CVE-2026-46180 is a newly published Linux kernel vulnerability disclosed by kernel.org and listed by NVD on May 28, 2026, affecting the Broadcom brcmfmac Wi-Fi driver through a potential use-after-free race while stopping a watchdog kernel task. It is not a Windows vulnerability, but it matters...
CVE-2026-46111 is a Linux kernel Bluetooth vulnerability published by NVD on May 28, 2026, after kernel.org assigned it to a use-after-free bug in hci_conn during create_big_sync handling for Bluetooth BIG synchronization. The flaw is not yet scored by NVD, which means administrators are staring...
CVE-2026-46241 is a Linux kernel vulnerability published by NVD on May 28, 2026, affecting the spi: mpc52xx controller path, where failed controller registration could leave interrupts active and create a possible use-after-free and resource leak. The flaw is not the kind of headline-grabbing...
Linux kernel CVE-2026-46219 was published by NVD on May 28, 2026, for a use-after-free flaw in the Freescale MPC52xx SPI controller driver, fixed by reordering cleanup during device unbind so queued work is cancelled only after interrupts are disabled. This is not the sort of bug that should...
CVE-2026-46090, published by NVD on May 27, 2026, is a Linux kernel flaw in ALSA’s snd-aloop loopback audio driver where a race during format-change stopping can leave the playback path holding a stale capture-stream pointer. The bug is not a headline-grabbing remote-code-execution story, and...
CVE-2026-45996, published by NVD on May 27, 2026, is a Linux kernel vulnerability in the i.MX SPI controller driver where unbinding the device could leave driver code using controller data already freed during deregistration. That sounds narrow, and in one sense it is. But it is also the sort of...
CVE-2026-46056 is a newly published Linux kernel Bluetooth vulnerability, disclosed by kernel.org and added to NVD on May 27, 2026, involving a potential use-after-free in Secure Simple Pairing passkey event handlers. The fix is small, but the lesson is not: Bluetooth remains one of the kernel’s...
CVE-2026-46098 is a Linux kernel flaw disclosed by kernel.org and published in the NVD on May 27, 2026, affecting the CAIF networking code where a stale service-layer pointer can be dereferenced during repeated socket teardown after remote shutdown. It is not, on present evidence, the sort of...
CVE-2026-46047 is a newly published Linux kernel flaw, received by NVD from kernel.org on May 27, 2026, affecting the QRTR nameservice removal path where late-arriving packets can trigger a use-after-free after workqueue teardown. The bug is narrow, technical, and not yet scored by NVD, but it...
On May 21, 2026, CVE-2026-43497 was published for a Linux kernel flaw in the udlfb framebuffer driver, where mapped DisplayLink-style USB framebuffer memory could remain accessible after the backing kernel pages were freed. The bug is narrow, technical, and not yet scored by NVD, but it lands in...
CVE-2026-43303 is a Linux kernel use-after-free vulnerability published by NVD on May 8, 2026, sourced from kernel.org, affecting kernel versions from 5.18 through pre-fixed stable releases and rated High by kernel.org under CVSS 3.1. The bug sits in the memory allocator, not in a flashy network...
Microsoft disclosed CVE-2026-40402 on May 12, 2026, as a Critical Windows Hyper-V elevation-of-privilege vulnerability in its May Patch Tuesday release, describing a use-after-free flaw that can let an attacker in a guest virtual machine gain SYSTEM privileges on the Hyper-V host. The...
Microsoft published CVE-2026-40410 on May 12, 2026, identifying it as an Important-rated Windows SMB Client elevation-of-privilege flaw caused by use-after-free behavior, with an official fix available across supported Windows client and server releases and no public disclosure or exploitation...
Microsoft disclosed CVE-2026-40366 on May 12, 2026, as a Critical Microsoft Word remote code execution vulnerability affecting supported Office, Word 2016, Microsoft 365 Apps for Enterprise, Office LTSC, Office 2019, and Office for Mac releases, with official fixes available through Microsoft’s...
On May 6, 2026, CVE-2026-7901 entered the vulnerability databases as a high-severity use-after-free flaw in ANGLE affecting Google Chrome on macOS before version 148.0.7778.96, allowing remote code execution inside Chrome’s sandbox through a crafted HTML page. The dry wording hides the more...
CVE-2026-7908 is a high-severity Chromium vulnerability disclosed on May 6, 2026, affecting Google Chrome before version 148.0.7778.96, where a use-after-free bug in the Fullscreen component could let a remote attacker attempt a sandbox escape through a crafted HTML page. That sentence sounds...
Google disclosed CVE-2026-7956 on May 6, 2026, as a medium-severity use-after-free flaw in Chrome’s Navigation component, fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, with potential sandbox escape after renderer compromise. That one-line description sounds...
Google and Microsoft disclosed CVE-2026-7970 on May 6, 2026, as a use-after-free flaw in Chromium’s TopChrome component affecting Google Chrome before version 148.0.7778.96 and Chromium-based Microsoft Edge builds that consume the same upstream fix. The bug is not the loudest vulnerability in...
CVE-2026-7984 is a newly published Chromium use-after-free vulnerability in Chrome’s ReadingMode component, fixed in Google Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS after disclosure on May 6, 2026, and tracked by Microsoft because Edge inherits Chromium security...
Chrome’s CVE-2026-8001, disclosed May 6, 2026 and fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and Mac, is a printing-component use-after-free flaw that could help a renderer-compromising attacker escape the browser sandbox on Linux, macOS, and ChromeOS. That is the...