CVE-2026-5958 Race Condition in GNU Sed
Published on: 2026-04-24 01:41:30
Link: View Details
Information published.
CVE-2026-35239
Published on: 2026-04-24 01:04:43
Link: View Details
Information published.
CVE-2026-34271
Published on: 2026-04-24 01:03:52
Link: View Details
Information published.
CVE-2026-35238
Published on: 2026-04-24 01:04:38
Link: View Details
Information published.
CVE-2026-34267
Published on: 2026-04-24 01:03:42
Link: View Details
Information published.
CVE-2026-22005
Published on: 2026-04-24 01:03:21
Link: View Details
Information published.
CVE-2026-22015
Published on: 2026-04-24 01:03:31
Link: View Details
Information published.
CVE-2026-31448 ext4: avoid infinite loops caused by residual data
Published on: 2026-04-24 01:37:59
Link: View Details
Information published.
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()
Published on: 2026-04-24 01:38:39
Link: View Details
Information published.
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
Published on: 2026-04-24 01:38:50
Link: View Details
Information published.
CVE-2026-31450 ext4: publish jinode after initialization
Published on: 2026-04-24 01:39:25
Link: View Details
Information published.
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Published on: 2026-04-24 01:39:36
Link: View Details
Information published.
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds
Published on: 2026-04-24 01:39:42
Link: View Details
Information published.
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Published on: 2026-04-24 01:05:05
Link: View Details
Information published.
CVE-2026-41989
Published on: 2026-04-24 01:05:11
Link: View Details
Information published.
CVE-2026-41988
Published on: 2026-04-24 01:05:17
Link: View Details
Information published.
CVE-2026-34278
Published on: 2026-04-24 01:04:02
Link: View Details
Information published.
CVE-2026-21998
Published on: 2026-04-24 01:03:00
Link: View Details
Information published.
CVE-2026-35237
Published on: 2026-04-24 01:04:33
Link: View Details
Information published.
CVE-2026-22009
Published on: 2026-04-24 01:03:26
Link: View Details
Information published.
CVE-2026-34270
Published on: 2026-04-24 01:03:47
Link: View Details
Information published.
CVE-2026-34293
Published on: 2026-04-24 01:04:07
Link: View Details
Information published.
CVE-2026-22002
Published on: 2026-04-24 01:03:11
Link: View Details
Information published.
CVE-2026-22017
Published on: 2026-04-24 01:03:37
Link: View Details
Information published.
CVE-2026-34303
Published on: 2026-04-24 01:04:12
Link: View Details
Information published.
CVE-2026-34308
Published on: 2026-04-24 01:04:23
Link: View Details
Information published.
CVE-2026-34304
Published on: 2026-04-24 01:04:18
Link: View Details
Information published.
CVE-2026-34276
Published on: 2026-04-24 01:03:57
Link: View Details
Information published.
CVE-2026-22004
Published on: 2026-04-24 01:03:16
Link: View Details
Information published.
CVE-2026-22001
Published on: 2026-04-24 01:03:06
Link: View Details
Information published.
CVE-2026-35240
Published on: 2026-04-24 01:04:48
Link: View Details
Information published.
CVE-2026-35236
Published on: 2026-04-24 01:04:28
Link: View Details
Information published.
CVE-2026-40706
Published on: 2026-04-24 01:04:53
Link: View Details
Information published.
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
Published on: 2026-04-24 01:37:53
Link: View Details
Information published.
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
Published on: 2026-04-24 01:38:04
Link: View Details
Information published.
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
Published on: 2026-04-24 01:38:12
Link: View Details
Information published.
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Published on: 2026-04-24 01:38:26
Link: View Details
Information published.
CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups
Published on: 2026-04-24 01:38:45
Link: View Details
Information published.
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks
Published on: 2026-04-24 01:39:01
Link: View Details
Information published.
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
Published on: 2026-04-24 01:39:07
Link: View Details
Information published.
CVE-2026-31494 net: macb: use the current queue number for stats
Published on: 2026-04-24 01:39:20
Link: View Details
Information published.
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
Published on: 2026-04-24 01:39:31
Link: View Details
Information published.
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
Published on: 2026-04-24 01:39:57
Link: View Details
Information published.
CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()
Published on: 2026-04-24 01:04:59
Link: View Details
Information published.
CVE-2026-32210 Microsoft Dynamics 365 (online) Spoofing Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
CVE-2026-26150 Microsoft Purview eDiscovery Elevation of Privilege Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32172 Microsoft Power Apps Remote Code Execution Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
CVE-2026-21515 Azure IoT Central Elevation of Privilege Vulnerability
Published on: 2026-04-23 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Published on: 2026-04-23 01:37:20
Link: View Details
Information published.
CVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
Published on: 2026-04-23 01:11:19
Link: View Details
Information published.
CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal
Published on: 2026-04-23 01:01:28
Link: View Details
Information published.
CVE-2026-35239
Published on: 2026-04-23 01:01:40
Link: View Details
Information published.
CVE-2026-34271
Published on: 2026-04-23 01:02:13
Link: View Details
Information published.
CVE-2026-35238
Published on: 2026-04-23 01:02:29
Link: View Details
Information published.
CVE-2026-34267
Published on: 2026-04-23 01:02:35
Link: View Details
Information published.
CVE-2026-22005
Published on: 2026-04-23 01:03:14
Link: View Details
Information published.
CVE-2026-22015
Published on: 2026-04-23 01:03:30
Link: View Details
Information published.
CVE-2026-31452 ext4: convert inline data to extents when truncate exceeds inline size
Published on: 2026-04-23 01:04:35
Link: View Details
Information published.
CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount
Published on: 2026-04-23 01:04:40
Link: View Details
Information published.
CVE-2026-31476 ksmbd: do not expire session on binding failure
Published on: 2026-04-23 01:04:46
Link: View Details
Information published.
CVE-2026-31474 can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
Published on: 2026-04-23 01:05:14
Link: View Details
Information published.
CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()
Published on: 2026-04-23 01:06:03
Link: View Details
Information published.
CVE-2026-31461 drm/amd/display: Fix drm_edid leak in amdgpu_dm
Published on: 2026-04-23 01:06:09
Link: View Details
Information published.
CVE-2026-31441 dmaengine: idxd: Fix memory leak when a wq is reset
Published on: 2026-04-23 01:06:20
Link: View Details
Information published.
CVE-2026-31454 xfs: save ailp before dropping the AIL lock in push callbacks
Published on: 2026-04-23 01:06:36
Link: View Details
Information published.
CVE-2026-31432 ksmbd: fix OOB write in QUERY_INFO for compound requests
Published on: 2026-04-23 01:07:15
Link: View Details
Information published.
CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports
Published on: 2026-04-23 01:07:10
Link: View Details
Information published.
CVE-2026-31495 netfilter: ctnetlink: use netlink policy range checks
Published on: 2026-04-23 01:07:37
Link: View Details
Information published.
CVE-2026-31448 ext4: avoid infinite loops caused by residual data
Published on: 2026-04-23 01:07:48
Link: View Details
Information published.
CVE-2026-31439 dmaengine: xilinx: xdma: Fix regmap init error handling
Published on: 2026-04-23 01:07:59
Link: View Details
Information published.
CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()
Published on: 2026-04-23 01:08:32
Link: View Details
Information published.
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()
Published on: 2026-04-23 01:08:49
Link: View Details
Information published.
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise
Published on: 2026-04-23 01:09:00
Link: View Details
Information published.
CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
Published on: 2026-04-23 01:09:38
Link: View Details
Information published.
CVE-2026-31450 ext4: publish jinode after initialization
Published on: 2026-04-23 01:09:49
Link: View Details
Information published.
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Published on: 2026-04-23 01:10:00
Link: View Details
Information published.
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds
Published on: 2026-04-23 01:10:06
Link: View Details
Information published.
CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()
Published on: 2026-04-23 01:11:28
Link: View Details
Information published.
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Published on: 2026-04-23 01:37:50
Link: View Details
Information published.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Published on: 2026-04-23 01:38:24
Link: View Details
Information published.
CVE-2026-5160
Published on: 2026-04-23 01:38:56
Link: View Details
Information published.
CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal
Published on: 2026-04-23 01:01:23
Link: View Details
Information published.
CVE-2026-34278
Published on: 2026-04-23 01:01:34
Link: View Details
Information published.
CVE-2026-21998
Published on: 2026-04-23 01:01:45
Link: View Details
Information published.
CVE-2026-35237
Published on: 2026-04-23 01:01:51
Link: View Details
Information published.
CVE-2026-22009
Published on: 2026-04-23 01:01:56
Link: View Details
Information published.
CVE-2026-34270
Published on: 2026-04-23 01:02:02
Link: View Details
Information published.
CVE-2026-34293
Published on: 2026-04-23 01:02:07
Link: View Details
Information published.
CVE-2026-22002
Published on: 2026-04-23 01:02:18
Link: View Details
Information published.
CVE-2026-22017
Published on: 2026-04-23 01:02:24
Link: View Details
Information published.
CVE-2026-34303
Published on: 2026-04-23 01:02:40
Link: View Details
Information published.
CVE-2026-34308
Published on: 2026-04-23 01:02:46
Link: View Details
Information published.
CVE-2026-34304
Published on: 2026-04-23 01:02:51
Link: View Details
Information published.
CVE-2026-34276
Published on: 2026-04-23 01:02:57
Link: View Details
Information published.
CVE-2026-22004
Published on: 2026-04-23 01:03:08
Link: View Details
Information published.
CVE-2026-22001
Published on: 2026-04-23 01:03:03
Link: View Details
Information published.
CVE-2026-35240
Published on: 2026-04-23 01:03:19
Link: View Details
Information published.
CVE-2026-35236
Published on: 2026-04-23 01:03:25
Link: View Details
Information published.
CVE-2026-40706
Published on: 2026-04-23 01:03:37
Link: View Details
Information published.
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Published on: 2026-04-23 01:03:56
Link: View Details
Information published.
CVE-2026-40890 github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer
Published on: 2026-04-23 01:04:01
Link: View Details
Information published.
CVE-2026-31524 HID: asus: avoid memory leak in asus_report_fixup()
Published on: 2026-04-23 01:04:07
Link: View Details
Information published.
CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex
Published on: 2026-04-23 01:04:13
Link: View Details
Information published.
CVE-2026-31487 spi: use generic driver_override infrastructure
Published on: 2026-04-23 01:04:18
Link: View Details
Information published.
CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc
Published on: 2026-04-23 01:04:24
Link: View Details
Information published.
CVE-2026-31515 af_key: validate families in pfkey_send_migrate()
Published on: 2026-04-23 01:04:29
Link: View Details
Information published.
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
Published on: 2026-04-23 01:04:52
Link: View Details
Information published.
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation
Published on: 2026-04-23 01:04:57
Link: View Details
Information published.
CVE-2026-31527 driver core: platform: use generic driver_override infrastructure
Published on: 2026-04-23 01:05:03
Link: View Details
Information published.
CVE-2026-31506 net: bcmasp: fix double free of WoL irq
Published on: 2026-04-23 01:05:08
Link: View Details
Information published.
CVE-2026-31458 mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]
Published on: 2026-04-23 01:05:19
Link: View Details
Information published.
CVE-2026-31504 net: fix fanout UAF in packet_release() via NETDEV_UP race
Published on: 2026-04-23 01:05:25
Link: View Details
Information published.
CVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse case
Published on: 2026-04-23 01:05:30
Link: View Details
Information published.
CVE-2026-31523 nvme-pci: ensure we're polling a polled queue
Published on: 2026-04-23 01:05:36
Link: View Details
Information published.
CVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indices
Published on: 2026-04-23 01:05:41
Link: View Details
Information published.
CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory
Published on: 2026-04-23 01:05:47
Link: View Details
Information published.
CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
Published on: 2026-04-23 01:05:52
Link: View Details
Information published.
CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place
Published on: 2026-04-23 01:05:58
Link: View Details
Information published.
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path
Published on: 2026-04-23 01:06:14
Link: View Details
Information published.
CVE-2026-31469 virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false
Published on: 2026-04-23 01:06:25
Link: View Details
Information published.
CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb
Published on: 2026-04-23 01:06:31
Link: View Details
Information published.
CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes
Published on: 2026-04-23 01:06:42
Link: View Details
Information published.
CVE-2026-31482 s390/entry: Scrub r12 register on kernel entry
Published on: 2026-04-23 01:06:47
Link: View Details
Information published.
CVE-2026-31518 esp: fix skb leak with espintcp and async crypto
Published on: 2026-04-23 01:06:53
Link: View Details
Information published.
CVE-2026-31446 ext4: fix use-after-free in update_super_work when racing with umount
Published on: 2026-04-23 01:06:58
Link: View Details
Information published.
CVE-2026-31520 HID: apple: avoid memory leak in apple_report_fixup()
Published on: 2026-04-23 01:07:04
Link: View Details
Information published.
CVE-2026-31519 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create
Published on: 2026-04-23 01:07:21
Link: View Details
Information published.
CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests
Published on: 2026-04-23 01:07:26
Link: View Details
Information published.
CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)
Published on: 2026-04-23 01:07:32
Link: View Details
Information published.
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table
Published on: 2026-04-23 01:07:43
Link: View Details
Information published.
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
Published on: 2026-04-23 01:07:54
Link: View Details
Information published.
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
Published on: 2026-04-23 01:08:05
Link: View Details
Information published.
CVE-2026-31447 ext4: reject mount if bigalloc with s_first_data_block != 0
Published on: 2026-04-23 01:08:10
Link: View Details
Information published.
CVE-2026-31444 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()
Published on: 2026-04-23 01:08:16
Link: View Details
Information published.
CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
Published on: 2026-04-23 01:08:21
Link: View Details
Information published.
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
Published on: 2026-04-23 01:08:27
Link: View Details
Information published.
CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device
Published on: 2026-04-23 01:08:38
Link: View Details
Information published.
CVE-2026-31451 ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio
Published on: 2026-04-23 01:08:44
Link: View Details
Information published.
CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups
Published on: 2026-04-23 01:08:55
Link: View Details
Information published.
CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2
Published on: 2026-04-23 01:09:06
Link: View Details
Information published.
CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop
Published on: 2026-04-23 01:09:11
Link: View Details
Information published.
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks
Published on: 2026-04-23 01:09:17
Link: View Details
Information published.
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
Published on: 2026-04-23 01:09:22
Link: View Details
Information published.
CVE-2026-31467 erofs: add GFP_NOIO in the bio completion if needed
Published on: 2026-04-23 01:09:27
Link: View Details
Information published.
CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it
Published on: 2026-04-23 01:09:33
Link: View Details
Information published.
CVE-2026-31494 net: macb: use the current queue number for stats
Published on: 2026-04-23 01:09:44
Link: View Details
Information published.
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
Published on: 2026-04-23 01:09:55
Link: View Details
Information published.
CVE-2026-6507 Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing
Published on: 2026-04-23 01:10:16
Link: View Details
Information published.
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
Published on: 2026-04-23 01:10:24
Link: View Details
Information published.
CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input
Published on: 2026-04-23 01:11:06
Link: View Details
Information published.
CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL
Published on: 2026-04-23 01:11:14
Link: View Details
Information published.
CVE-2026-26171 .NET Denial of Service Vulnerability
Published on: 2026-04-22 07:00:00
Link: View Details
The CVE was updated to include Powershell 7.6 and 7.5
CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal
Published on: 2026-04-22 01:01:18
Link: View Details
Information published.
CVE-2026-5958 Race Condition in GNU Sed
Published on: 2026-04-22 01:01:51
Link: View Details
Information published.
CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows
Published on: 2026-04-22 01:46:10
Link: View Details
Information published.
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Published on: 2026-04-22 01:37:33
Link: View Details
Information published.
CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal
Published on: 2026-04-22 01:01:24
Link: View Details
Information published.
CVE-2026-5450 scanf %mc off-by-one heap buffer overflow
Published on: 2026-04-22 01:01:30
Link: View Details
Information published.
CVE-2026-31430 X.509: Fix out-of-bounds access when parsing extensions
Published on: 2026-04-22 01:01:36
Link: View Details
Information published.
CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head
Published on: 2026-04-22 01:01:41
Link: View Details
Information published.
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-21 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-21 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability
Published on: 2026-04-21 07:00:00
Link: View Details
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Published on: 2026-04-21 01:40:30
Link: View Details
Information published.
CVE-2026-41254
Published on: 2026-04-21 01:01:24
Link: View Details
Information published.
CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
Published on: 2026-04-20 07:00:00
Link: View Details
Added acknowledgements. This is an informational change only.
CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published on: 2026-04-20 07:00:00
Link: View Details
Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.
CVE-2026-26149 Microsoft Power Apps Spoofing Vulnerability
Published on: 2026-04-20 07:00:00
Link: View Details
CVE-2026-5160
Published on: 2026-04-19 01:01:39
Link: View Details
Information published.
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Published on: 2026-04-19 01:01:45
Link: View Details
Information published.
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Published on: 2026-04-19 01:01:53
Link: View Details
Information published.
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Published on: 2026-04-19 01:01:24
Link: View Details
Information published.
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
Published on: 2026-04-19 01:01:18
Link: View Details
Information published.
Chromium: CVE-2026-6296 Heap buffer overflow in ANGLE
Published on: 2026-04-17 07:00:46
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6363 Type Confusion in V8
Published on: 2026-04-17 07:00:13
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6359 Use after free in Video
Published on: 2026-04-17 07:00:09
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6364 Out of bounds read in Skia
Published on: 2026-04-17 07:00:14
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6362 Use after free in Codecs
Published on: 2026-04-17 07:00:12
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS
Published on: 2026-04-17 07:00:04
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6314 Out of bounds write in GPU
Published on: 2026-04-17 07:00:05
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6318 Use after free in Codecs
Published on: 2026-04-17 07:00:09
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6361 Heap buffer overflow in PDFium
Published on: 2026-04-17 07:00:11
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6310 Use after free in Dawn
Published on: 2026-04-17 07:00:02
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6360 Use after free in FileSystem
Published on: 2026-04-17 07:00:10
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6316 Use after free in Forms
Published on: 2026-04-17 07:00:06
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6309 Use after free in Viz
Published on: 2026-04-17 07:00:01
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6311 Uninitialized Use in Accessibility
Published on: 2026-04-17 07:00:03
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6307 Type Confusion in Turbofan
Published on: 2026-04-17 07:00:59
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6306 Heap buffer overflow in PDFium
Published on: 2026-04-17 07:00:58
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6303 Use after free in Codecs
Published on: 2026-04-17 07:00:55
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6308 Out of bounds read in Media
Published on: 2026-04-17 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6302 Use after free in Video
Published on: 2026-04-17 07:00:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6300 Use after free in CSS
Published on: 2026-04-17 07:00:52
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6304 Use after free in Graphite
Published on: 2026-04-17 07:00:56
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6305 Heap buffer overflow in PDFium
Published on: 2026-04-17 07:00:57
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6301 Type Confusion in Turbofan
Published on: 2026-04-17 07:00:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6317 Use after free in Cast
Published on: 2026-04-17 07:00:08
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords
Published on: 2026-04-17 07:00:04
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6298 Heap buffer overflow in Skia
Published on: 2026-04-17 07:00:50
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6297 Use after free in Proxy
Published on: 2026-04-17 07:00:49
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-6299 Use after free in Prerender
Published on: 2026-04-17 07:00:51
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input
Published on: 2026-04-17 01:01:34
Link: View Details
Information published.
CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed
Published on: 2026-04-17 01:01:51
Link: View Details
Information published.
CVE-2026-35469 SpdyStream: DOS on CRI
Published on: 2026-04-17 01:01:59
Link: View Details
Information published.
CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure
Published on: 2026-04-17 01:02:19
Link: View Details
Information published.
CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount
Published on: 2026-04-17 01:40:21
Link: View Details
Information published.
CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow
Published on: 2026-04-17 01:01:17
Link: View Details
Information published.
CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()
Published on: 2026-04-17 01:01:26
Link: View Details
Information published.
CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers
Published on: 2026-04-17 01:01:42
Link: View Details
Information published.
CVE-2026-41035
Published on: 2026-04-17 01:02:04
Link: View Details
Information published.
CVE-2026-35199 SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation
Published on: 2026-04-17 01:02:11
Link: View Details
Information published.
CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows
Published on: 2026-04-17 01:02:27
Link: View Details
Information published.
CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer
Published on: 2026-04-17 01:02:33
Link: View Details
Information published.
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Published on: 2026-04-17 01:02:38
Link: View Details
Information published.
CVE-2025-64669 Windows Admin Center Elevation of Privilege Vulnerability
Published on: 2026-04-16 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-16 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-23666 .NET Framework Denial of Service Vulnerability
Published on: 2026-04-15 07:00:00
Link: View Details
Executive Summary updated
CVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
Published on: 2026-04-15 01:37:50
Link: View Details
Information published.
CVE-2026-27171 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
Published on: 2026-04-15 01:40:55
Link: View Details
Information published.
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Published on: 2026-04-15 01:39:31
Link: View Details
Information published.
CVE-2025-14523 Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins)
Published on: 2026-04-15 01:39:52
Link: View Details
Information published.
CVE-2025-1220 Null byte termination in hostnames
Published on: 2026-04-15 01:38:32
Link: View Details
Information published.
CVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()
Published on: 2026-04-15 01:42:40
Link: View Details
Information published.
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Published on: 2026-04-15 01:45:06
Link: View Details
Information published.
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Published on: 2026-04-15 01:44:18
Link: View Details
Information published.
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Published on: 2026-04-15 01:44:38
Link: View Details
Information published.
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
Published on: 2026-04-15 01:47:59
Link: View Details
Information published.
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
Published on: 2026-04-15 01:48:20
Link: View Details
Information published.
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Published on: 2026-04-15 01:49:16
Link: View Details
Information published.
CVE-2026-40385
Published on: 2026-04-15 01:01:42
Link: View Details
Information published.
CVE-2026-33555
Published on: 2026-04-15 01:01:51
Link: View Details
Information published.
CVE-2026-5466 wc_VerifyEccsiHash missing sanity check
Published on: 2026-04-15 01:01:59
Link: View Details
Information published.
CVE-2026-5194 wolfSSL ECDSA Certificate Verification
Published on: 2026-04-15 01:02:34
Link: View Details
Information published.
CVE-2026-5448 1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore
Published on: 2026-04-15 01:02:59
Link: View Details
Information published.
CVE-2026-5264 DTLS 1.3 ACK heap buffer overflow
Published on: 2026-04-15 01:03:33
Link: View Details
Information published.
CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.
Published on: 2026-04-15 01:03:58
Link: View Details
Information published.
CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3
Published on: 2026-04-15 01:04:23
Link: View Details
Information published.
CVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse
Published on: 2026-04-15 01:04:48
Link: View Details
Information published.
CVE-2026-34601 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion
Published on: 2026-04-15 01:42:18
Link: View Details
Information published.
CVE-2026-35093 Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
Published on: 2026-04-15 01:42:54
Link: View Details
Information published.
CVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templates
Published on: 2026-04-15 01:43:25
Link: View Details
Information published.
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Published on: 2026-04-15 01:44:54
Link: View Details
Information published.
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Published on: 2026-04-15 01:45:23
Link: View Details
Information published.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Published on: 2026-04-15 01:46:07
Link: View Details
Information published.
CVE-2026-32281 Inefficient policy validation in crypto/x509
Published on: 2026-04-15 01:46:32
Link: View Details
Information published.
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
Published on: 2026-04-15 01:47:16
Link: View Details
Information published.
CVE-2026-32280 Unexpected work during chain building in crypto/x509
Published on: 2026-04-15 01:47:43
Link: View Details
Information published.
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Published on: 2026-04-15 01:48:42
Link: View Details
Information published.
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
Published on: 2026-04-15 01:49:03
Link: View Details
Information published.
CVE-2026-40386
Published on: 2026-04-15 01:01:34
Link: View Details
Information published.
CVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS
Published on: 2026-04-15 01:02:08
Link: View Details
Information published.
CVE-2026-5500 Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication Bypass
Published on: 2026-04-15 01:02:16
Link: View Details
Information published.
CVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext Recovery
Published on: 2026-04-15 01:02:25
Link: View Details
Information published.
CVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates
Published on: 2026-04-15 01:02:42
Link: View Details
Information published.
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer
Published on: 2026-04-15 01:02:51
Link: View Details
Information published.
CVE-2026-5477 Prefix-substitution forgery via integer overflow in wolfCrypt CMAC
Published on: 2026-04-15 01:03:08
Link: View Details
Information published.
CVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag
Published on: 2026-04-15 01:03:16
Link: View Details
Information published.
CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName
Published on: 2026-04-15 01:03:24
Link: View Details
Information published.
CVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OID
Published on: 2026-04-15 01:03:41
Link: View Details
Information published.
CVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSL
Published on: 2026-04-15 01:03:50
Link: View Details
Information published.
CVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier
Published on: 2026-04-15 01:04:06
Link: View Details
Information published.
CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation
Published on: 2026-04-15 01:04:15
Link: View Details
Information published.
CVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints()
Published on: 2026-04-15 01:04:31
Link: View Details
Information published.
CVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streaming
Published on: 2026-04-15 01:04:39
Link: View Details
Information published.
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Published on: 2026-04-15 01:04:59
Link: View Details
Information published.
CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount
Published on: 2026-04-15 01:05:07
Link: View Details
Information published.
CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
Published on: 2026-04-15 01:05:12
Link: View Details
Information published.
CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters
Published on: 2026-04-15 01:05:18
Link: View Details
Information published.
CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
Published on: 2026-04-15 01:05:23
Link: View Details
Information published.
CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Published on: 2026-04-15 01:05:29
Link: View Details
Information published.
CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF
Published on: 2026-04-15 01:05:34
Link: View Details
Information published.
CVE-2026-3644 Incomplete control character validation in http.cookies
Published on: 2026-04-15 01:42:33
Link: View Details
Information published.
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Published on: 2026-04-15 01:38:17
Link: View Details
Information published.
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
Published on: 2026-04-15 01:39:18
Link: View Details
Information published.
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
Published on: 2026-04-15 01:39:30
Link: View Details
Information published.
CVE-2026-27139 FileInfo can escape from a Root in os
Published on: 2026-04-15 01:40:46
Link: View Details
Information published.
CVE-2026-32776
Published on: 2026-04-15 01:41:18
Link: View Details
Information published.
CVE-2026-32778
Published on: 2026-04-15 01:41:36
Link: View Details
Information published.
CVE-2026-32777
Published on: 2026-04-15 01:41:54
Link: View Details
Information published.
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Published on: 2026-04-15 01:42:06
Link: View Details
Information published.
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Published on: 2026-04-15 01:43:57
Link: View Details
Information published.
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
Published on: 2026-04-15 01:44:10
Link: View Details
Information published.
CVE-2026-3849 Buffer Overflow in HPKE via Oversized ECH Config
Published on: 2026-04-15 01:43:25
Link: View Details
Information published.
CVE-2026-3579 Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I
Published on: 2026-04-15 01:43:31
Link: View Details
Information published.
CVE-2026-2645 Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
Published on: 2026-04-15 01:43:37
Link: View Details
Information published.
CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function
Published on: 2026-04-15 01:43:43
Link: View Details
Information published.
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation
Published on: 2026-04-15 01:38:23
Link: View Details
Information published.
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Published on: 2026-04-15 01:38:06
Link: View Details
Information published.
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Published on: 2026-04-15 01:38:37
Link: View Details
Information published.
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
Published on: 2026-04-15 01:38:56
Link: View Details
Information published.
CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
Published on: 2026-04-15 01:39:04
Link: View Details
Information published.
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Published on: 2026-04-15 01:39:13
Link: View Details
Information published.
CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
Published on: 2026-04-15 01:39:24
Link: View Details
Information published.
CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
Published on: 2026-04-15 01:39:35
Link: View Details
Information published.
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
Published on: 2026-04-15 01:41:11
Link: View Details
Information published.
CVE-2026-4739 Integer overflow vulnerabilities in InsightSoftwareConsortium/ITK
Published on: 2026-04-15 01:41:38
Link: View Details
Information published.
CVE-2026-32287 Infinite loop in github.com/antchfx/xpath
Published on: 2026-04-15 01:41:59
Link: View Details
Information published.
CVE-2026-20930 Windows Management Services Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-25250 MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix
Published on: 2026-04-14 07:00:00
Link: View Details
Missing cryptographic step in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
CVE-2026-25184 Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-20945 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-23670 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
CVE-2026-26149 Microsoft Power Apps Security Feature Bypass
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.
CVE-2026-26151 Remote Desktop Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26154 Windows Server Update Service (WSUS) Tampering Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
CVE-2026-26155 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Information published.
CVE-2026-26160 Remote Desktop Licensing Service Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26161 Windows Sensor Data Service Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26162 Windows OLE Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.
CVE-2026-26165 Windows Shell Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2026-26166 Windows Shell Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Double free in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2026-26167 Windows Push Notifications Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-26174 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26175 Windows Boot Manager Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-26179 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26180 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26181 Microsoft Brokering File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-26183 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.
CVE-2026-27906 Windows Hello Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.
CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-27908 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-27915 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27917 Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-27918 Windows Shell Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2026-27919 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27921 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-27924 Desktop Window Manager Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-27926 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-27927 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.
CVE-2026-27931 Windows GDI Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
CVE-2026-32071 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2026-32073 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-32075 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-32081 Package Catalog Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32082 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32083 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32085 Remote Procedure Call Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.
CVE-2026-32087 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32089 Windows Speech Brokered Api Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
CVE-2026-32090 Windows Speech Brokered Api Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
CVE-2026-32093 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32152 Desktop Window Manager Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32154 Desktop Window Manager Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32156 Windows UPnP Device Host Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.
CVE-2026-32157 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-32158 Windows Push Notifications Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32159 Windows Push Notifications Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32160 Windows Push Notifications Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-0390 UEFI Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
CVE-2026-32165 Windows User Interface Core Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-32167 SQL Server Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32168 Azure Monitor Agent Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32178 .NET Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32181 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
CVE-2026-32183 Windows Snipping Tool Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.
CVE-2026-32184 Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
CVE-2026-32188 Microsoft Excel Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-32189 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32192 Azure Monitor Agent Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32195 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-32202 Windows Shell Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32215 Windows Kernel Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-32216 Windows Redirected Drive Buffering System Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.
CVE-2026-32217 Windows Kernel Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-32218 Windows Kernel Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2023-20585 AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
The vulnerability assigned to this CVE could lead to corruption of guest encrypted memory. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.
Please see the following for more information:
* [https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3016.html]
CVE-2026-32219 Microsoft Brokering File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32220 UEFI Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
CVE-2026-32221 Windows Graphics Component Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
CVE-2026-32222 Windows Win32k Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-32224 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32226 .NET Framework Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-33095 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33096 HTTP.sys Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
CVE-2026-33098 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
CVE-2026-33120 Microsoft SQL Server Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-33822 Microsoft Word Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
CVE-2026-33826 Windows Active Directory Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
CVE-2026-32212 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
ADV990001 Latest Servicing Stack Updates
Published on: 2026-04-14 07:00:00
Link: View Details
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
CVE-2025-6965 Integer Truncation on SQLite
Published on: 2026-04-14 07:00:00
Link: View Details
This CVE has been updated to include new package information
CVE-2026-32631 GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes
Published on: 2026-04-14 07:00:00
Link: View Details
[CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) is regarding a vulnerability where it is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Git which address this vulnerability.
Please see [CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) for more information.
CVE-2026-21637 HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers
Published on: 2026-04-14 07:00:00
Link: View Details
[CVE-2026-21637](https://www.cve.org/CVERecord?id=CVE-2026-21637) is regarding a vulnerability in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. HackerOne created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Node.js which address this vulnerability.
Please see [CVE-2026-21637](https://www.cve.org/CVERecord?id=CVE-2026-21637) for more information.
CVE-2026-20928 Windows Recovery Environment Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-20806 Windows COM Server Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.
CVE-2026-23657 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-23666 .NET Framework Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-26143 Microsoft PowerShell Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-26152 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-26153 Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-26156 Windows Hyper-V Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-26159 Remote Desktop Licensing Service Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26163 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26169 Windows Kernel Memory Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
CVE-2026-26170 PowerShell Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2026-26172 Windows Push Notifications Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26176 Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-26177 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26178 Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.
CVE-2026-26182 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26184 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-27909 Windows Search Service Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2026-27910 Windows Installer Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-27911 Windows User Interface Core Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-27912 Windows Kerberos Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-27913 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-27914 Microsoft Management Console Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
CVE-2026-27916 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27920 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27922 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-27923 Desktop Window Manager Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-27925 Windows UPnP Device Host Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.
CVE-2026-27928 Windows Hello Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-27930 Windows GDI Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
CVE-2026-32068 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2026-32069 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32070 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-32072 Active Directory Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
CVE-2026-32074 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-32078 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-32079 Web Account Manager Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32080 Windows WalletService Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
CVE-2026-32084 Windows Print Spooler Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32086 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32088 Windows Biometric Service Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-32091 Microsoft Brokering File System Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32149 Windows Hyper-V Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-32150 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32151 Windows Shell Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.
CVE-2026-32153 Windows Speech Runtime Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2026-32155 Desktop Window Manager Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32162 Windows COM Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32163 Windows User Interface Core Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-32164 Windows User Interface Core Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-32171 Azure Logic Apps Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-32176 SQL Server Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32190 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-32196 Windows Admin Center Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32197 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32198 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32199 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32200 Microsoft PowerPoint Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-26171 .NET Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-32203 .NET and Visual Studio Denial of Service Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
CVE-2026-32225 Windows Shell Security Feature Bypass Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-33099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-33100 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-33101 Windows Print Spooler Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.
CVE-2026-33104 Win32k Elevation of Privilege Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-33114 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33115 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33827 Windows TCP/IP Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2026-33824 Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
CVE-2026-33829 Windows Snipping Tool Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32214 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Added an acknowledgement. This is an informational change only.
CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability
Published on: 2026-04-14 07:00:00
Link: View Details
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32187 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability - Rejected
Published on: 2026-04-14 07:00:00
Link: View Details
Microsoft has changed the status of this CVE to Rejected as we have determined that this is not a vulnerability.
CVE-2025-1147 GNU Binutils nm nm.c internal_strlen buffer overflow
Published on: 2026-04-14 01:37:25
Link: View Details
Information published.
CVE-2025-1148 GNU Binutils ld ldelfgen.c link_order_scan memory leak
Published on: 2026-04-14 01:37:32
Link: View Details
Information published.
CVE-2025-11839 GNU Binutils prdbg.c tg_tag_type return value
Published on: 2026-04-14 01:37:48
Link: View Details
Information published.
CVE-2025-69646 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.
Published on: 2026-04-14 01:38:18
Link: View Details
Information published.
CVE-2025-69652 GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
Published on: 2026-04-14 01:38:25
Link: View Details
Information published.
CVE-2025-69645 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.
Published on: 2026-04-14 01:38:32
Link: View Details
Information published.
CVE-2025-69649 GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.
Published on: 2026-04-14 01:38:39
Link: View Details
Information published.
CVE-2026-3783 token leak with redirect and netrc
Published on: 2026-04-14 01:38:46
Link: View Details
Information published.
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Published on: 2026-04-14 01:40:59
Link: View Details
Information published.
CVE-2026-1965 bad reuse of HTTP Negotiate connection
Published on: 2026-04-14 01:38:52
Link: View Details
Information published.
CVE-2026-3784 wrong proxy connection reuse with credentials
Published on: 2026-04-14 01:38:59
Link: View Details
Information published.
CVE-2025-69647
Published on: 2026-04-14 01:39:06
Link: View Details
Information published.
CVE-2026-32776
Published on: 2026-04-14 01:39:20
Link: View Details
Information published.
CVE-2026-32778
Published on: 2026-04-14 01:39:31
Link: View Details
Information published.
CVE-2026-32777
Published on: 2026-04-14 01:39:46
Link: View Details
Information published.
CVE-2026-4647 Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library
Published on: 2026-04-14 01:40:35
Link: View Details
Information published.
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Published on: 2026-04-14 01:41:06
Link: View Details
Information published.
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Published on: 2026-04-14 01:41:12
Link: View Details
Information published.
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Published on: 2026-04-14 01:41:19
Link: View Details
Information published.
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
Published on: 2026-04-14 01:41:50
Link: View Details
Information published.
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization
Published on: 2026-04-14 01:41:57
Link: View Details
Information published.
