: move component registration to unmanaged version
Published on: 2026-04-26 01:06:50
Link: View Details
Information published.
CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation
Published on: 2026-04-26 01:06:44
Link: View Details
Information published.
CVE-2026-31662 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
Published on: 2026-04-26 01:06:57
Link: View Details
Information published.
CVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crash
Published on: 2026-04-26 01:07:03
Link: View Details
Information published.
CVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check
Published on: 2026-04-26 01:07:23
Link: View Details
Information published.
CVE-2026-31639 rxrpc: Fix key reference count leak from call->key
Published on: 2026-04-26 01:07:33
Link: View Details
Information published.
CVE-2026-31657 batman-adv: hold claim backbone gateways by reference
Published on: 2026-04-26 01:07:22
Link: View Details
Information published.
CVE-2026-31591 KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish
Published on: 2026-04-26 01:07:39
Link: View Details
Information published.
CVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checks
Published on: 2026-04-26 01:07:45
Link: View Details
Information published.
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
Published on: 2026-04-26 01:07:58
Link: View Details
Information published.
CVE-2026-31628 x86/CPU: Fix FPDSS on Zen1
Published on: 2026-04-26 01:08:04
Link: View Details
Information published.
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output
Published on: 2026-04-26 01:07:52
Link: View Details
Information published.
CVE-2026-31655 pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled
Published on: 2026-04-26 01:08:11
Link: View Details
Information published.
CVE-2026-31685 netfilter: ip6t_eui64: reject invalid MAC header for all packets
Published on: 2026-04-26 01:08:16
Link: View Details
Information published.
CVE-2026-31649 net: stmmac: fix integer underflow in chain mode
Published on: 2026-04-26 01:08:28
Link: View Details
Information published.
CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established
Published on: 2026-04-26 01:08:17
Link: View Details
Information published.
CVE-2026-31680 net: ipv6: flowlabel: defer exclusive option free until RCU teardown
Published on: 2026-04-26 01:08:39
Link: View Details
Information published.
CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
Published on: 2026-04-26 01:08:41
Link: View Details
Information published.
CVE-2026-31678 openvswitch: defer tunnel netdev_put to RCU release
Published on: 2026-04-26 01:08:45
Link: View Details
Information published.
CVE-2026-31595 PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup
Published on: 2026-04-26 01:08:46
Link: View Details
Information published.
CVE-2026-31681 netfilter: xt_multiport: validate range encoding in checkentry
Published on: 2026-04-26 01:08:51
Link: View Details
Information published.
CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
Published on: 2026-04-26 01:08:52
Link: View Details
Information published.
CVE-2026-31578 media: as102: fix to not free memory after the device is registered in as102_usb_probe()
Published on: 2026-04-26 01:08:58
Link: View Details
Information published.
CVE-2026-31682 bridge: br_nd_send: linearize skb before parsing ND options
Published on: 2026-04-26 01:09:04
Link: View Details
Information published.
CVE-2026-31659 batman-adv: reject oversized global TT response buffers
Published on: 2026-04-26 01:09:16
Link: View Details
Information published.
CVE-2026-31625 HID: alps: fix NULL pointer dereference in alps_raw_event()
Published on: 2026-04-26 01:09:10
Link: View Details
Information published.
CVE-2026-31679 openvswitch: validate MPLS set/set_masked payload length
Published on: 2026-04-26 01:09:15
Link: View Details
Information published.
CVE-2026-31674 netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()
Published on: 2026-04-26 01:09:09
Link: View Details
Information published.
CVE-2026-31673 af_unix: read UNIX_DIAG_VFS data under unix_state_lock
Published on: 2026-04-26 01:09:21
Link: View Details
Information published.
CVE-2026-31664 xfrm: clear trailing padding in build_polexpire()
Published on: 2026-04-26 01:09:22
Link: View Details
Information published.
CVE-2026-31622 NFC: digital: Bounds check NFC-A cascade depth in SDD response handler
Published on: 2026-04-26 01:09:27
Link: View Details
Information published.
CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
Published on: 2026-04-26 01:09:33
Link: View Details
Information published.
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Published on: 2026-04-26 01:09:43
Link: View Details
Information published.
CVE-2026-31656 drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
Published on: 2026-04-26 01:10:27
Link: View Details
Information published.
CVE-2026-23401 KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE
Published on: 2026-04-26 01:02:55
Link: View Details
Information published.
CVE-2026-23403 apparmor: fix memory leak in verify_header
Published on: 2026-04-26 01:03:00
Link: View Details
Information published.
CVE-2026-23404 apparmor: replace recursive profile removal with iterative approach
Published on: 2026-04-26 01:03:06
Link: View Details
Information published.
CVE-2026-23406 apparmor: fix side-effect bug in match_char() macro usage
Published on: 2026-04-26 01:03:17
Link: View Details
Information published.
CVE-2026-23407 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
Published on: 2026-04-26 01:03:22
Link: View Details
Information published.
CVE-2026-23408 apparmor: Fix double free of ns_name in aa_replace_profiles()
Published on: 2026-04-26 01:03:34
Link: View Details
Information published.
CVE-2026-23409 apparmor: fix differential encoding verification
Published on: 2026-04-26 01:03:39
Link: View Details
Information published.
CVE-2026-23410 apparmor: fix race on rawdata dereference
Published on: 2026-04-26 01:03:45
Link: View Details
Information published.
CVE-2026-23411 apparmor: fix race between freeing data and fs accessing it
Published on: 2026-04-26 01:03:51
Link: View Details
Information published.
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup
Published on: 2026-04-26 01:04:47
Link: View Details
Information published.
CVE-2026-31555 futex: Clear stale exiting pointer in futex_lock_pi() retry path
Published on: 2026-04-26 01:01:37
Link: View Details
Information published.
CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()
Published on: 2026-04-26 01:01:54
Link: View Details
Information published.
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Published on: 2026-04-26 01:02:31
Link: View Details
Information published.
CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()
Published on: 2026-04-26 01:02:37
Link: View Details
Information published.
CVE-2026-31638 rxrpc: Only put the call ref if one was acquired
Published on: 2026-04-26 01:02:49
Link: View Details
Information published.
CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag
Published on: 2026-04-26 01:03:01
Link: View Details
Information published.
CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend
Published on: 2026-04-26 01:03:13
Link: View Details
Information published.
CVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnect
Published on: 2026-04-26 01:04:12
Link: View Details
Information published.
CVE-2026-31604 wifi: rtw88: fix device leak on probe failure
Published on: 2026-04-26 01:04:22
Link: View Details
Information published.
CVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failure
Published on: 2026-04-26 01:04:28
Link: View Details
Information published.
CVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map
Published on: 2026-04-26 01:04:30
Link: View Details
Information published.
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
Published on: 2026-04-26 01:04:34
Link: View Details
Information published.
CVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroy
Published on: 2026-04-26 01:04:36
Link: View Details
Information published.
CVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being created
Published on: 2026-04-26 01:05:06
Link: View Details
Information published.
CVE-2026-31642 rxrpc: Fix call removal to use RCU safe deletion
Published on: 2026-04-26 01:05:39
Link: View Details
Information published.
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response
Published on: 2026-04-26 01:06:08
Link: View Details
Information published.
CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
Published on: 2026-04-26 01:06:21
Link: View Details
Information published.
CVE-2026-31594 PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown
Published on: 2026-04-26 01:06:15
Link: View Details
Information published.
CVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()
Published on: 2026-04-26 01:06:38
Link: View Details
Information published.
CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length
Published on: 2026-04-26 01:06:59
Link: View Details
Information published.
CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()
Published on: 2026-04-26 01:07:16
Link: View Details
Information published.
CVE-2026-31601 vfio/xe: Reorganize the init to decouple migration from reset
Published on: 2026-04-26 01:07:10
Link: View Details
Information published.
CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel
Published on: 2026-04-26 01:07:28
Link: View Details
Information published.
CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect
Published on: 2026-04-26 01:08:23
Link: View Details
Information published.
CVE-2026-31676 rxrpc: only handle RESPONSE during service challenge
Published on: 2026-04-26 01:08:27
Link: View Details
Information published.
CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values
Published on: 2026-04-26 01:08:35
Link: View Details
Information published.
CVE-2026-31677 crypto: af_alg - limit RX SG extraction by receive buffer budget
Published on: 2026-04-26 01:08:34
Link: View Details
Information published.
CVE-2026-31675 net/sched: sch_netem: fix out-of-bounds access in packet corruption
Published on: 2026-04-26 01:08:22
Link: View Details
Information published.
CVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring()
Published on: 2026-04-26 01:09:04
Link: View Details
Information published.
CVE-2026-31684 net: sched: act_csum: validate nested VLAN headers
Published on: 2026-04-26 01:08:57
Link: View Details
Information published.
CVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()
Published on: 2026-04-26 01:09:54
Link: View Details
Information published.
CVE-2026-23382 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them
Published on: 2026-04-26 01:01:52
Link: View Details
Information published.
CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal
Published on: 2026-04-26 01:02:09
Link: View Details
Information published.
CVE-2026-23359 bpf: Fix stack-out-of-bounds write in devmap
Published on: 2026-04-26 01:10:14
Link: View Details
Information published.
CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects
Published on: 2026-04-26 01:09:37
Link: View Details
Information published.
CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior
Published on: 2026-04-26 01:01:35
Link: View Details
Information published.
CVE-2026-23352 x86/efi: defer freeing of boot services memory
Published on: 2026-04-26 01:09:58
Link: View Details
Information published.
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
Published on: 2026-04-26 01:11:03
Link: View Details
Information published.
CVE-2026-23351 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
Published on: 2026-04-26 01:09:48
Link: View Details
Information published.
CVE-2026-23389 ice: Fix memory leak in ice_set_ringparam()
Published on: 2026-04-26 01:02:03
Link: View Details
Information published.
CVE-2026-23365 net: usb: kalmia: validate USB endpoints
Published on: 2026-04-26 01:10:42
Link: View Details
Information published.
CVE-2026-23398 icmp: fix NULL pointer dereference in icmp_tag_validation()
Published on: 2026-04-26 01:02:43
Link: View Details
Information published.
CVE-2026-23396 wifi: mac80211: fix NULL deref in mesh_matches_local()
Published on: 2026-04-26 01:02:32
Link: View Details
Information published.
CVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error path
Published on: 2026-04-26 01:02:49
Link: View Details
Information published.
CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.
Published on: 2026-04-26 01:05:12
Link: View Details
Information published.
CVE-2026-23362 can: bcm: fix locking for bcm_op runtime updates
Published on: 2026-04-26 01:10:32
Link: View Details
Information published.
CVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
Published on: 2026-04-26 01:10:58
Link: View Details
Information published.
CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown
Published on: 2026-04-26 01:11:08
Link: View Details
Information published.
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
Published on: 2026-04-26 01:10:20
Link: View Details
Information published.
CVE-2026-23392 netfilter: nf_tables: release flowtable after rcu grace period on error
Published on: 2026-04-26 01:02:15
Link: View Details
Information published.
CVE-2026-23388 Squashfs: check metadata block offset is within range
Published on: 2026-04-26 01:01:58
Link: View Details
Information published.
CVE-2026-23368 net: phy: register phy led_triggers during probe to avoid AB-BA deadlock
Published on: 2026-04-26 01:10:53
Link: View Details
Information published.
CVE-2026-23364 ksmbd: Compare MACs in constant time
Published on: 2026-04-26 01:10:37
Link: View Details
Information published.
CVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_open
Published on: 2026-04-26 01:10:09
Link: View Details
Information published.
CVE-2026-23381 net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
Published on: 2026-04-26 01:01:46
Link: View Details
Information published.
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
Published on: 2026-04-26 01:02:26
Link: View Details
Information published.
CVE-2026-23374 blktrace: fix __this_cpu_read/write in preemptible context
Published on: 2026-04-26 01:01:29
Link: View Details
Information published.
CVE-2026-23356 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()
Published on: 2026-04-26 01:10:04
Link: View Details
Information published.
CVE-2026-23367 wifi: radiotap: reject radiotap with unknown bits
Published on: 2026-04-26 01:10:48
Link: View Details
Information published.
CVE-2026-23379 net/sched: ets: fix divide by zero in the offload path
Published on: 2026-04-26 01:01:41
Link: View Details
Information published.
CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion
Published on: 2026-04-26 01:02:21
Link: View Details
Information published.
CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints
Published on: 2026-04-26 01:02:37
Link: View Details
Information published.
CVE-2026-31788 xen/privcmd: restrict usage in unprivileged domU
Published on: 2026-04-26 01:04:16
Link: View Details
Information published.
CVE-2026-23360 nvme: fix admin queue leak on controller reset
Published on: 2026-04-26 01:05:06
Link: View Details
Information published.
CVE-2026-23442 ipv6: add NULL checks for idev in SRv6 paths
Published on: 2026-04-25 01:05:24
Link: View Details
Information published.
CVE-2026-41080
Published on: 2026-04-25 01:01:57
Link: View Details
Information published.
CVE-2026-41989
Published on: 2026-04-25 01:05:46
Link: View Details
Information published.
CVE-2026-23438 net: mvpp2: guard flow control update with global_tx_fc in buffer switching
Published on: 2026-04-25 01:05:15
Link: View Details
Information published.
CVE-2026-23439 udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n
Published on: 2026-04-25 01:05:20
Link: View Details
Information published.
CVE-2026-23446 net: usb: aqc111: Do not perform PM inside suspend callback
Published on: 2026-04-25 01:05:35
Link: View Details
Information published.
CVE-2026-23447 net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check
Published on: 2026-04-25 01:05:41
Link: View Details
Information published.
CVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
Published on: 2026-04-25 01:05:29
Link: View Details
Information published.
CVE-2026-5450 scanf %mc off-by-one heap buffer overflow
Published on: 2026-04-25 01:04:16
Link: View Details
Information published.
CVE-2026-23428 ksmbd: fix use-after-free of share_conf in compound request
Published on: 2026-04-25 01:05:04
Link: View Details
Information published.
CVE-2026-23434 mtd: rawnand: serialize lock/unlock against other NAND operations
Published on: 2026-04-25 01:05:09
Link: View Details
Information published.
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup
Published on: 2026-04-25 01:05:53
Link: View Details
Information published.
CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable
Published on: 2026-04-25 01:05:58
Link: View Details
Information published.
CVE-2026-23340 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs
Published on: 2026-04-25 01:04:57
Link: View Details
Information published.
CVE-2026-23324 can: usb: etas_es58x: correctly anchor the urb in the read bulk callback
Published on: 2026-04-25 01:04:32
Link: View Details
Information published.
CVE-2026-23315 wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()
Published on: 2026-04-25 01:04:21
Link: View Details
Information published.
CVE-2026-23330 nfc: nci: complete pending data exchange on device close
Published on: 2026-04-25 01:04:37
Link: View Details
Information published.
CVE-2026-23318 ALSA: usb-audio: Use correct version for UAC3 header validation
Published on: 2026-04-25 01:04:26
Link: View Details
Information published.
CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths
Published on: 2026-04-25 01:04:52
Link: View Details
Information published.
CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
Published on: 2026-04-25 01:04:42
Link: View Details
Information published.
CVE-2026-23336 wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()
Published on: 2026-04-25 01:04:47
Link: View Details
Information published.
CVE-2026-5958 Race Condition in GNU Sed
Published on: 2026-04-24 01:41:30
Link: View Details
Information published.
CVE-2026-35239
Published on: 2026-04-24 01:04:43
Link: View Details
Information published.
CVE-2026-34271
Published on: 2026-04-24 01:03:52
Link: View Details
Information published.
CVE-2026-35238
Published on: 2026-04-24 01:04:38
Link: View Details
Information published.
CVE-2026-34267
Published on: 2026-04-24 01:03:42
Link: View Details
Information published.
CVE-2026-22005
Published on: 2026-04-24 01:03:21
Link: View Details
Information published.
CVE-2026-22015
Published on: 2026-04-24 01:03:31
Link: View Details
Information published.
CVE-2026-31448 ext4: avoid infinite loops caused by residual data
Published on: 2026-04-24 01:37:59
Link: View Details
Information published.
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()
Published on: 2026-04-24 01:38:39
Link: View Details
Information published.
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
Published on: 2026-04-24 01:38:50
Link: View Details
Information published.
CVE-2026-31450 ext4: publish jinode after initialization
Published on: 2026-04-24 01:39:25
Link: View Details
Information published.
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Published on: 2026-04-24 01:39:36
Link: View Details
Information published.
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds
Published on: 2026-04-24 01:39:42
Link: View Details
Information published.
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Published on: 2026-04-24 01:05:05
Link: View Details
Information published.
CVE-2026-41989
Published on: 2026-04-24 01:05:11
Link: View Details
Information published.
CVE-2026-41988
Published on: 2026-04-24 01:05:17
Link: View Details
Information published.
CVE-2026-34278
Published on: 2026-04-24 01:04:02
Link: View Details
Information published.
CVE-2026-21998
Published on: 2026-04-24 01:03:00
Link: View Details
Information published.
CVE-2026-35237
Published on: 2026-04-24 01:04:33
Link: View Details
Information published.
CVE-2026-22009
Published on: 2026-04-24 01:03:26
Link: View Details
Information published.
CVE-2026-34270
Published on: 2026-04-24 01:03:47
Link: View Details
Information published.
CVE-2026-34293
Published on: 2026-04-24 01:04:07
Link: View Details
Information published.
CVE-2026-22002
Published on: 2026-04-24 01:03:11
Link: View Details
Information published.
CVE-2026-22017
Published on: 2026-04-24 01:03:37
Link: View Details
Information published.
CVE-2026-34303
Published on: 2026-04-24 01:04:12
Link: View Details
Information published.
CVE-2026-34308
Published on: 2026-04-24 01:04:23
Link: View Details
Information published.
CVE-2026-34304
Published on: 2026-04-24 01:04:18
Link: View Details
Information published.
CVE-2026-34276
Published on: 2026-04-24 01:03:57
Link: View Details
Information published.
CVE-2026-22004
Published on: 2026-04-24 01:03:16
Link: View Details
Information published.
CVE-2026-22001
Published on: 2026-04-24 01:03:06
Link: View Details
Information published.
CVE-2026-35240
Published on: 2026-04-24 01:04:48
Link: View Details
Information published.
CVE-2026-35236
Published on: 2026-04-24 01:04:28
Link: View Details
Information published.
CVE-2026-40706
Published on: 2026-04-24 01:04:53
Link: View Details
Information published.
