windows patching

Microsoft lists CVE-2026-45491 as a .NET tampering vulnerability in its Security Update Guide, but the public record available on June 9, 2026, appears thin: the advisory confirms the vulnerability class and vendor acknowledgement while leaving the deeper exploit mechanics largely undisclosed...

On June 8, 2026, CISA added CVE-2026-42271 in BerriAI LiteLLM and CVE-2026-50751 in Check Point Security Gateway to its Known Exploited Vulnerabilities catalog after determining that both flaws are being actively exploited in the wild, with federal remediation obligations now attached. The...

CVE-2026-33814 is a Go HTTP/2 denial-of-service flaw disclosed in May 2026, fixed in Go 1.26.3 and 1.25.10, where a malicious server can make a Go client loop endlessly after receiving an invalid SETTINGS_MAX_FRAME_SIZE value of zero. It is not a remote-code-execution bug, and it does not hand...

Wireshark 4.6.6, released May 19, 2026, fixes a ROHC protocol dissector crash in the 4.6 and 4.4 branches, corrects a MACsec global-buffer-overflow bug, and rolls in Windows stability fixes including Npcap 1.88 and repairs for Windows Server 2019-era compatibility. That makes this less a flashy...

Siemens and CISA disclosed on May 12–14, 2026, that Siemens gPROMS Web Applications Publisher versions before 3.1.1 are affected by CVE-2026-40175, an Axios-linked vulnerability that can allow remote code execution under specific conditions. The advisory is narrow in product scope but broad in...

CVE-2026-41089 is a Microsoft-disclosed Windows Netlogon remote code execution vulnerability published in the Security Update Guide on May 12, 2026, affecting the authentication plumbing Windows domains use to establish trusted communication between domain-joined machines and domain controllers...

South Staffordshire Plc, parent of South Staffs Water, has been fined £963,900 by the UK Information Commissioner’s Office on May 11, 2026, after a Cl0p ransomware intrusion first begun in September 2020 went undetected until July 2022 and exposed data on 633,887 people. The headline number is...

Microsoft published CVE-2026-7904 for Microsoft Edge on May 7, 2026, after Google fixed a high-severity Chromium font-processing flaw in Chrome 148.0.7778.96 and later, a bug that could let a remote attacker read memory through a crafted HTML page. The short version for Windows users is simple...

Google and Microsoft published CVE-2026-7917 on May 6, 2026, describing a high-severity use-after-free flaw in Chromium’s Fullscreen component on Windows before Chrome 148.0.7778.96 that could help a renderer-compromise chain escape the browser sandbox. The important phrase is not “Fullscreen,”...

CVE-2026-7935 is a medium-severity Chromium flaw disclosed on May 6, 2026, in Google Chrome before version 148.0.7778.96, where an inappropriate implementation in the browser’s Speech component could let a remote attacker spoof user-interface elements through a crafted HTML page. The bug is not...

Google and Microsoft disclosed CVE-2026-7940 on May 6, 2026, a medium-severity Chromium vulnerability in V8 that affects Google Chrome before 148.0.7778.96 and can let a malicious Chrome extension execute arbitrary code inside the browser sandbox. The short version is reassuring only if your...

Google and Microsoft disclosed CVE-2026-7945 on May 6, 2026, describing a medium-severity Chromium flaw in Cross-Origin-Opener-Policy handling that affected Chrome before 148.0.7778.96 and could let an attacker who already compromised the renderer bypass site isolation with crafted HTML. That...

CVE-2026-7947 is a medium-severity Chromium Network flaw disclosed on May 6, 2026, affecting Google Chrome before 148.0.7778.96 and allowing renderer-compromising attackers to spoof browser UI through a crafted HTML page on Windows, macOS, and Linux. That phrasing is dry, but the story is not...

Google disclosed CVE-2026-7972 on May 6, 2026, as a medium-severity Chromium GPU vulnerability fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, with Microsoft tracking the same Chromium flaw through its Security Update Guide. The bug is not the...

Google and Microsoft documented CVE-2026-7980 on May 6–7, 2026, as a Chromium WebAudio use-after-free flaw fixed in Chrome before version 148.0.7778.96 and in current Microsoft Edge builds that ingest the patched Chromium code. The bug is officially “medium” in Chromium’s own severity language...

Google and Microsoft disclosed CVE-2026-7982 on May 6, 2026, as a medium-severity Chromium WebCodecs flaw fixed in Google Chrome before version 148.0.7778.96, allowing a remote attacker to expose potentially sensitive process memory through a crafted HTML page. That is the plain version; the...

Google disclosed CVE-2026-7987 on May 6, 2026, as a WebRTC use-after-free flaw in Chrome before version 148.0.7778.96 that can let a remote attacker run code inside the browser sandbox through a crafted HTML page. That sounds narrow, almost boring, until you notice where the bug lives: WebRTC...

Google and Microsoft disclosed CVE-2026-8007 on May 6, 2026, describing a Cast component input-validation flaw in Chromium-based browsers before Chrome 148.0.7778.96 that could let an attacker escalate privileges after first compromising the renderer process with a crafted web page. The dry...

CVE-2026-34032 is a newly published Apache HTTP Server flaw in mod_proxy_ajp, disclosed on May 4, 2026, affecting Apache HTTP Server versions through 2.4.66 and fixed in Apache HTTP Server 2.4.67. The bug is not a Microsoft vulnerability, despite surfacing through Microsoft’s Security Update...

Google and Microsoft disclosed CVE-2026-7339 on April 28, 2026, as a heap-based buffer overflow in Chromium’s WebRTC component affecting Google Chrome before 147.0.7727.138, with exploitation possible through a crafted HTML page that triggers heap corruption after user interaction. The bug is...