CVE-2026-40385
Published on: 2026-04-14 01:01:26
Link: View Details
Information published.
CVE-2026-40393
Published on: 2026-04-14 01:01:32
Link: View Details
Information published.
CVE-2026-31416 netfilter: nfnetlink_log: account for netlink header size
Published on: 2026-04-14 01:01:38
Link: View Details
Information published.
CVE-2026-31423 net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()
Published on: 2026-04-14 01:01:43
Link: View Details
Information published.
CVE-2026-31424 netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP
Published on: 2026-04-14 01:01:49
Link: View Details
Information published.
CVE-2026-31427 netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp
Published on: 2026-04-14 01:02:11
Link: View Details
Information published.
CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()
Published on: 2026-04-14 01:02:22
Link: View Details
Information published.
CVE-2026-31421 net/sched: cls_fw: fix NULL pointer dereference on shared blocks
Published on: 2026-04-14 01:02:33
Link: View Details
Information published.
CVE-2026-31428 netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD
Published on: 2026-04-14 01:02:38
Link: View Details
Information published.
CVE-2026-31418 netfilter: ipset: drop logically empty buckets in mtype_del
Published on: 2026-04-14 01:44:36
Link: View Details
Information published.
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Published on: 2026-04-14 01:44:07
Link: View Details
Information published.
CVE-2026-40386
Published on: 2026-04-14 01:01:20
Link: View Details
Information published.
CVE-2026-31417 net/x25: Fix overflow when accumulating packets
Published on: 2026-04-14 01:01:54
Link: View Details
Information published.
CVE-2026-31422 net/sched: cls_flow: fix NULL pointer dereference on shared blocks
Published on: 2026-04-14 01:01:59
Link: View Details
Information published.
CVE-2026-31414 netfilter: nf_conntrack_expect: use expect->helper
Published on: 2026-04-14 01:02:05
Link: View Details
Information published.
CVE-2026-31426 ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()
Published on: 2026-04-14 01:02:16
Link: View Details
Information published.
CVE-2026-31420 bridge: mrp: reject zero test interval to avoid OOM panic
Published on: 2026-04-14 01:02:27
Link: View Details
Information published.
CVE-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
Published on: 2026-04-12 01:01:40
Link: View Details
Information published.
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Published on: 2026-04-12 01:01:49
Link: View Details
Information published.
CVE-2026-40226
Published on: 2026-04-12 01:01:57
Link: View Details
Information published.
CVE-2026-39853 osslsigncode has a Stack Buffer Overflow via Unbounded Digest Copy During Signature Verification
Published on: 2026-04-12 01:02:14
Link: View Details
Information published.
CVE-2026-39855 osslsigncode has an Integer Underflow in PE Page Hash Calculation Can Cause Out-of-Bounds Read
Published on: 2026-04-12 01:02:19
Link: View Details
Information published.
CVE-2026-39856 osslsigncode has an Out-of-Bounds Read via Unvalidated Section Bounds in PE Page Hash Calculation
Published on: 2026-04-12 01:02:25
Link: View Details
Information published.
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Published on: 2026-04-12 01:02:02
Link: View Details
Information published.
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Published on: 2026-04-12 01:02:07
Link: View Details
Information published.
CVE-2026-35386
Published on: 2026-04-11 01:39:56
Link: View Details
Information published.
CVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()
Published on: 2026-04-11 01:40:16
Link: View Details
Information published.
CVE-2026-35535
Published on: 2026-04-11 01:40:10
Link: View Details
Information published.
CVE-2026-39314 CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported`
Published on: 2026-04-11 01:01:16
Link: View Details
Information published.
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Published on: 2026-04-11 01:05:12
Link: View Details
Information published.
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Published on: 2026-04-11 01:04:19
Link: View Details
Information published.
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Published on: 2026-04-11 01:04:53
Link: View Details
Information published.
CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver
Published on: 2026-04-11 01:01:30
Link: View Details
Information published.
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Published on: 2026-04-11 01:03:43
Link: View Details
Information published.
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
Published on: 2026-04-11 01:08:48
Link: View Details
Information published.
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
Published on: 2026-04-11 01:09:15
Link: View Details
Information published.
CVE-2026-33810 Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
Published on: 2026-04-11 01:10:17
Link: View Details
Information published.
CVE-2026-4878 Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()
Published on: 2026-04-11 01:10:27
Link: View Details
Information published.
CVE-2026-35388
Published on: 2026-04-11 01:39:45
Link: View Details
Information published.
CVE-2026-35385
Published on: 2026-04-11 01:40:03
Link: View Details
Information published.
CVE-2026-39316 CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer
Published on: 2026-04-11 01:01:21
Link: View Details
Information published.
CVE-2026-40026 Sleuth Kit ISO9660 SUSP Extension Reference Out-of-Bounds Read
Published on: 2026-04-11 01:40:37
Link: View Details
Information published.
CVE-2026-40025 Sleuth Kit APFS Keybag Parser Out-of-Bounds Read
Published on: 2026-04-11 01:40:44
Link: View Details
Information published.
CVE-2026-40024 Sleuth Kit tsk_recover Path Traversal
Published on: 2026-04-11 01:40:50
Link: View Details
Information published.
CVE-2026-39881 Vim Ex command injection in Vims NetBeans integration
Published on: 2026-04-11 01:40:57
Link: View Details
Information published.
CVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templates
Published on: 2026-04-11 01:01:39
Link: View Details
Information published.
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Published on: 2026-04-11 01:02:05
Link: View Details
Information published.
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Published on: 2026-04-11 01:02:31
Link: View Details
Information published.
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Published on: 2026-04-11 01:03:08
Link: View Details
Information published.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Published on: 2026-04-11 01:06:16
Link: View Details
Information published.
CVE-2026-32281 Inefficient policy validation in crypto/x509
Published on: 2026-04-11 01:06:47
Link: View Details
Information published.
CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template
Published on: 2026-04-11 01:07:20
Link: View Details
Information published.
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
Published on: 2026-04-11 01:07:52
Link: View Details
Information published.
CVE-2026-32280 Unexpected work during chain building in crypto/x509
Published on: 2026-04-11 01:08:24
Link: View Details
Information published.
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Published on: 2026-04-11 01:09:42
Link: View Details
Information published.
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
Published on: 2026-04-11 01:10:08
Link: View Details
Information published.
Chromium: CVE-2026-5899 Incorrect security UI in History Navigation
Published on: 2026-04-10 17:31:48
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5897 Incorrect security UI in Downloads
Published on: 2026-04-10 17:31:46
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5898 Incorrect security UI in Omnibox
Published on: 2026-04-10 17:31:47
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5896 Policy bypass in Audio
Published on: 2026-04-10 17:31:45
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5894 Inappropriate implementation in PDF
Published on: 2026-04-10 17:31:43
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5893 Race in V8
Published on: 2026-04-10 17:31:42
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5891 Insufficient policy enforcement in browser UI
Published on: 2026-04-10 17:31:40
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5892 Insufficient policy enforcement in PWAs
Published on: 2026-04-10 17:31:41
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5886 Out of bounds read in WebAudio
Published on: 2026-04-10 17:31:35
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5888 Uninitialized Use in WebCodecs
Published on: 2026-04-10 17:31:37
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5890 Race in WebCodecs
Published on: 2026-04-10 17:31:39
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5884 Insufficient validation of untrusted input in Media
Published on: 2026-04-10 17:31:33
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5885 Insufficient validation of untrusted input in WebML
Published on: 2026-04-10 17:31:34
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5895 Incorrect security UI in Omnibox
Published on: 2026-04-10 17:31:44
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5883 Use after free in Media
Published on: 2026-04-10 17:31:32
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5887 Insufficient validation of untrusted input in Downloads
Published on: 2026-04-10 17:31:36
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5889 Cryptographic Flaw in PDFium
Published on: 2026-04-10 17:31:38
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5880 Incorrect security UI in browser UI
Published on: 2026-04-10 17:31:29
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5879 Insufficient validation of untrusted input in ANGLE
Published on: 2026-04-10 17:31:28
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5882 Incorrect security UI in Fullscreen
Published on: 2026-04-10 17:31:31
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5881 Policy bypass in LocalNetworkAccess
Published on: 2026-04-10 17:31:30
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5876 Side-channel information leakage in Navigation
Published on: 2026-04-10 17:31:25
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5878 Incorrect security UI in Blink
Published on: 2026-04-10 17:31:27
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5877 Use after free in Navigation
Published on: 2026-04-10 17:31:26
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5874 Use after free in PrivateAI
Published on: 2026-04-10 17:31:23
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5871 Type Confusion in V8
Published on: 2026-04-10 17:31:20
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5872 Use after free in Blink
Published on: 2026-04-10 17:31:21
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5873 Out of bounds read and write in V8
Published on: 2026-04-10 17:31:22
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5875 Policy bypass in Blink
Published on: 2026-04-10 17:31:24
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5869 Heap buffer overflow in WebML
Published on: 2026-04-10 17:31:18
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5870 Integer overflow in Skia
Published on: 2026-04-10 17:31:18
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5868 Heap buffer overflow in ANGLE
Published on: 2026-04-10 17:31:17
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5864 Heap buffer overflow in WebAudio
Published on: 2026-04-10 17:31:13
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5862 Inappropriate implementation in V8
Published on: 2026-04-10 17:31:11
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5867 Heap buffer overflow in WebML
Published on: 2026-04-10 17:31:16
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5860 Use after free in WebRTC
Published on: 2026-04-10 17:31:09
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5863 Inappropriate implementation in V8
Published on: 2026-04-10 17:31:12
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5858 Heap buffer overflow in WebML
Published on: 2026-04-10 17:31:05
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5859 Integer overflow in WebML
Published on: 2026-04-10 17:31:08
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5861 Use after free in V8
Published on: 2026-04-10 17:31:10
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5918 Inappropriate implementation in Navigation
Published on: 2026-04-10 17:32:05
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5919 Insufficient validation of untrusted input in WebSockets
Published on: 2026-04-10 17:32:06
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5913 Out of bounds read in Blink
Published on: 2026-04-10 17:32:02
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5915 Insufficient validation of untrusted input in WebML
Published on: 2026-04-10 17:32:04
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5914 Type Confusion in CSS
Published on: 2026-04-10 17:32:03
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5911 Policy bypass in ServiceWorkers
Published on: 2026-04-10 17:32:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5909 Integer overflow in Media
Published on: 2026-04-10 17:31:58
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5912 Integer overflow in WebRTC
Published on: 2026-04-10 17:32:01
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5910 Integer overflow in Media
Published on: 2026-04-10 17:31:59
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5908 Integer overflow in Media
Published on: 2026-04-10 17:31:57
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5907 Insufficient data validation in Media
Published on: 2026-04-10 17:31:56
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5904 Use after free in V8
Published on: 2026-04-10 17:31:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5865 Type Confusion in V8
Published on: 2026-04-10 17:31:14
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5906 Incorrect security UI in Omnibox
Published on: 2026-04-10 17:31:55
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5905 Incorrect security UI in Permissions
Published on: 2026-04-10 17:31:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5900 Policy bypass in Downloads
Published on: 2026-04-10 17:31:49
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5866 Use after free in Media
Published on: 2026-04-10 17:31:15
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-33119 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Published on: 2026-04-10 07:00:00
Link: View Details
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Chromium: CVE-2026-5903 Policy bypass in IFrameSandbox
Published on: 2026-04-10 17:31:52
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5902 Race in Media
Published on: 2026-04-10 17:31:51
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Published on: 2026-04-10 07:00:00
Link: View Details
Information published.
Chromium: CVE-2026-5901 Policy bypass in DevTools
Published on: 2026-04-10 17:31:50
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-24302 Azure Arc Elevation of Privilege Vulnerability
Published on: 2026-04-10 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-23405 apparmor: fix: limit the number of levels of policy namespaces
Published on: 2026-04-10 01:02:21
Link: View Details
Information published.
CVE-2026-40026 Sleuth Kit ISO9660 SUSP Extension Reference Out-of-Bounds Read
Published on: 2026-04-10 01:01:43
Link: View Details
Information published.
CVE-2026-40025 Sleuth Kit APFS Keybag Parser Out-of-Bounds Read
Published on: 2026-04-10 01:01:48
Link: View Details
Information published.