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
Published on: 2026-04-24 01:37:53
Link: View Details
Information published.
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
Published on: 2026-04-24 01:38:04
Link: View Details
Information published.
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
Published on: 2026-04-24 01:38:12
Link: View Details
Information published.
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Published on: 2026-04-24 01:38:26
Link: View Details
Information published.
CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups
Published on: 2026-04-24 01:38:45
Link: View Details
Information published.
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks
Published on: 2026-04-24 01:39:01
Link: View Details
Information published.
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
Published on: 2026-04-24 01:39:07
Link: View Details
Information published.
CVE-2026-31494 net: macb: use the current queue number for stats
Published on: 2026-04-24 01:39:20
Link: View Details
Information published.
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
Published on: 2026-04-24 01:39:31
Link: View Details
Information published.
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
Published on: 2026-04-24 01:39:57
Link: View Details
Information published.
CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()
Published on: 2026-04-24 01:04:59
Link: View Details
Information published.
CVE-2026-32210 Microsoft Dynamics 365 (online) Spoofing Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
CVE-2026-26150 Microsoft Purview eDiscovery Elevation of Privilege Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32172 Microsoft Power Apps Remote Code Execution Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
CVE-2026-21515 Azure IoT Central Elevation of Privilege Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Published on: 2026-04-23 01:37:20
Link: View Details
Information published.
CVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
Published on: 2026-04-23 01:11:19
Link: View Details
Information published.
CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal
Published on: 2026-04-23 01:01:28
Link: View Details
Information published.
CVE-2026-35239
Published on: 2026-04-23 01:01:40
Link: View Details
Information published.
CVE-2026-34271
Published on: 2026-04-23 01:02:13
Link: View Details
Information published.
CVE-2026-35238
Published on: 2026-04-23 01:02:29
Link: View Details
Information published.
CVE-2026-34267
Published on: 2026-04-23 01:02:35
Link: View Details
Information published.
CVE-2026-22005
Published on: 2026-04-23 01:03:14
Link: View Details
Information published.
CVE-2026-22015
Published on: 2026-04-23 01:03:30
Link: View Details
Information published.
CVE-2026-31452 ext4: convert inline data to extents when truncate exceeds inline size
Published on: 2026-04-23 01:04:35
Link: View Details
Information published.
CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount
Published on: 2026-04-23 01:04:40
Link: View Details
Information published.
CVE-2026-31476 ksmbd: do not expire session on binding failure
Published on: 2026-04-23 01:04:46
Link: View Details
Information published.
CVE-2026-31474 can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
Published on: 2026-04-23 01:05:14
Link: View Details
Information published.
CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()
Published on: 2026-04-23 01:06:03
Link: View Details
Information published.
CVE-2026-31461 drm/amd/display: Fix drm_edid leak in amdgpu_dm
Published on: 2026-04-23 01:06:09
Link: View Details
Information published.
CVE-2026-31441 dmaengine: idxd: Fix memory leak when a wq is reset
Published on: 2026-04-23 01:06:20
Link: View Details
Information published.
CVE-2026-31454 xfs: save ailp before dropping the AIL lock in push callbacks
Published on: 2026-04-23 01:06:36
Link: View Details
Information published.
CVE-2026-31432 ksmbd: fix OOB write in QUERY_INFO for compound requests
Published on: 2026-04-23 01:07:15
Link: View Details
Information published.
CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports
Published on: 2026-04-23 01:07:10
Link: View Details
Information published.
CVE-2026-31495 netfilter: ctnetlink: use netlink policy range checks
Published on: 2026-04-23 01:07:37
Link: View Details
Information published.
CVE-2026-31448 ext4: avoid infinite loops caused by residual data
Published on: 2026-04-23 01:07:48
Link: View Details
Information published.
CVE-2026-31439 dmaengine: xilinx: xdma: Fix regmap init error handling
Published on: 2026-04-23 01:07:59
Link: View Details
Information published.
CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()
Published on: 2026-04-23 01:08:32
Link: View Details
Information published.
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()
Published on: 2026-04-23 01:08:49
Link: View Details
Information published.
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
Published on: 2026-04-23 01:09:00
Link: View Details
Information published.
CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
Published on: 2026-04-23 01:09:38
Link: View Details
Information published.
CVE-2026-31450 ext4: publish jinode after initialization
Published on: 2026-04-23 01:09:49
Link: View Details
Information published.
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Published on: 2026-04-23 01:10:00
Link: View Details
Information published.
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds
Published on: 2026-04-23 01:10:06
Link: View Details
Information published.
CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()
Published on: 2026-04-23 01:11:28
Link: View Details
Information published.
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Published on: 2026-04-23 01:37:50
Link: View Details
Information published.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Published on: 2026-04-23 01:38:24
Link: View Details
Information published.
CVE-2026-5160
Published on: 2026-04-23 01:38:56
Link: View Details
Information published.
CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal
Published on: 2026-04-23 01:01:23
Link: View Details
Information published.
CVE-2026-34278
Published on: 2026-04-23 01:01:34
Link: View Details
Information published.
CVE-2026-21998
Published on: 2026-04-23 01:01:45
Link: View Details
Information published.
CVE-2026-35237
Published on: 2026-04-23 01:01:51
Link: View Details
Information published.
CVE-2026-22009
Published on: 2026-04-23 01:01:56
Link: View Details
Information published.
CVE-2026-34270
Published on: 2026-04-23 01:02:02
Link: View Details
Information published.
CVE-2026-34293
Published on: 2026-04-23 01:02:07
Link: View Details
Information published.
CVE-2026-22002
Published on: 2026-04-23 01:02:18
Link: View Details
Information published.
CVE-2026-22017
Published on: 2026-04-23 01:02:24
Link: View Details
Information published.
CVE-2026-34303
Published on: 2026-04-23 01:02:40
Link: View Details
Information published.
CVE-2026-34308
Published on: 2026-04-23 01:02:46
Link: View Details
Information published.
CVE-2026-34304
Published on: 2026-04-23 01:02:51
Link: View Details
Information published.
CVE-2026-34276
Published on: 2026-04-23 01:02:57
Link: View Details
Information published.
CVE-2026-22004
Published on: 2026-04-23 01:03:08
Link: View Details
Information published.
