cve 2026

Microsoft disclosed CVE-2026-42970 on June 9, 2026, as a Windows Push Notification information disclosure vulnerability affecting supported Windows client and server releases, with the flaw described as local, authenticated, medium-severity, and rooted in the use of an uninitialized resource...

Google Chrome on Android versions before 149.0.7827.53 contained CVE-2026-11278, a Custom Tabs origin-validation flaw disclosed on June 4, 2026, that could let a local attacker leak cross-origin data through a crafted HTML page. That is the plain fact; the more interesting story is what the bug...

CVE-2026-11167 is a newly published Chrome-for-Android WebView vulnerability, disclosed on June 4, 2026, affecting Google Chrome versions before 149.0.7827.53 and describing a potential sandbox escape after renderer compromise through a crafted HTML page. The awkward part is not just the bug; it...

CVE-2026-11163 is a Chrome on Android use-after-free flaw in the browser’s Messages component, disclosed June 4, 2026, fixed before version 149.0.7827.53, and described as allowing a remote attacker to potentially escape the sandbox through a crafted HTML page. The oddity is not the memory bug...

CVE-2026-11148 is a medium-severity Chrome for Android payments vulnerability, published June 4, 2026 and modified by NVD on June 8, affecting Google Chrome versions before 149.0.7827.53 on Android and allowing cross-origin data leakage through a crafted HTML page. The awkward part is not the...

Microsoft has published CVE-2026-45503 as a Microsoft Exchange Server information disclosure vulnerability in the Security Update Guide, with the public record emphasizing confidence in the vulnerability’s existence and available technical detail rather than a fully disclosed exploit narrative...

Microsoft published CVE-2026-45502 on June 9, 2026, as a Microsoft Exchange Server information disclosure vulnerability in the MSRC Security Update Guide, assigning Microsoft as the CNA and presenting the issue as a confirmed security flaw affecting Exchange administrators’ patch queues. The...

Microsoft published CVE-2026-45591 on June 9, 2026, as an Important-rated ASP.NET Core denial-of-service vulnerability caused by uncontrolled resource consumption and affecting .NET 8.0, .NET 9.0, .NET 10.0, ASP.NET Core 8.0, 9.0, 10.0, and Visual Studio 2026 version 18.6. The exploitability...

Microsoft’s CVE-2026-45642 is a spoofing vulnerability disclosed for Microsoft Azure Attestation service and Device Health Attestation Service in the June 2026 Security Update Guide, affecting the trust signals Windows and Azure environments use to prove device or platform health. The flaw is...

Microsoft classifies CVE-2026-45486 as a Microsoft Word Remote Code Execution vulnerability even though its CVSS attack vector is Local because the exploit code runs on the victim’s machine after a malicious document or content path reaches the user, while the attacker may be remote from that...

On May 28, 2026, kernel.org assigned CVE-2026-46220 to an AMDGPU flaw in the Linux kernel’s SDMA 4.0 fence-emission path, where crafted unprivileged command submissions could hit BUG_ON() assertions and panic the system. The patch is small, but the lesson is not. This is not the story of an...

CVE-2026-45912 is a newly published Linux kernel ext4 vulnerability, received by NVD from kernel.org on May 27, 2026, involving stale extent-status caching during extent splitting that can lead to incorrect space accounting. It is not, at least from the public record so far, a...

The Linux kernel vulnerability now tracked as CVE-2026-46088 was published by NVD on May 27, 2026, after kernel.org assigned a flaw in ALSA’s control code involving snd_ctl_elem_init_enum_names() and a missing buffer-length guard before a fortified strnlen() call. The bug is not, on current...

Linux kernel maintainers have assigned CVE-2026-45841 to a netfilter flaw, published by NVD on May 27, 2026, in which a privileged CAP_NET_ADMIN user can load a malformed passive OS fingerprint that later causes a divide-by-zero panic when matching TCP SYN traffic. The bug is small, the patch is...

Microsoft patched CVE-2026-20841, a high-severity Windows 11 Notepad remote code execution vulnerability, in the February 2026 Patch Tuesday cycle, after researchers found that Markdown links could make the modern Notepad app launch unsafe protocol handlers and execute remote files under the...

Siemens Solid Edge SE2026 versions before V226.0 Update 5 are affected by two newly disclosed PAR file parsing vulnerabilities, published by Siemens ProductCERT on May 12, corrected in title metadata on May 13, and republished by CISA on May 14, 2026. The fix is straightforward: install Update 5...

Microsoft published CVE-2026-33112 on May 12, 2026, as a Microsoft SharePoint Server remote code execution vulnerability in its Security Update Guide, marking it as a confirmed server-side flaw for administrators to address in the May Patch Tuesday cycle. The dry wording matters because...

Microsoft published CVE-2026-41109 on May 12, 2026, as a GitHub Copilot and Visual Studio Code security feature bypass vulnerability, placing the issue in the developer workstation rather than the traditional Windows endpoint or server stack. That distinction matters because AI coding assistants...

CVE-2026-40360 is a Microsoft Excel information disclosure vulnerability published in Microsoft’s Security Update Guide on May 12, 2026, affecting Excel users who process untrusted workbooks and requiring administrators to evaluate Office updates through the same Patch Tuesday machinery used for...

Microsoft published CVE-2026-35440 on May 12, 2026, as a Microsoft Word information disclosure vulnerability in the Security Update Guide, placing it inside the May Patch Tuesday stream of Office fixes rather than a standalone emergency advisory. The interesting part is not that Word has another...