CVE-2026-40024 Sleuth Kit tsk_recover Path Traversal
Published on: 2026-04-10 01:01:54
Link: View Details
Information published.
CVE-2026-39881 Vim Ex command injection in Vims NetBeans integration
Published on: 2026-04-10 01:01:59
Link: View Details
Information published.
CVE-2026-23403 apparmor: fix memory leak in verify_header
Published on: 2026-04-10 01:02:07
Link: View Details
Information published.
CVE-2026-23404 apparmor: replace recursive profile removal with iterative approach
Published on: 2026-04-10 01:02:14
Link: View Details
Information published.
CVE-2026-23406 apparmor: fix side-effect bug in match_char() macro usage
Published on: 2026-04-10 01:02:27
Link: View Details
Information published.
CVE-2026-23407 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
Published on: 2026-04-10 01:02:33
Link: View Details
Information published.
CVE-2026-23408 apparmor: Fix double free of ns_name in aa_replace_profiles()
Published on: 2026-04-10 01:02:39
Link: View Details
Information published.
CVE-2026-23409 apparmor: fix differential encoding verification
Published on: 2026-04-10 01:02:45
Link: View Details
Information published.
CVE-2026-23410 apparmor: fix race on rawdata dereference
Published on: 2026-04-10 01:02:51
Link: View Details
Information published.
CVE-2026-23411 apparmor: fix race between freeing data and fs accessing it
Published on: 2026-04-10 01:02:58
Link: View Details
Information published.
CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection
Published on: 2026-04-10 01:01:36
Link: View Details
Information published.
CVE-2026-0385 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Published on: 2026-04-09 07:00:00
Link: View Details
CVE-2026-26133 M365 Copilot Information Disclosure Vulnerability
Published on: 2026-04-09 07:00:00
Link: View Details
Updated CWE value. This is an informational change only.
CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)
Published on: 2026-04-09 01:01:30
Link: View Details
Information published.
CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276
Published on: 2026-04-09 01:02:34
Link: View Details
Information published.
CVE-2026-34933 Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon
Published on: 2026-04-09 01:01:25
Link: View Details
Information published.
CVE-2026-39314 CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported`
Published on: 2026-04-09 01:01:57
Link: View Details
Information published.
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Published on: 2026-04-09 01:02:03
Link: View Details
Information published.
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Published on: 2026-04-09 01:02:09
Link: View Details
Information published.
CVE-2026-31790 Incorrect Failure Handling in RSA KEM RSASVE Encapsulation
Published on: 2026-04-09 01:02:14
Link: View Details
Information published.
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Published on: 2026-04-09 01:02:20
Link: View Details
Information published.
CVE-2026-34446 ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Published on: 2026-04-09 01:02:48
Link: View Details
Information published.
CVE-2026-34979 OpenPrinting CUPS: Heap overflow in `get_options()`
Published on: 2026-04-09 01:01:35
Link: View Details
Information published.
CVE-2026-34980 OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
Published on: 2026-04-09 01:01:40
Link: View Details
Information published.
CVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printers
Published on: 2026-04-09 01:01:45
Link: View Details
Information published.
CVE-2026-35177 Path traversal issue with zip.vim in Vim
Published on: 2026-04-09 01:02:39
Link: View Details
Information published.
CVE-2026-39316 CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer
Published on: 2026-04-09 01:01:51
Link: View Details
Information published.
CVE-2026-35093 Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
Published on: 2026-04-09 01:02:29
Link: View Details
Information published.
CVE-2026-34445 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
Published on: 2026-04-09 01:02:56
Link: View Details
Information published.
CVE-2026-21712
Published on: 2026-04-09 01:39:07
Link: View Details
Information published.
CVE-2025-66037 OpenSC: Out of Bounds vulnerability
Published on: 2026-04-09 01:39:31
Link: View Details
Information published.
CVE-2026-21717
Published on: 2026-04-09 01:39:45
Link: View Details
Information published.
CVE-2026-21715
Published on: 2026-04-09 01:40:20
Link: View Details
Information published.
CVE-2026-21714
Published on: 2026-04-09 01:39:59
Link: View Details
Information published.
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input
Published on: 2026-04-09 01:40:37
Link: View Details
Information published.
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Published on: 2026-04-09 01:38:04
Link: View Details
Information published.
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Published on: 2026-04-09 01:39:18
Link: View Details
Information published.
CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur
Published on: 2026-04-09 01:39:25
Link: View Details
Information published.
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Published on: 2026-04-09 01:39:38
Link: View Details
Information published.
CVE-2026-21710
Published on: 2026-04-09 01:40:13
Link: View Details
Information published.
CVE-2026-21716
Published on: 2026-04-09 01:40:06
Link: View Details
Information published.
CVE-2026-21713
Published on: 2026-04-09 01:39:52
Link: View Details
Information published.
CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276
Published on: 2026-04-08 01:01:19
Link: View Details
Information published.
CVE-2026-35177 Path traversal issue with zip.vim in Vim
Published on: 2026-04-08 01:01:25
Link: View Details
Information published.
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions
Published on: 2026-04-08 01:41:42
Link: View Details
Information published.
CVE-2026-34714
Published on: 2026-04-08 01:37:47
Link: View Details
Information published.
CVE-2026-21715
Published on: 2026-04-08 01:37:54
Link: View Details
Information published.
CVE-2026-21714
Published on: 2026-04-08 01:38:01
Link: View Details
Information published.
CVE-2026-29785 NATS Server panic via malicious compression on leafnode port
Published on: 2026-04-08 01:38:58
Link: View Details
Information published.
CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack
Published on: 2026-04-08 01:40:48
Link: View Details
Information published.
CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection
Published on: 2026-04-08 01:36:38
Link: View Details
Information published.
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Published on: 2026-04-08 01:36:46
Link: View Details
Information published.
CVE-2026-21710
Published on: 2026-04-08 01:38:16
Link: View Details
Information published.
CVE-2026-21716
Published on: 2026-04-08 01:38:09
Link: View Details
Information published.
CVE-2026-21713
Published on: 2026-04-08 01:38:24
Link: View Details
Information published.
CVE-2026-33554
Published on: 2026-04-08 01:38:36
Link: View Details
Information published.
CVE-2026-5201 Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image
Published on: 2026-04-08 01:38:43
Link: View Details
Information published.
CVE-2026-33216 NATS has MQTT plaintext password disclosure
Published on: 2026-04-08 01:38:51
Link: View Details
Information published.
CVE-2026-32186 Microsoft Bing Elevation of Privilege Vulnerability
Published on: 2026-04-07 07:00:00
Link: View Details
Updated information to include CVSS scores. This is an informational change only.
CVE-2026-35414
Published on: 2026-04-07 01:41:35
Link: View Details
Information published.
CVE-2026-35386
Published on: 2026-04-07 01:02:11
Link: View Details
Information published.
CVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()
Published on: 2026-04-07 01:01:44
Link: View Details
Information published.
CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)
Published on: 2026-04-07 01:40:49
Link: View Details
Information published.
CVE-2026-27447 OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup
Published on: 2026-04-07 01:40:54
Link: View Details
Information published.
CVE-2026-23473 io_uring/poll: fix multishot recv missing EOF on wakeup race
Published on: 2026-04-07 01:41:05
Link: View Details
Information published.
CVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
Published on: 2026-04-07 01:41:20
Link: View Details
Information published.
CVE-2026-23442 ipv6: add NULL checks for idev in SRv6 paths
Published on: 2026-04-07 01:41:25
Link: View Details
Information published.
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
Published on: 2026-04-07 01:41:30
Link: View Details
Information published.
CVE-2026-31410 ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION
Published on: 2026-04-07 01:01:16
Link: View Details
Information published.
CVE-2026-31407 netfilter: conntrack: add missing netlink policy validations
Published on: 2026-04-07 01:01:22
Link: View Details
Information published.
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization
Published on: 2026-04-07 01:02:25
Link: View Details
Information published.
CVE-2026-34591 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write
Published on: 2026-04-07 01:02:30
Link: View Details
Information published.
CVE-2026-35388
Published on: 2026-04-07 01:01:55
Link: View Details
Information published.
CVE-2026-35387
Published on: 2026-04-07 01:02:00
Link: View Details
Information published.
CVE-2026-35385
Published on: 2026-04-07 01:02:05
Link: View Details
Information published.
CVE-2026-34979 OpenPrinting CUPS: Heap overflow in `get_options()`
Published on: 2026-04-07 01:40:39
Link: View Details
Information published.
CVE-2026-34980 OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
Published on: 2026-04-07 01:40:44
Link: View Details
Information published.
CVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printers
Published on: 2026-04-07 01:41:00
Link: View Details
Information published.
CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN
Published on: 2026-04-07 01:41:10
Link: View Details
Information published.
CVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
Published on: 2026-04-07 01:41:15
Link: View Details
Information published.
CVE-2026-31408 Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
Published on: 2026-04-07 01:01:28
Link: View Details
Information published.
CVE-2026-35414
Published on: 2026-04-05 01:02:37
Link: View Details
Information published.
CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)
Published on: 2026-04-05 01:01:34
Link: View Details
Information published.
CVE-2026-27447 OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup
Published on: 2026-04-05 01:01:39
Link: View Details
Information published.
CVE-2026-23473 io_uring/poll: fix multishot recv missing EOF on wakeup race
Published on: 2026-04-05 01:01:50
Link: View Details
Information published.
CVE-2026-31394 mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations
Published on: 2026-04-05 01:02:02
Link: View Details
Information published.
CVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
Published on: 2026-04-05 01:02:13
Link: View Details
Information published.
CVE-2026-23442 ipv6: add NULL checks for idev in SRv6 paths
Published on: 2026-04-05 01:02:19
Link: View Details
Information published.
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
Published on: 2026-04-05 01:02:24
Link: View Details
Information published.
CVE-2026-35535
Published on: 2026-04-05 01:02:45
Link: View Details
Information published.
CVE-2026-34979 OpenPrinting CUPS: Heap overflow in `get_options()`
Published on: 2026-04-05 01:01:23
Link: View Details
Information published.
CVE-2026-34980 OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
Published on: 2026-04-05 01:01:28
Link: View Details
Information published.
CVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printers
Published on: 2026-04-05 01:01:45
Link: View Details
Information published.
CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN
Published on: 2026-04-05 01:01:55
Link: View Details
Information published.
CVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
Published on: 2026-04-05 01:02:07
Link: View Details
Information published.
CVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control
Published on: 2026-04-03 01:39:08
Link: View Details
Information published.
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input
Published on: 2026-04-03 01:39:27
Link: View Details
Information published.
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Published on: 2026-04-03 01:38:47
Link: View Details
Information published.
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Published on: 2026-04-03 01:38:58
Link: View Details
Information published.
CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters
Published on: 2026-04-03 01:39:20
Link: View Details
Information published.
CVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer names
Published on: 2026-04-03 01:01:25
Link: View Details
Information published.
CVE-2026-32213 Azure AI Foundry Elevation of Privilege Vulnerability
Published on: 2026-04-02 07:00:00
Link: View Details
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
Chromium: CVE-2026-5289 Use after free in Navigation
Published on: 2026-04-02 18:46:55
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5286 Use after free in Dawn
Published on: 2026-04-02 18:46:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5287 Use after free in PDF
Published on: 2026-04-02 18:46:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5285 Use after free in WebGL
Published on: 2026-04-02 18:46:52
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5284 Use after free in Dawn
Published on: 2026-04-02 18:46:51
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5283 Inappropriate implementation in ANGLE
Published on: 2026-04-02 18:46:50
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5281 Use after free in Dawn
Published on: 2026-04-02 18:46:49
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information. Google is aware that an exploit for CVE-2026-5281 exists in the wild.
Chromium: CVE-2026-5280 Use after free in WebCodecs
Published on: 2026-04-02 18:46:48
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5279 Object corruption in V8
Published on: 2026-04-02 18:46:47
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5292 Out of bounds read in WebCodecs
Published on: 2026-04-02 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5290 Use after free in Compositing
Published on: 2026-04-02 18:46:55
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5277 Integer overflow in ANGLE
Published on: 2026-04-02 18:46:46
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5276 Insufficient policy enforcement in WebUSB
Published on: 2026-04-02 18:46:45
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5275 Heap buffer overflow in ANGLE
Published on: 2026-04-02 18:46:44
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5274 Integer overflow in Codecs
Published on: 2026-04-02 18:46:43
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5273 Use after free in CSS
Published on: 2026-04-02 18:46:42
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-5272 Heap buffer overflow in GPU
Published on: 2026-04-02 18:46:41
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-32186 Microsoft Bing Elevation of Privilege Vulnerability
Published on: 2026-04-02 07:00:00
Link: View Details
Information published.
CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability
Published on: 2026-04-02 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability
Published on: 2026-04-02 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
CVE-2026-33105 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Published on: 2026-04-02 07:00:00
Link: View Details
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32173 Azure SRE Agent Information Disclosure Vulnerability
Published on: 2026-04-02 07:00:00
Link: View Details
Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
CVE-2026-32211 Azure MCP Server Information Disclosure Vulnerability
Published on: 2026-04-02 07:00:00
Link: View Details
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.
Chromium: CVE-2026-5291 Inappropriate implementation in WebGL
Published on: 2026-04-02 18:46:56
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-2739 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
Published on: 2026-04-02 01:37:20
Link: View Details
Information published.
CVE-2026-29111 systemd: Local unprivileged user can trigger an assert
Published on: 2026-04-02 01:38:20
Link: View Details
Information published.
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Published on: 2026-04-02 01:06:35
Link: View Details
Information published.
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Published on: 2026-04-02 01:39:17
Link: View Details
Information published.
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Published on: 2026-04-02 01:39:52
Link: View Details
Information published.
CVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control
Published on: 2026-04-02 01:39:08
Link: View Details
Information published.
CVE-2025-66037 OpenSC: Out of Bounds vulnerability
Published on: 2026-04-02 01:05:07
Link: View Details
Information published.
CVE-2026-34714
Published on: 2026-04-02 01:06:41
Link: View Details
Information published.
CVE-2026-4046 iconv crash due to assertion failure with untrusted input
Published on: 2026-04-02 01:01:22
Link: View Details
Information published.
CVE-2026-5119 Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment
Published on: 2026-04-02 01:04:50
Link: View Details
Information published.
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input
Published on: 2026-04-02 01:05:31
Link: View Details
Information published.
CVE-2026-29785 NATS Server panic via malicious compression on leafnode port
Published on: 2026-04-02 01:06:16
Link: View Details
Information published.
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Published on: 2026-04-02 01:39:58
Link: View Details
Information published.
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Published on: 2026-04-02 01:05:59
Link: View Details
Information published.
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Published on: 2026-04-02 01:39:25
Link: View Details
Information published.
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Published on: 2026-04-02 01:39:33
Link: View Details
Information published.
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Published on: 2026-04-02 01:39:41
Link: View Details
Information published.
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers
Published on: 2026-04-02 01:40:07
Link: View Details
Information published.
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Published on: 2026-04-02 01:04:57
Link: View Details
Information published.
CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur
Published on: 2026-04-02 01:05:12
Link: View Details
Information published.
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Published on: 2026-04-02 01:05:02
Link: View Details
Information published.
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
Published on: 2026-04-02 01:04:04
Link: View Details
Information published.
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
Published on: 2026-04-02 01:40:32
Link: View Details
Information published.
CVE-2026-4739 Integer overflow vulnerabilities in InsightSoftwareConsortium/ITK
Published on: 2026-04-02 01:04:10
Link: View Details
Information published.
CVE-2026-33554
Published on: 2026-04-02 01:04:20
Link: View Details
Information published.
CVE-2026-5201 Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image
Published on: 2026-04-02 01:04:34
Link: View Details
Information published.
CVE-2026-5121 Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing
Published on: 2026-04-02 01:04:42
Link: View Details
Information published.
CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters
Published on: 2026-04-02 01:05:22
Link: View Details
Information published.
CVE-2026-4732 Out-of-bounds Read Overflow in tildearrow/furnace
Published on: 2026-04-02 01:05:36
Link: View Details
Information published.
CVE-2026-2436 Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake
Published on: 2026-04-02 01:05:41
Link: View Details
Information published.
CVE-2026-33216 NATS has MQTT plaintext password disclosure
Published on: 2026-04-02 01:06:08
Link: View Details
Information published.
CVE-2026-32287 Infinite loop in github.com/antchfx/xpath
Published on: 2026-04-02 01:06:27
Link: View Details
Information published.
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work
Published on: 2026-04-01 01:49:12
Link: View Details
Information published.
CVE-2024-41013 xfs: don't walk off the end of a directory data block
Published on: 2026-04-01 01:52:41
Link: View Details
Information published.
CVE-2023-52676 bpf: Guard stack limits against 32bit overflow
Published on: 2026-04-01 01:51:22
Link: View Details
Information published.
CVE-2024-35839 netfilter: bridge: replace physindev with physinif in nf_bridge_info
Published on: 2026-04-01 01:51:56
Link: View Details
Information published.
CVE-2026-29111 systemd: Local unprivileged user can trigger an assert
Published on: 2026-04-01 01:49:35
Link: View Details
Information published.
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions
Published on: 2026-04-01 01:56:30
Link: View Details
Information published.
CVE-2025-67030
Published on: 2026-04-01 01:57:06
Link: View Details
Information published.
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Published on: 2026-04-01 01:57:14
Link: View Details
Information published.
CVE-2026-21712
Published on: 2026-04-01 01:57:37
Link: View Details
Information published.
CVE-2026-34353
Published on: 2026-04-01 01:57:48
Link: View Details
Information published.
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Published on: 2026-04-01 01:57:59
Link: View Details
Information published.
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion
Published on: 2026-04-01 01:58:16
Link: View Details
Information published.
CVE-2025-66037 OpenSC: Out of Bounds vulnerability
Published on: 2026-04-01 01:14:06
Link: View Details
Information published.
CVE-2026-34714
Published on: 2026-04-01 01:14:55
Link: View Details
Information published.
CVE-2026-21717
Published on: 2026-04-01 01:16:14
Link: View Details
Information published.
CVE-2026-21715
Published on: 2026-04-01 01:18:03
Link: View Details
Information published.
CVE-2026-21714
Published on: 2026-04-01 01:18:43
Link: View Details
Information published.
CVE-2026-4746 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton
Published on: 2026-04-01 01:56:21
Link: View Details
Information published.
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Published on: 2026-04-01 01:57:20
Link: View Details
Information published.
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Published on: 2026-04-01 01:57:26
Link: View Details
Information published.
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Published on: 2026-04-01 01:57:32
Link: View Details
Information published.
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers
Published on: 2026-04-01 01:58:09
Link: View Details
Information published.
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Published on: 2026-04-01 01:13:21
Link: View Details
Information published.
CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur
Published on: 2026-04-01 01:13:44
Link: View Details
Information published.
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Published on: 2026-04-01 01:14:28
Link: View Details
Information published.
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
Published on: 2026-04-01 01:15:30
Link: View Details
Information published.
CVE-2026-21710
Published on: 2026-04-01 01:16:56
Link: View Details
Information published.
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
Published on: 2026-04-01 01:17:30
Link: View Details
Information published.
CVE-2026-21716
Published on: 2026-04-01 01:19:13
Link: View Details
Information published.
CVE-2026-21713
Published on: 2026-04-01 01:19:42
Link: View Details
Information published.
CVE-2026-21711
Published on: 2026-04-01 01:20:03
Link: View Details
Information published.
CVE-2026-23229 crypto: virtio - Add spinlock protection with virtqueue notification
Published on: 2026-03-31 01:40:25
Link: View Details
Information published.
CVE-2026-23221 bus: fsl-mc: fix use-after-free in driver_override_show()
Published on: 2026-03-31 01:37:29
Link: View Details
Information published.
CVE-2025-71232 scsi: qla2xxx: Free sp in error path to fix system crash
Published on: 2026-03-31 01:39:38
Link: View Details
Information published.
CVE-2026-23222 crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly
Published on: 2026-03-31 01:40:12
Link: View Details
Information published.
CVE-2026-23228 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
Published on: 2026-03-31 01:40:18
Link: View Details
Information published.
CVE-2025-71235 scsi: qla2xxx: Delay module unload while fabric scan in progress
Published on: 2026-03-31 01:39:45
Link: View Details
Information published.
CVE-2025-71233 PCI: endpoint: Avoid creating sub-groups asynchronously
Published on: 2026-03-31 01:37:39
Link: View Details
Information published.
CVE-2025-71236 scsi: qla2xxx: Validate sp before freeing associated memory
Published on: 2026-03-31 01:39:52
Link: View Details
Information published.
CVE-2025-71237 nilfs2: Fix potential block overflow that cause system hang
Published on: 2026-03-31 01:39:58
Link: View Details
Information published.
CVE-2026-23169 mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
Published on: 2026-03-31 01:40:05
Link: View Details
Information published.
CVE-2025-68358 btrfs: fix racy bitfield write in btrfs_clear_space_info_full()
Published on: 2026-03-31 01:37:52
Link: View Details
Information published.
CVE-2026-23237 platform/x86: classmate-laptop: Add missing NULL pointer checks
Published on: 2026-03-31 01:38:44
Link: View Details
Information published.
CVE-2026-23238 romfs: check sb_set_blocksize() return value
Published on: 2026-03-31 01:38:52
Link: View Details
Information published.
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Published on: 2026-03-31 01:39:01
Link: View Details
Information published.
CVE-2025-67030
Published on: 2026-03-31 01:39:15
Link: View Details
Information published.
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
Published on: 2026-03-31 01:01:22
Link: View Details
Information published.
CVE-2026-21712
Published on: 2026-03-31 01:01:57
Link: View Details
Information published.
CVE-2026-34353
Published on: 2026-03-31 01:02:05
Link: View Details
Information published.
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
Published on: 2026-03-31 01:02:19
Link: View Details
Information published.
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
Published on: 2026-03-31 01:03:02
Link: View Details
Information published.
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
Published on: 2026-03-31 01:03:19
Link: View Details
Information published.
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion
Published on: 2026-03-31 01:03:24
Link: View Details
Information published.
CVE-2026-23236 fbdev: smscufx: properly copy ioctl memory to kernelspace
Published on: 2026-03-31 01:38:02
Link: View Details
Information published.
CVE-2025-71238 scsi: qla2xxx: Fix bsg_done() causing double free
Published on: 2026-03-31 01:38:12
Link: View Details
Information published.
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Published on: 2026-03-31 01:02:48
Link: View Details
Information published.
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Published on: 2026-03-31 01:38:54
Link: View Details
Information published.
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Published on: 2026-03-31 01:38:46
Link: View Details
Information published.
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
Published on: 2026-03-31 01:01:35
Link: View Details
Information published.
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
Published on: 2026-03-31 01:01:44
Link: View Details
Information published.
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
Published on: 2026-03-31 01:01:52
Link: View Details
Information published.
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
Published on: 2026-03-31 01:02:28
Link: View Details
Information published.
CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
Published on: 2026-03-31 01:02:36
Link: View Details
Information published.
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Published on: 2026-03-31 01:02:44
Link: View Details
Information published.
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers
Published on: 2026-03-31 01:02:57
Link: View Details
Information published.
CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
Published on: 2026-03-31 01:03:08
Link: View Details
Information published.
CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection
Published on: 2026-03-31 01:03:13
Link: View Details
Information published.
CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
Published on: 2026-03-31 01:03:30
Link: View Details
Information published.
Chromium: CVE-2026-4676 Use after free in Dawn
Published on: 2026-03-31 00:35:15
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-3104 Memory leak in code preparing DNSSEC proofs of non-existence
Published on: 2026-03-29 01:01:52
Link: View Details
Information published.
CVE-2026-3591 A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass
Published on: 2026-03-29 01:02:04
Link: View Details
Information published.
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Published on: 2026-03-29 01:02:20
Link: View Details
Information published.
CVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error path
Published on: 2026-03-29 01:02:34
Link: View Details
Information published.
CVE-2025-67030
Published on: 2026-03-29 01:02:46
Link: View Details
Information published.
CVE-2025-70888
Published on: 2026-03-29 01:03:20
Link: View Details
Information published.
CVE-2026-34085
Published on: 2026-03-29 01:01:35
Link: View Details
Information published.