CVE-2026-22001
Published on: 2026-04-23 01:03:03
Link: View Details
Information published.
CVE-2026-35240
Published on: 2026-04-23 01:03:19
Link: View Details
Information published.
CVE-2026-35236
Published on: 2026-04-23 01:03:25
Link: View Details
Information published.
CVE-2026-40706
Published on: 2026-04-23 01:03:37
Link: View Details
Information published.
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Published on: 2026-04-23 01:03:56
Link: View Details
Information published.
CVE-2026-40890 github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer
Published on: 2026-04-23 01:04:01
Link: View Details
Information published.
CVE-2026-31524 HID: asus: avoid memory leak in asus_report_fixup()
Published on: 2026-04-23 01:04:07
Link: View Details
Information published.
CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex
Published on: 2026-04-23 01:04:13
Link: View Details
Information published.
CVE-2026-31487 spi: use generic driver_override infrastructure
Published on: 2026-04-23 01:04:18
Link: View Details
Information published.
CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc
Published on: 2026-04-23 01:04:24
Link: View Details
Information published.
CVE-2026-31515 af_key: validate families in pfkey_send_migrate()
Published on: 2026-04-23 01:04:29
Link: View Details
Information published.
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
Published on: 2026-04-23 01:04:52
Link: View Details
Information published.
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation
Published on: 2026-04-23 01:04:57
Link: View Details
Information published.
CVE-2026-31527 driver core: platform: use generic driver_override infrastructure
Published on: 2026-04-23 01:05:03
Link: View Details
Information published.
CVE-2026-31506 net: bcmasp: fix double free of WoL irq
Published on: 2026-04-23 01:05:08
Link: View Details
Information published.
CVE-2026-31458 mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]
Published on: 2026-04-23 01:05:19
Link: View Details
Information published.
CVE-2026-31504 net: fix fanout UAF in packet_release() via NETDEV_UP race
Published on: 2026-04-23 01:05:25
Link: View Details
Information published.
CVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse case
Published on: 2026-04-23 01:05:30
Link: View Details
Information published.
CVE-2026-31523 nvme-pci: ensure we're polling a polled queue
Published on: 2026-04-23 01:05:36
Link: View Details
Information published.
CVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indices
Published on: 2026-04-23 01:05:41
Link: View Details
Information published.
CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory
Published on: 2026-04-23 01:05:47
Link: View Details
Information published.
CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
Published on: 2026-04-23 01:05:52
Link: View Details
Information published.
CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place
Published on: 2026-04-23 01:05:58
Link: View Details
Information published.
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path
Published on: 2026-04-23 01:06:14
Link: View Details
Information published.
CVE-2026-31469 virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false
Published on: 2026-04-23 01:06:25
Link: View Details
Information published.
CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb
Published on: 2026-04-23 01:06:31
Link: View Details
Information published.
CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes
Published on: 2026-04-23 01:06:42
Link: View Details
Information published.
CVE-2026-31482 s390/entry: Scrub r12 register on kernel entry
Published on: 2026-04-23 01:06:47
Link: View Details
Information published.
CVE-2026-31518 esp: fix skb leak with espintcp and async crypto
Published on: 2026-04-23 01:06:53
Link: View Details
Information published.
CVE-2026-31446 ext4: fix use-after-free in update_super_work when racing with umount
Published on: 2026-04-23 01:06:58
Link: View Details
Information published.
CVE-2026-31520 HID: apple: avoid memory leak in apple_report_fixup()
Published on: 2026-04-23 01:07:04
Link: View Details
Information published.
CVE-2026-31519 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create
Published on: 2026-04-23 01:07:21
Link: View Details
Information published.
CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests
Published on: 2026-04-23 01:07:26
Link: View Details
Information published.
CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)
Published on: 2026-04-23 01:07:32
Link: View Details
Information published.
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
Published on: 2026-04-23 01:07:43
Link: View Details
Information published.
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
Published on: 2026-04-23 01:07:54
Link: View Details
Information published.
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
Published on: 2026-04-23 01:08:05
Link: View Details
Information published.
CVE-2026-31447 ext4: reject mount if bigalloc with s_first_data_block != 0
Published on: 2026-04-23 01:08:10
Link: View Details
Information published.
CVE-2026-31444 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()
Published on: 2026-04-23 01:08:16
Link: View Details
Information published.
CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
Published on: 2026-04-23 01:08:21
Link: View Details
Information published.
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Published on: 2026-04-23 01:08:27
Link: View Details
Information published.
CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device
Published on: 2026-04-23 01:08:38
Link: View Details
Information published.
CVE-2026-31451 ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio
Published on: 2026-04-23 01:08:44
Link: View Details
Information published.
CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups
Published on: 2026-04-23 01:08:55
Link: View Details
Information published.
CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2
Published on: 2026-04-23 01:09:06
Link: View Details
Information published.
CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop
Published on: 2026-04-23 01:09:11
Link: View Details
Information published.
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks
Published on: 2026-04-23 01:09:17
Link: View Details
Information published.
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
Published on: 2026-04-23 01:09:22
Link: View Details
Information published.
CVE-2026-31467 erofs: add GFP_NOIO in the bio completion if needed
Published on: 2026-04-23 01:09:27
Link: View Details
Information published.
CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it
Published on: 2026-04-23 01:09:33
Link: View Details
Information published.
CVE-2026-31494 net: macb: use the current queue number for stats
Published on: 2026-04-23 01:09:44
Link: View Details
Information published.
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
Published on: 2026-04-23 01:09:55
Link: View Details
Information published.
CVE-2026-6507 Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing
Published on: 2026-04-23 01:10:16
Link: View Details
Information published.
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
Published on: 2026-04-23 01:10:24
Link: View Details
Information published.
CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input
Published on: 2026-04-23 01:11:06
Link: View Details
Information published.
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
Published on: 2026-04-23 01:11:14
Link: View Details
Information published.
CVE-2026-26171 .NET Denial of Service Vulnerability
Published on: 2026-04-22 07:00:00
Link: View Details
The CVE was updated to include Powershell 7.6 and 7.5
CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal
Published on: 2026-04-22 01:01:18
Link: View Details
Information published.
CVE-2026-5958 Race Condition in GNU Sed
Published on: 2026-04-22 01:01:51
Link: View Details
Information published.
CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows
Published on: 2026-04-22 01:46:10
Link: View Details
Information published.
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Published on: 2026-04-22 01:37:33
Link: View Details
Information published.
CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal
Published on: 2026-04-22 01:01:24
Link: View Details
Information published.
CVE-2026-5450 scanf %mc off-by-one heap buffer overflow
Published on: 2026-04-22 01:01:30
Link: View Details
Information published.
CVE-2026-31430 X.509: Fix out-of-bounds access when parsing extensions
Published on: 2026-04-22 01:01:36
Link: View Details
Information published.
CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head
Published on: 2026-04-22 01:01:41
Link: View Details
Information published.
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-21 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-21 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability
Published on: 2026-04-21 07:00:00
Link: View Details
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Published on: 2026-04-21 01:40:30
Link: View Details
Information published.
CVE-2026-41254
Published on: 2026-04-21 01:01:24
Link: View Details
Information published.
CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
Published on: 2026-04-20 07:00:00
Link: View Details
Added acknowledgements. This is an informational change only.
CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published on: 2026-04-20 07:00:00
Link: View Details
Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.
CVE-2026-26149 Microsoft Power Apps Spoofing Vulnerability
Published on: 2026-04-20 07:00:00
Link: View Details
CVE-2026-5160
Published on: 2026-04-19 01:01:39
Link: View Details
Information published.
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Published on: 2026-04-19 01:01:45
Link: View Details
Information published.
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Published on: 2026-04-19 01:01:53
Link: View Details
Information published.
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Published on: 2026-04-19 01:01:24
Link: View Details
Information published.
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
Published on: 2026-04-19 01:01:18
Link: View Details
Information published.
Chromium: CVE-2026-6296 Heap buffer overflow in ANGLE
Published on: 2026-04-17 07:00:46
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6363 Type Confusion in V8
Published on: 2026-04-17 07:00:13
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6359 Use after free in Video
Published on: 2026-04-17 07:00:09
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6364 Out of bounds read in Skia
Published on: 2026-04-17 07:00:14
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6362 Use after free in Codecs
Published on: 2026-04-17 07:00:12
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS
Published on: 2026-04-17 07:00:04
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6314 Out of bounds write in GPU
Published on: 2026-04-17 07:00:05
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6318 Use after free in Codecs
Published on: 2026-04-17 07:00:09
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6361 Heap buffer overflow in PDFium
Published on: 2026-04-17 07:00:11
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6310 Use after free in Dawn
Published on: 2026-04-17 07:00:02
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6360 Use after free in FileSystem
Published on: 2026-04-17 07:00:10
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6316 Use after free in Forms
Published on: 2026-04-17 07:00:06
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6309 Use after free in Viz
Published on: 2026-04-17 07:00:01
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6311 Uninitialized Use in Accessibility
Published on: 2026-04-17 07:00:03
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6307 Type Confusion in Turbofan
Published on: 2026-04-17 07:00:59
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6306 Heap buffer overflow in PDFium
Published on: 2026-04-17 07:00:58
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6303 Use after free in Codecs
Published on: 2026-04-17 07:00:55
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6308 Out of bounds read in Media
Published on: 2026-04-17 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6302 Use after free in Video
Published on: 2026-04-17 07:00:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6300 Use after free in CSS
Published on: 2026-04-17 07:00:52
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6304 Use after free in Graphite
Published on: 2026-04-17 07:00:56
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6305 Heap buffer overflow in PDFium
Published on: 2026-04-17 07:00:57
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6301 Type Confusion in Turbofan
Published on: 2026-04-17 07:00:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6317 Use after free in Cast
Published on: 2026-04-17 07:00:08
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords
Published on: 2026-04-17 07:00:04
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6298 Heap buffer overflow in Skia
Published on: 2026-04-17 07:00:50
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6297 Use after free in Proxy
Published on: 2026-04-17 07:00:49
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6299 Use after free in Prerender
Published on: 2026-04-17 07:00:51
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input
Published on: 2026-04-17 01:01:34
Link: View Details
Information published.
CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed
Published on: 2026-04-17 01:01:51
Link: View Details
Information published.
CVE-2026-35469 SpdyStream: DOS on CRI
Published on: 2026-04-17 01:01:59
Link: View Details
Information published.
CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure
Published on: 2026-04-17 01:02:19
Link: View Details
Information published.
CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount
Published on: 2026-04-17 01:40:21
Link: View Details
Information published.
CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow
Published on: 2026-04-17 01:01:17
Link: View Details
Information published.
CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()
Published on: 2026-04-17 01:01:26
Link: View Details
Information published.
CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers
Published on: 2026-04-17 01:01:42
Link: View Details
Information published.
CVE-2026-41035
Published on: 2026-04-17 01:02:04
Link: View Details
Information published.
CVE-2026-35199 SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation
Published on: 2026-04-17 01:02:11
Link: View Details
Information published.
CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows
Published on: 2026-04-17 01:02:27
Link: View Details
Information published.
CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer
Published on: 2026-04-17 01:02:33
Link: View Details
Information published.
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Published on: 2026-04-17 01:02:38
Link: View Details
Information published.
CVE-2025-64669 Windows Admin Center Elevation of Privilege Vulnerability
Published on: 2026-04-16 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-16 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-23666 .NET Framework Denial of Service Vulnerability
Published on: 2026-04-15 07:00:00
Link: View Details
Executive Summary updated
CVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
Published on: 2026-04-15 01:37:50
Link: View Details
Information published.
CVE-2026-27171 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
Published on: 2026-04-15 01:40:55
Link: View Details
Information published.
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Published on: 2026-04-15 01:39:31
Link: View Details
Information published.
CVE-2025-14523 Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins)
Published on: 2026-04-15 01:39:52
Link: View Details
Information published.
CVE-2025-1220 Null byte termination in hostnames
Published on: 2026-04-15 01:38:32
Link: View Details
Information published.
CVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()
Published on: 2026-04-15 01:42:40
Link: View Details
Information published.
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Published on: 2026-04-15 01:45:06
Link: View Details
Information published.
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Published on: 2026-04-15 01:44:18
Link: View Details
Information published.
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Published on: 2026-04-15 01:44:38
Link: View Details
Information published.
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
Published on: 2026-04-15 01:47:59
Link: View Details
Information published.
