CVE-2026-47287 is a Microsoft-listed tampering vulnerability in Visual Studio Code, published through the Microsoft Security Response Center on June 9, 2026, affecting the developer toolchain rather than the Windows kernel, and currently framed around confidence in the vulnerability’s existence...
On June 9, 2026, Microsoft disclosed CVE-2026-45649, an Important-rated spoofing vulnerability in Office for Android affecting Word, PowerPoint, and Excel, caused by improper access control and requiring a user to open a malicious Office file on an Android device locally. The advisory is notable...
Microsoft released CVE-2026-45639 on June 9, 2026 as an Important Windows Remote Desktop Protocol information disclosure vulnerability, describing an out-of-bounds read that can let an unauthenticated network attacker disclose portions of process memory across affected Windows and Remote Desktop...
Microsoft’s CVE-2026-45460 advisory says the security updates for Microsoft Office LTSC for Mac 2021, Office LTSC for Mac 2024, and Microsoft 365 for Mac are not immediately available as of June 9, 2026, and will be released later through a CVE revision. That is the practical answer for Mac...
Microsoft’s guidance for CVE-2026-44819 says Office customers must install every security update offered for the affected Office software on their systems, even when the Security Updates table lists multiple packages for what appears to be the same product. That small sentence matters because it...
CVE-2026-45475 is titled a Microsoft Office Remote Code Execution vulnerability because the attacker can be remote from the victim, while the CVSS attack vector is Local because the vulnerable code is executed on the victim’s own machine through Office processing local content. The apparent...
Microsoft disclosed CVE-2026-45468 on June 9, 2026, as an Important-rated Microsoft SharePoint Server spoofing vulnerability caused by cross-site scripting, affecting SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016, with security updates...
Microsoft is moving Microsoft Defender for Endpoint EDR sensor updates to Microsoft Update starting with Windows 10 devices in late May 2026, separating those packages from monthly Windows cumulative updates and delivering them through the recurring KB5005292 servicing channel once prerequisites...
CVE-2026-46121 is a Linux kernel use-after-free flaw published by NVD on May 28, 2026, affecting the DAMON sysfs schemes interface where concurrent reads and writes of memcg_path could race and expose freed memory. The bug is narrow, technical, and not yet scored by NVD, but it is also a useful...
Microsoft has confirmed that its May 12, 2026 security update for Windows Server 2016 can break domain controller discovery on systems whose hostnames are exactly 15 characters long, causing DCLocator calls to fail with ERROR_INVALID_PARAMETER and disrupting tools that rely on Active Directory...
Microsoft made Azure Arc-enabled hotpatching available at no additional cost for Windows Server 2025 Standard and Datacenter machines on May 19, 2026, extending reboot-light security servicing to on-premises, hybrid, and multicloud servers managed through Azure Arc. The change turns what had...
Microsoft’s May 12, 2026 cumulative security update KB5087537 for Windows Server 2016 is meant to prepare aging servers for the June 2026 Secure Boot certificate rollover, but Microsoft has confirmed it can break domain controller discovery on systems whose hostnames are exactly 15 characters...
CVE-2026-46083 is a Linux kernel vulnerability published by NVD on May 27, 2026, covering a Serial Peripheral Interface core bug in which failed device registration could skip controller cleanup and leak resources allocated during setup across patched stable branches rather than expose remote...
CVE-2026-45996, published by NVD on May 27, 2026, is a Linux kernel vulnerability in the i.MX SPI controller driver where unbinding the device could leave driver code using controller data already freed during deregistration. That sounds narrow, and in one sense it is. But it is also the sort of...
CVE-2026-46038 is a newly published Linux kernel vulnerability, received by NVD from kernel.org on May 27, 2026, involving a QRTR name-service memory leak when a node sends a BYE control packet and the kernel fails to free the departed node. It is not a flashy remote-code-execution bug, and NVD...
CVE-2026-46075 is a Linux kernel vulnerability published by NVD on May 27, 2026, covering a fixed bug in the Atmel SHA204A crypto driver where device removal could leave hardware RNG reads racing with teardown and leak driver-owned memory. The interesting part is not that this is a blockbuster...
CVE-2026-45859, published by NVD on May 27, 2026, tracks a Linux kernel netfilter nfnetlink_queue regression in which certain UDP GSO packets tied to unconfirmed conntrack entries could be dropped instead of queued for userspace inspection. That sentence sounds narrow because the bug is narrow...
CVE-2026-46069 is a Linux kernel Wi-Fi driver vulnerability, published by NVD on May 27, 2026, in the Marvell mwifiex adapter cleanup path, where a wakeup timer callback can keep running after driver teardown and touch memory that may already have been freed. The bug is small in code but large...
On May 27, 2026, NVD published CVE-2026-45932, a Linux kernel vulnerability in BPF detach handling that allowed unprivileged users to detach tcx or netkit programs when no program file descriptor was supplied. The bug is narrow, local, and not yet scored by NVD, but it lands in one of the...
Linux disclosed CVE-2026-45834 on May 26, 2026, for a Bluetooth L2CAP flaw in the kernel where l2cap_sock_state_change_cb() could dereference a NULL socket pointer, with fixes referenced across stable kernel commits and no NVD CVSS score assigned yet. The bug is small in code terms and large in...