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation
Published on: 2026-03-29 01:01:29
Link: View Details
Information published.
CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection
Published on: 2026-03-29 01:01:41
Link: View Details
Information published.
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Published on: 2026-03-29 01:01:47
Link: View Details
Information published.
CVE-2026-3119 Authenticated query containing a TKEY record may cause named to terminate unexpectedly
Published on: 2026-03-29 01:01:58
Link: View Details
Information published.
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Published on: 2026-03-29 01:02:12
Link: View Details
Information published.
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Published on: 2026-03-29 01:02:28
Link: View Details
Information published.
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Published on: 2026-03-29 01:03:00
Link: View Details
Information published.
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Published on: 2026-03-29 01:03:13
Link: View Details
Information published.
CVE-2026-4833 Orc discount Markdown markdown.c compile recursion
Published on: 2026-03-29 01:03:30
Link: View Details
Information published.
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions
Published on: 2026-03-28 01:39:15
Link: View Details
Information published.
CVE-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks
Published on: 2026-03-28 01:01:22
Link: View Details
Information published.
CVE-2026-33413 etcd: Authorization bypasses in multiple APIs
Published on: 2026-03-28 01:01:30
Link: View Details
Information published.
CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
Published on: 2026-03-28 01:38:40
Link: View Details
Information published.
Chromium: CVE-2026-4673 Heap buffer overflow in WebAudio
Published on: 2026-03-27 18:02:49
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4680 Use after free in FedCM
Published on: 2026-03-27 18:02:55
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4677 Out of bounds read in WebAudio
Published on: 2026-03-27 18:02:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4675 Heap buffer overflow in WebGL
Published on: 2026-03-27 18:02:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4679 Integer overflow in Fonts
Published on: 2026-03-27 18:02:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4674 Out of bounds read in CSS
Published on: 2026-03-27 18:02:52
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
Chromium: CVE-2026-4442 Heap buffer overflow in CSS
Published on: 2026-03-27 18:02:56
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.
CVE-2026-32187 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
Published on: 2026-03-27 07:00:00
Link: View Details
Information published.
CVE-2026-23068 spi: spi-sprd-adi: Fix double free in probe error path
Published on: 2026-03-27 01:39:46
Link: View Details
Information published.
CVE-2025-71221 dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()
Published on: 2026-03-27 01:41:25
Link: View Details
Information published.
CVE-2026-23227 drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free
Published on: 2026-03-27 01:41:30
Link: View Details
Information published.
CVE-2025-71109 MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits
Published on: 2026-03-27 01:02:53
Link: View Details
Information published.
CVE-2025-71183 btrfs: always detect conflicting inodes when logging inode refs
Published on: 2026-03-27 01:02:59
Link: View Details
Information published.
CVE-2025-71184 btrfs: fix NULL dereference on root when tracing inode eviction
Published on: 2026-03-27 01:03:05
Link: View Details
Information published.
CVE-2026-23004 dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()
Published on: 2026-03-27 01:03:10
Link: View Details
Information published.
CVE-2025-71095 net: stmmac: fix the crash issue for zero copy XDP_TX action
Published on: 2026-03-27 01:02:48
Link: View Details
Information published.
CVE-2025-71073 Input: lkkbd - disable pending work before freeing device
Published on: 2026-03-27 01:02:38
Link: View Details
Information published.
CVE-2025-71074 functionfs: fix the open/removal races
Published on: 2026-03-27 01:02:43
Link: View Details
Information published.
CVE-2026-23234 f2fs: fix to avoid UAF in f2fs_write_end_io()
Published on: 2026-03-27 01:40:12
Link: View Details
Information published.
CVE-2026-23235 f2fs: fix out-of-bounds access in sysfs attribute read/write
Published on: 2026-03-27 01:40:18
Link: View Details
Information published.
CVE-2026-25679 Incorrect parsing of IPv6 host literals in net/url
Published on: 2026-03-27 01:38:09
Link: View Details
Information published.
CVE-2026-23868
Published on: 2026-03-27 01:39:41
Link: View Details
Information published.
CVE-2026-3783 token leak with redirect and netrc
Published on: 2026-03-27 01:39:33
Link: View Details
Information published.
CVE-2025-66413 Git for Windows leaks NTLM hash when cloning from an attacker-controlled server
Published on: 2026-03-27 01:39:51
Link: View Details
Information published.
CVE-2026-23233 f2fs: fix to avoid mapping wrong physical block for swapfile
Published on: 2026-03-27 01:40:23
Link: View Details
Information published.
CVE-2026-23265 f2fs: fix to do sanity check on node footer in {read,write}_end_io
Published on: 2026-03-27 01:40:56
Link: View Details
Information published.
CVE-2026-3549 ECH parsing heap buffer overflow
Published on: 2026-03-27 01:42:32
Link: View Details
Information published.
CVE-2026-29111 systemd: Local unprivileged user can trigger an assert
Published on: 2026-03-27 01:04:50
Link: View Details
Information published.
CVE-2026-23325 wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()
Published on: 2026-03-27 01:36:22
Link: View Details
Information published.
CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior
Published on: 2026-03-27 01:36:43
Link: View Details
Information published.
CVE-2026-28753 NGINX ngx_mail_proxy_module vulnerability
Published on: 2026-03-27 01:02:18
Link: View Details
Information published.
CVE-2026-32647 NGINX ngx_http_mp4_module vulnerability
Published on: 2026-03-27 01:02:34
Link: View Details
Information published.
CVE-2026-23398 icmp: fix NULL pointer dereference in icmp_tag_validation()
Published on: 2026-03-27 01:03:21
Link: View Details
Information published.
CVE-2026-23396 wifi: mac80211: fix NULL deref in mesh_matches_local()
Published on: 2026-03-27 01:03:32
Link: View Details
Information published.
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions
Published on: 2026-03-27 01:05:07
Link: View Details
Information published.
CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow
Published on: 2026-03-27 01:38:02
Link: View Details
Information published.
CVE-2026-1965 bad reuse of HTTP Negotiate connection
Published on: 2026-03-27 01:38:42
Link: View Details
Information published.
CVE-2026-3784 wrong proxy connection reuse with credentials
Published on: 2026-03-27 01:39:08
Link: View Details
Information published.
CVE-2026-3904
Published on: 2026-03-27 01:38:14
Link: View Details
Information published.
CVE-2026-23267 f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes
Published on: 2026-03-27 01:40:49
Link: View Details
Information published.
CVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validation
Published on: 2026-03-27 01:41:20
Link: View Details
Information published.
CVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow
Published on: 2026-03-27 01:42:01
Link: View Details
Information published.
CVE-2026-3548 Buffer overflow in CRL number parsing in wolfSSL
Published on: 2026-03-27 01:42:24
Link: View Details
Information published.
CVE-2026-3547 wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation
Published on: 2026-03-27 01:42:40
Link: View Details
Information published.
CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase
Published on: 2026-03-27 01:42:47
Link: View Details
Information published.
CVE-2026-33228 flatted: Prototype Pollution via parse()
Published on: 2026-03-27 01:42:55
Link: View Details
Information published.
CVE-2026-4519 webbrowser.open() allows leading dashes in URLs
Published on: 2026-03-27 01:43:08
Link: View Details
Information published.
CVE-2026-33412 Vim affected by Command injection via newline in glob()
Published on: 2026-03-27 01:03:15
Link: View Details
Information published.
CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown
Published on: 2026-03-27 01:43:20
Link: View Details
Information published.
CVE-2026-23330 nfc: nci: complete pending data exchange on device close
Published on: 2026-03-27 01:36:13
Link: View Details
Information published.
CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths
Published on: 2026-03-27 01:36:59
Link: View Details
Information published.
CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
Published on: 2026-03-27 01:37:07
Link: View Details
Information published.
CVE-2026-23386 gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL
Published on: 2026-03-27 01:37:16
Link: View Details
Information published.
CVE-2026-23308 pinctrl: equilibrium: fix warning trace on load
Published on: 2026-03-27 01:37:21
Link: View Details
Information published.
CVE-2026-23287 irqchip/sifive-plic: Fix frozen interrupt due to affinity setting
Published on: 2026-03-27 01:37:32
Link: View Details
Information published.
CVE-2026-23327 cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()
Published on: 2026-03-27 01:37:50
Link: View Details
Information published.
CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion
Published on: 2026-03-27 01:38:08
Link: View Details
Information published.
CVE-2026-34085
Published on: 2026-03-27 01:01:26
Link: View Details
Information published.
CVE-2026-33526 Squid vulnerable to Denial of Service in ICP Request handling
Published on: 2026-03-27 01:01:32
Link: View Details
Information published.
CVE-2026-33515 Squid has issues in ICP message handling
Published on: 2026-03-27 01:01:38
Link: View Details
Information published.
CVE-2026-32748 Squid has Denial of Service in ICP Response handling
Published on: 2026-03-27 01:01:43
Link: View Details
Information published.
CVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerability
Published on: 2026-03-27 01:01:53
Link: View Details
Information published.
CVE-2026-27654 NGINX ngx_http_dav_module vulnerability
Published on: 2026-03-27 01:02:01
Link: View Details
Information published.
CVE-2026-27784 NGINX ngx_http_mp4_module vulnerability
Published on: 2026-03-27 01:02:09
Link: View Details
Information published.
CVE-2026-28755 NGINX ngx_stream_ssl_module vulnerability
Published on: 2026-03-27 01:02:26
Link: View Details
Information published.
CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints
Published on: 2026-03-27 01:03:26
Link: View Details
Information published.
CVE-2026-4647 Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library
Published on: 2026-03-27 01:03:50
Link: View Details
Information published.
CVE-2026-4746 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton
Published on: 2026-03-27 01:04:33
Link: View Details
Information published.
CVE-2026-4775 Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing
Published on: 2026-03-27 01:04:43
Link: View Details
Information published.
CVE-2025-68357 iomap: allocate s_dio_done_wq for async reads as well
Published on: 2026-03-26 01:37:02
Link: View Details
Information published.
CVE-2024-45336 Sensitive headers incorrectly sent after cross-domain redirect in net/http
Published on: 2026-03-26 01:36:04
Link: View Details
Information published.
CVE-2024-45341 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
Published on: 2026-03-26 01:35:59
Link: View Details
Information published.
CVE-2026-2297 SourcelessFileLoader does not use io.open_code()
Published on: 2026-03-26 01:37:29
Link: View Details
Information published.
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template
Published on: 2026-03-26 01:37:39
Link: View Details
Information published.
CVE-2026-25679 Incorrect parsing of IPv6 host literals in net/url
Published on: 2026-03-26 01:37:44
Link: View Details
Information published.
CVE-2025-66413 Git for Windows leaks NTLM hash when cloning from an attacker-controlled server
Published on: 2026-03-26 01:38:11
Link: View Details
Information published.
CVE-2026-29111 systemd: Local unprivileged user can trigger an assert
Published on: 2026-03-26 01:01:32
Link: View Details
Information published.
CVE-2026-23382 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them
Published on: 2026-03-26 01:02:04
Link: View Details
Information published.
CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal
Published on: 2026-03-26 01:02:16
Link: View Details
Information published.
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz
Published on: 2026-03-26 01:02:32
Link: View Details
Information published.
CVE-2026-23359 bpf: Fix stack-out-of-bounds write in devmap
Published on: 2026-03-26 01:02:54
Link: View Details
Information published.
CVE-2026-23325 wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()
Published on: 2026-03-26 01:02:59
Link: View Details
Information published.
CVE-2026-23313 i40e: Fix preempt count leak in napi poll tracepoint
Published on: 2026-03-26 01:03:10
Link: View Details
Information published.
CVE-2026-23306 scsi: pm8001: Fix use-after-free in pm8001_queue_command()
Published on: 2026-03-26 01:03:21
Link: View Details
Information published.
CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
Published on: 2026-03-26 01:03:48
Link: View Details
Information published.
CVE-2026-23307 can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message
Published on: 2026-03-26 01:03:59
Link: View Details
Information published.
CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects
Published on: 2026-03-26 01:04:10
Link: View Details
Information published.
CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior
Published on: 2026-03-26 01:04:16
Link: View Details
Information published.
CVE-2026-23352 x86/efi: defer freeing of boot services memory
Published on: 2026-03-26 01:04:21
Link: View Details
Information published.