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
Published on: 2026-04-15 01:48:20
Link: View Details
Information published.
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Published on: 2026-04-15 01:49:16
Link: View Details
Information published.
CVE-2026-40385
Published on: 2026-04-15 01:01:42
Link: View Details
Information published.
CVE-2026-33555
Published on: 2026-04-15 01:01:51
Link: View Details
Information published.
CVE-2026-5466 wc_VerifyEccsiHash missing sanity check
Published on: 2026-04-15 01:01:59
Link: View Details
Information published.
CVE-2026-5194 wolfSSL ECDSA Certificate Verification
Published on: 2026-04-15 01:02:34
Link: View Details
Information published.
CVE-2026-5448 1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore
Published on: 2026-04-15 01:02:59
Link: View Details
Information published.
CVE-2026-5264 DTLS 1.3 ACK heap buffer overflow
Published on: 2026-04-15 01:03:33
Link: View Details
Information published.
CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.
Published on: 2026-04-15 01:03:58
Link: View Details
Information published.
CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3
Published on: 2026-04-15 01:04:23
Link: View Details
Information published.
CVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse
Published on: 2026-04-15 01:04:48
Link: View Details
Information published.
CVE-2026-34601 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion
Published on: 2026-04-15 01:42:18
Link: View Details
Information published.
CVE-2026-35093 Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
Published on: 2026-04-15 01:42:54
Link: View Details
Information published.
CVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templates
Published on: 2026-04-15 01:43:25
Link: View Details
Information published.
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Published on: 2026-04-15 01:44:54
Link: View Details
Information published.
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Published on: 2026-04-15 01:45:23
Link: View Details
Information published.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Published on: 2026-04-15 01:46:07
Link: View Details
Information published.
CVE-2026-32281 Inefficient policy validation in crypto/x509
Published on: 2026-04-15 01:46:32
Link: View Details
Information published.
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
Published on: 2026-04-15 01:47:16
Link: View Details
Information published.
CVE-2026-32280 Unexpected work during chain building in crypto/x509
Published on: 2026-04-15 01:47:43
Link: View Details
Information published.
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Published on: 2026-04-15 01:48:42
Link: View Details
Information published.
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
Published on: 2026-04-15 01:49:03
Link: View Details
Information published.
CVE-2026-40386
Published on: 2026-04-15 01:01:34
Link: View Details
Information published.
CVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS
Published on: 2026-04-15 01:02:08
Link: View Details
Information published.
CVE-2026-5500 Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication Bypass
Published on: 2026-04-15 01:02:16
Link: View Details
Information published.
CVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext Recovery
Published on: 2026-04-15 01:02:25
Link: View Details
Information published.
CVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates
Published on: 2026-04-15 01:02:42
Link: View Details
Information published.
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer
Published on: 2026-04-15 01:02:51
Link: View Details
Information published.
CVE-2026-5477 Prefix-substitution forgery via integer overflow in wolfCrypt CMAC
Published on: 2026-04-15 01:03:08
Link: View Details
Information published.
CVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag
Published on: 2026-04-15 01:03:16
Link: View Details
Information published.
CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName
Published on: 2026-04-15 01:03:24
Link: View Details
Information published.
CVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OID
Published on: 2026-04-15 01:03:41
Link: View Details
Information published.
CVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSL
Published on: 2026-04-15 01:03:50
Link: View Details
Information published.
CVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier
Published on: 2026-04-15 01:04:06
Link: View Details
Information published.
CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation
Published on: 2026-04-15 01:04:15
Link: View Details
Information published.
CVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints()
Published on: 2026-04-15 01:04:31
Link: View Details
Information published.
CVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streaming
Published on: 2026-04-15 01:04:39
Link: View Details
Information published.
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Published on: 2026-04-15 01:04:59
Link: View Details
Information published.
CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount
Published on: 2026-04-15 01:05:07
Link: View Details
Information published.
CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
Published on: 2026-04-15 01:05:12
Link: View Details
Information published.
CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters
Published on: 2026-04-15 01:05:18
Link: View Details
Information published.
CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
Published on: 2026-04-15 01:05:23
Link: View Details
Information published.
CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Published on: 2026-04-15 01:05:29
Link: View Details
Information published.
CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF
Published on: 2026-04-15 01:05:34
Link: View Details
Information published.
CVE-2026-3644 Incomplete control character validation in http.cookies
Published on: 2026-04-15 01:42:33
Link: View Details
Information published.
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Published on: 2026-04-15 01:38:17
Link: View Details
Information published.
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
Published on: 2026-04-15 01:39:18
Link: View Details
Information published.
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
Published on: 2026-04-15 01:39:30
Link: View Details
Information published.
CVE-2026-27139 FileInfo can escape from a Root in os
Published on: 2026-04-15 01:40:46
Link: View Details
Information published.
CVE-2026-32776
Published on: 2026-04-15 01:41:18
Link: View Details
Information published.
CVE-2026-32778
Published on: 2026-04-15 01:41:36
Link: View Details
Information published.
CVE-2026-32777
Published on: 2026-04-15 01:41:54
Link: View Details
Information published.
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Published on: 2026-04-15 01:42:06
Link: View Details
Information published.
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Published on: 2026-04-15 01:43:57
Link: View Details
Information published.
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
Published on: 2026-04-15 01:44:10
Link: View Details
Information published.
CVE-2026-3849 Buffer Overflow in HPKE via Oversized ECH Config
Published on: 2026-04-15 01:43:25
Link: View Details
Information published.
CVE-2026-3579 Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I
Published on: 2026-04-15 01:43:31
Link: View Details
Information published.
CVE-2026-2645 Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
Published on: 2026-04-15 01:43:37
Link: View Details
Information published.
CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function
Published on: 2026-04-15 01:43:43
Link: View Details
Information published.
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation
Published on: 2026-04-15 01:38:23
Link: View Details
Information published.
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Published on: 2026-04-15 01:38:06
Link: View Details
Information published.
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Published on: 2026-04-15 01:38:37
Link: View Details
Information published.
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
Published on: 2026-04-15 01:38:56
Link: View Details
Information published.
CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
Published on: 2026-04-15 01:39:04
Link: View Details
Information published.
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Published on: 2026-04-15 01:39:13
Link: View Details
Information published.
CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
Published on: 2026-04-15 01:39:24
Link: View Details
Information published.
CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
Published on: 2026-04-15 01:39:35
Link: View Details
Information published.
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
Published on: 2026-04-15 01:41:11
Link: View Details
Information published.
CVE-2026-4739 Integer overflow vulnerabilities in InsightSoftwareConsortium/ITK
Published on: 2026-04-15 01:41:38
Link: View Details
Information published.
CVE-2026-32287 Infinite loop in github.com/antchfx/xpath
Published on: 2026-04-15 01:41:59
Link: View Details
Information published.
CVE-2026-20930 Windows Management Services Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-25250 MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix
Published on: 2026-04-14 07:00:00
Link: View Details
Missing cryptographic step in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
CVE-2026-25184 Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-20945 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-23670 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
CVE-2026-26149 Microsoft Power Apps Security Feature Bypass
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.
CVE-2026-26151 Remote Desktop Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26154 Windows Server Update Service (WSUS) Tampering Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
CVE-2026-26155 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Information published.
CVE-2026-26160 Remote Desktop Licensing Service Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26161 Windows Sensor Data Service Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26162 Windows OLE Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.
CVE-2026-26165 Windows Shell Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2026-26166 Windows Shell Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Double free in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2026-26167 Windows Push Notifications Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-26174 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26175 Windows Boot Manager Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-26179 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26180 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26181 Microsoft Brokering File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-26183 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.
CVE-2026-27906 Windows Hello Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.
CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-27908 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-27915 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27917 Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-27918 Windows Shell Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2026-27919 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27921 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-27924 Desktop Window Manager Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-27926 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-27927 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.
CVE-2026-27931 Windows GDI Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
CVE-2026-32071 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2026-32073 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-32075 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-32081 Package Catalog Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32082 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32083 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32085 Remote Procedure Call Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.
CVE-2026-32087 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32089 Windows Speech Brokered Api Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
CVE-2026-32090 Windows Speech Brokered Api Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
CVE-2026-32093 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32152 Desktop Window Manager Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32154 Desktop Window Manager Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32156 Windows UPnP Device Host Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.
CVE-2026-32157 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-32158 Windows Push Notifications Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32159 Windows Push Notifications Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32160 Windows Push Notifications Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-0390 UEFI Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
CVE-2026-32165 Windows User Interface Core Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-32167 SQL Server Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32168 Azure Monitor Agent Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32178 .NET Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32181 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
CVE-2026-32183 Windows Snipping Tool Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.
CVE-2026-32184 Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
CVE-2026-32188 Microsoft Excel Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-32189 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32192 Azure Monitor Agent Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32195 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-32202 Windows Shell Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32215 Windows Kernel Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-32216 Windows Redirected Drive Buffering System Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.
CVE-2026-32217 Windows Kernel Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-32218 Windows Kernel Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2023-20585 AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
The vulnerability assigned to this CVE could lead to corruption of guest encrypted memory. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.
Please see the following for more information:
* [https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3016.html]
CVE-2026-32219 Microsoft Brokering File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32220 UEFI Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
CVE-2026-32221 Windows Graphics Component Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
CVE-2026-32222 Windows Win32k Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-32224 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32226 .NET Framework Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-33095 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33096 HTTP.sys Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
CVE-2026-33098 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
CVE-2026-33120 Microsoft SQL Server Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-33822 Microsoft Word Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
CVE-2026-33826 Windows Active Directory Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
CVE-2026-32212 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
ADV990001 Latest Servicing Stack Updates
Published on: 2026-04-14 07:00:00
Link: View Details
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
CVE-2025-6965 Integer Truncation on SQLite
Published on: 2026-04-14 07:00:00
Link: View Details
This CVE has been updated to include new package information
CVE-2026-32631 GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes
Published on: 2026-04-14 07:00:00
Link: View Details
[CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) is regarding a vulnerability where it is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability.
Please see [CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) for more information.
CVE-2026-21637 HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers
Published on: 2026-04-14 07:00:00
Link: View Details
[CVE-2026-21637](https://www.cve.org/CVERecord?id=CVE-2026-21637) is regarding a vulnerability in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. HackerOne created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Node.js which address this vulnerability.
Please see [CVE-2026-21637](https://www.cve.org/CVERecord?id=CVE-2026-21637) for more information.
CVE-2026-20928 Windows Recovery Environment Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-20806 Windows COM Server Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.
CVE-2026-23657 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-23666 .NET Framework Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-26143 Microsoft PowerShell Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-26152 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-26153 Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-26156 Windows Hyper-V Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-26159 Remote Desktop Licensing Service Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26163 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26169 Windows Kernel Memory Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
CVE-2026-26170 PowerShell Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2026-26172 Windows Push Notifications Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26176 Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-26177 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26178 Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.
CVE-2026-26182 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26184 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-27909 Windows Search Service Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2026-27910 Windows Installer Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-27911 Windows User Interface Core Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-27912 Windows Kerberos Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-27913 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-27914 Microsoft Management Console Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
CVE-2026-27916 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27920 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27922 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-27923 Desktop Window Manager Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-27925 Windows UPnP Device Host Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.
CVE-2026-27928 Windows Hello Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-27930 Windows GDI Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
CVE-2026-32068 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32069 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32070 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-32072 Active Directory Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
CVE-2026-32074 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-32078 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32079 Web Account Manager Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32080 Windows WalletService Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
CVE-2026-32084 Windows Print Spooler Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32086 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32088 Windows Biometric Service Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-32091 Microsoft Brokering File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32149 Windows Hyper-V Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-32150 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32151 Windows Shell Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.
CVE-2026-32153 Windows Speech Runtime Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2026-32155 Desktop Window Manager Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32162 Windows COM Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32163 Windows User Interface Core Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-32164 Windows User Interface Core Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-32171 Azure Logic Apps Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-32176 SQL Server Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32190 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-32196 Windows Admin Center Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32197 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32198 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32199 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32200 Microsoft PowerPoint Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-26171 .NET Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-32203 .NET and Visual Studio Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
CVE-2026-32225 Windows Shell Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-33099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-33100 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-33101 Windows Print Spooler Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.
CVE-2026-33104 Win32k Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-33114 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33115 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33827 Windows TCP/IP Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2026-33824 Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
CVE-2026-33829 Windows Snipping Tool Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32214 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Added an acknowledgement. This is an informational change only.
CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32187 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability - Rejected
Published on: 2026-04-14 07:00:00
Link: View Details
Microsoft has changed the status of this CVE to Rejected as we have determined that this is not a vulnerability.