CVE-2026-23298 can: ucan: Fix infinite loop from zero-length messages
Published on: 2026-03-26 01:04:59
Link: View Details
Information published.
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
Published on: 2026-03-26 01:05:10
Link: View Details
Information published.
CVE-2026-23340 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs
Published on: 2026-03-26 01:05:16
Link: View Details
Information published.
CVE-2026-23351 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
Published on: 2026-03-26 01:05:21
Link: View Details
Information published.
CVE-2026-23319 bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim
Published on: 2026-03-26 01:05:59
Link: View Details
Information published.
CVE-2026-23300 net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop
Published on: 2026-03-26 01:06:10
Link: View Details
Information published.
CVE-2026-23293 net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled
Published on: 2026-03-26 01:06:59
Link: View Details
Information published.
CVE-2026-23343 xdp: produce a warning when calculated tailroom is negative
Published on: 2026-03-26 01:07:10
Link: View Details
Information published.
CVE-2026-23389 ice: Fix memory leak in ice_set_ringparam()
Published on: 2026-03-26 01:07:21
Link: View Details
Information published.
CVE-2026-23324 can: usb: etas_es58x: correctly anchor the urb in the read bulk callback
Published on: 2026-03-26 01:07:32
Link: View Details
Information published.
CVE-2026-23365 net: usb: kalmia: validate USB endpoints
Published on: 2026-03-26 01:07:49
Link: View Details
Information published.
CVE-2026-23284 net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup()
Published on: 2026-03-26 01:07:54
Link: View Details
Information published.
CVE-2026-3381 Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib
Published on: 2026-03-26 01:39:38
Link: View Details
Information published.
CVE-2026-23239 espintcp: Fix race condition in espintcp_close()
Published on: 2026-03-26 01:37:49
Link: View Details
Information published.
CVE-2026-3805 use after free in SMB connection reuse
Published on: 2026-03-26 01:38:04
Link: View Details
Information published.
CVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow
Published on: 2026-03-26 01:01:36
Link: View Details
Information published.
CVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :path
Published on: 2026-03-26 01:01:16
Link: View Details
Information published.
CVE-2026-33412 Vim affected by Command injection via newline in glob()
Published on: 2026-03-26 01:01:23
Link: View Details
Information published.
CVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
Published on: 2026-03-26 01:01:42
Link: View Details
Information published.
CVE-2026-23333 netfilter: nft_set_rbtree: validate open interval overlap
Published on: 2026-03-26 01:01:48
Link: View Details
Information published.
CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown
Published on: 2026-03-26 01:01:53
Link: View Details
Information published.
CVE-2026-23315 wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()
Published on: 2026-03-26 01:01:59
Link: View Details
Information published.
CVE-2026-23312 net: usb: kaweth: validate USB endpoints
Published on: 2026-03-26 01:02:10
Link: View Details
Information published.
CVE-2026-23330 nfc: nci: complete pending data exchange on device close
Published on: 2026-03-26 01:02:21
Link: View Details
Information published.
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
Published on: 2026-03-26 01:02:27
Link: View Details
Information published.
CVE-2026-23285 drbd: fix null-pointer dereference on local read error
Published on: 2026-03-26 01:02:38
Link: View Details
Information published.
CVE-2026-23296 scsi: core: Fix refcount leak for tagset_refcnt
Published on: 2026-03-26 01:02:43
Link: View Details
Information published.
CVE-2026-23392 netfilter: nf_tables: release flowtable after rcu grace period on error
Published on: 2026-03-26 01:02:48
Link: View Details
Information published.
CVE-2026-23318 ALSA: usb-audio: Use correct version for UAC3 header validation
Published on: 2026-03-26 01:03:05
Link: View Details
Information published.
CVE-2026-23388 Squashfs: check metadata block offset is within range
Published on: 2026-03-26 01:03:15
Link: View Details
Information published.
CVE-2026-23286 atm: lec: fix null-ptr-deref in lec_arp_clear_vccs
Published on: 2026-03-26 01:03:26
Link: View Details
Information published.
CVE-2026-23368 net: phy: register phy led_triggers during probe to avoid AB-BA deadlock
Published on: 2026-03-26 01:03:32
Link: View Details
Information published.
CVE-2026-23390 tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow
Published on: 2026-03-26 01:03:37
Link: View Details
Information published.
CVE-2026-23292 scsi: target: Fix recursive locking in __configfs_open_file()
Published on: 2026-03-26 01:03:43
Link: View Details
Information published.
CVE-2026-23364 ksmbd: Compare MACs in constant time
Published on: 2026-03-26 01:03:54
Link: View Details
Information published.
CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()
Published on: 2026-03-26 01:04:05
Link: View Details
Information published.
CVE-2026-23334 can: usb: f81604: handle short interrupt urb messages properly
Published on: 2026-03-26 01:04:27
Link: View Details
Information published.
CVE-2026-23303 smb: client: Don't log plaintext credentials in cifs_set_cifscreds
Published on: 2026-03-26 01:04:32
Link: View Details
Information published.
CVE-2026-23304 ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()
Published on: 2026-03-26 01:04:38
Link: View Details
Information published.
CVE-2026-23320 usb: gadget: f_ncm: align net_device lifecycle with bind/unbind
Published on: 2026-03-26 01:04:43
Link: View Details
Information published.
CVE-2026-23290 net: usb: pegasus: validate USB endpoints
Published on: 2026-03-26 01:04:48
Link: View Details
Information published.
CVE-2026-23339 nfc: nci: free skb on nci_transceive early error paths
Published on: 2026-03-26 01:04:54
Link: View Details
Information published.
CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
Published on: 2026-03-26 01:05:05
Link: View Details
Information published.
CVE-2026-23302 net: annotate data-races around sk->sk_{data_ready,write_space}
Published on: 2026-03-26 01:05:26
Link: View Details
Information published.
CVE-2026-23386 gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL
Published on: 2026-03-26 01:05:32
Link: View Details
Information published.
CVE-2026-23308 pinctrl: equilibrium: fix warning trace on load
Published on: 2026-03-26 01:05:37
Link: View Details
Information published.
CVE-2026-23291 nfc: pn533: properly drop the usb interface reference on disconnect
Published on: 2026-03-26 01:05:43
Link: View Details
Information published.
CVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_open
Published on: 2026-03-26 01:05:48
Link: View Details
Information published.
CVE-2026-23287 irqchip/sifive-plic: Fix frozen interrupt due to affinity setting
Published on: 2026-03-26 01:05:54
Link: View Details
Information published.
CVE-2026-23336 wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()
Published on: 2026-03-26 01:06:05
Link: View Details
Information published.
CVE-2026-23281 wifi: libertas: fix use-after-free in lbs_free_adapter()
Published on: 2026-03-26 01:06:16
Link: View Details
Information published.
CVE-2026-23381 net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
Published on: 2026-03-26 01:06:21
Link: View Details
Information published.
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
Published on: 2026-03-26 01:06:26
Link: View Details
Information published.
CVE-2026-23374 blktrace: fix __this_cpu_read/write in preemptible context
Published on: 2026-03-26 01:06:32
Link: View Details
Information published.
CVE-2026-23289 IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()
Published on: 2026-03-26 01:06:37
Link: View Details
Information published.
CVE-2026-23317 drm/vmwgfx: Return the correct value in vmw_translate_ptr functions
Published on: 2026-03-26 01:06:43
Link: View Details
Information published.
CVE-2026-23347 can: usb: f81604: correctly anchor the urb in the read bulk callback
Published on: 2026-03-26 01:06:48
Link: View Details
Information published.
CVE-2026-23310 bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded
Published on: 2026-03-26 01:06:53
Link: View Details
Information published.
CVE-2026-23356 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()
Published on: 2026-03-26 01:07:04
Link: View Details
Information published.
CVE-2026-23327 cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()
Published on: 2026-03-26 01:07:16
Link: View Details
Information published.
CVE-2026-23367 wifi: radiotap: reject radiotap with unknown bits
Published on: 2026-03-26 01:07:26
Link: View Details
Information published.
CVE-2026-23279 wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame()
Published on: 2026-03-26 01:07:38
Link: View Details
Information published.
CVE-2026-23379 net/sched: ets: fix divide by zero in the offload path
Published on: 2026-03-26 01:07:43
Link: View Details
Information published.
CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion
Published on: 2026-03-26 01:08:00
Link: View Details
Information published.
CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure
Published on: 2026-03-25 01:36:34
Link: View Details
Information published.
CVE-2026-27623 Valkey has Pre-Authentication DOS from malformed RESP request
Published on: 2026-03-25 01:05:42
Link: View Details
Information published.
CVE-2026-0716 Libsoup: out-of-bounds read in libsoup websocket frame processing
Published on: 2026-03-25 01:36:26
Link: View Details
Information published.
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
Published on: 2026-03-25 01:36:16
Link: View Details
Information published.
CVE-2026-4437 gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response
Published on: 2026-03-25 01:01:14
Link: View Details
Information published.
CVE-2026-4438 gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames
Published on: 2026-03-25 01:01:20
Link: View Details
Information published.
CVE-2026-4426 Libarchive: libarchive: denial of service via malformed iso file processing
Published on: 2026-03-25 01:02:26
Link: View Details
Information published.
CVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path
Published on: 2026-03-25 01:03:22
Link: View Details
Information published.
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path
Published on: 2026-03-25 01:03:47
Link: View Details
Information published.
CVE-2026-3549 ECH parsing heap buffer overflow
Published on: 2026-03-25 01:04:27
Link: View Details
Information published.
CVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow
Published on: 2026-03-25 01:01:26
Link: View Details
Information published.
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Published on: 2026-03-25 01:01:52
Link: View Details
Information published.
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
Published on: 2026-03-25 01:02:18
Link: View Details
Information published.
CVE-2026-4424 Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing
Published on: 2026-03-25 01:02:34
Link: View Details
Information published.
CVE-2026-3099 Libsoup: libsoup: authentication bypass via digest authentication replay attack
Published on: 2026-03-25 01:02:43
Link: View Details
Information published.
CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
Published on: 2026-03-25 01:02:51
Link: View Details
Information published.
CVE-2026-0819 Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes
Published on: 2026-03-25 01:02:58
Link: View Details
Information published.
CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read
Published on: 2026-03-25 01:03:06
Link: View Details
Information published.
CVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V
Published on: 2026-03-25 01:03:14
Link: View Details
Information published.
CVE-2026-3849 Buffer Overflow in HPKE via Oversized ECH Config
Published on: 2026-03-25 01:03:31
Link: View Details
Information published.
CVE-2026-3579 Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I
Published on: 2026-03-25 01:03:39
Link: View Details
Information published.
CVE-2026-3229 Integer Overflow in Certificate Chain Allocation
Published on: 2026-03-25 01:03:54
Link: View Details
Information published.
CVE-2026-3230 Improper key_share validation in TLS 1.3 HelloRetryRequest
Published on: 2026-03-25 01:04:03
Link: View Details
Information published.
CVE-2026-3503 Fault injection attack with ML-DSA and ML-KEM on ARM
Published on: 2026-03-25 01:04:11
Link: View Details
Information published.
CVE-2026-3548 Buffer overflow in CRL number parsing in wolfSSL
Published on: 2026-03-25 01:04:19
Link: View Details
Information published.
CVE-2026-2645 Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
Published on: 2026-03-25 01:04:35
Link: View Details
Information published.
CVE-2026-3547 wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation
Published on: 2026-03-25 01:04:43
Link: View Details
Information published.
CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function
Published on: 2026-03-25 01:04:51
Link: View Details
Information published.
CVE-2025-69720
Published on: 2026-03-25 01:04:59
Link: View Details
Information published.
CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase
Published on: 2026-03-25 01:05:07
Link: View Details
Information published.
CVE-2026-33228 flatted: Prototype Pollution via parse()
Published on: 2026-03-25 01:05:15
Link: View Details
Information published.
CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
Published on: 2026-03-25 01:05:25
Link: View Details
Information published.
CVE-2026-4519 webbrowser.open() allows leading dashes in URLs
Published on: 2026-03-25 01:05:36
Link: View Details
Information published.
CVE-2026-23669 RPC Runtime Library Remote Code Execution Vulnerability
Published on: 2026-03-24 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
