Vendor advisories
60 alerts in this category.
Vendor-issued security advisories — the official statements from product vendors about vulnerabilities affecting their software, including patch timelines, workarounds, and detection guidance.
CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption
Microsoft Security Response Center published an advisory on "CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption". Topic areas: microsoft, windows, azure, patch. Published
CVE-2026-46331DSA-6354-1 libconfig-inifiles-perl - security update
https://security-tracker.debian.org/tracker/DSA-6354-1
DebianDSA-6353-1 gst-libav1.0 - security update
https://security-tracker.debian.org/tracker/DSA-6353-1
DebianCVE-2026-12463 Inappropriate implementation in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12463CVE-2026-12444 Out of bounds read in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12444CVE-2026-12458 Incorrect security UI in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12458CVE-2026-12447 Heap buffer overflow in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12447CVE-2026-12455 Use after free in Tab Strip
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12455CVE-2026-12453 Insufficient validation of untrusted input in Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12453CVE-2026-12464 Use after free in Browser
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12464CVE-2026-12466 Heap buffer overflow in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12466CVE-2026-12454 Race in Safe Browsing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12454CVE-2026-12451 Use after free in DigitalCredentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12451CVE-2026-12452 Use after free in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12452CVE-2026-12460 Insufficient policy enforcement in File System Access
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12460CVE-2026-12468 Inappropriate implementation in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12468CVE-2026-12462 Use after free in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12462CVE-2026-12437 Use after free in WebShare
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12437CVE-2026-12449 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12449CVE-2026-12459 Inappropriate implementation in Serial
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12459CVE-2026-12440 Use after free in DigitalCredentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12440CVE-2026-12439 Use after free in Digital Credentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12439CVE-2026-12446 Insufficient data validation in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12446CVE-2026-12443 Use after free in Web Authentication
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12443CVE-2026-12465 Insufficient validation of untrusted input in Metrics
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12465CVE-2026-12461 Out of bounds read in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12461CVE-2026-12441 Use after free in File Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12441CVE-2026-10275 OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow
Microsoft Security Response Center published an advisory on "CVE-2026-10275 OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow". Topic areas: microsoft, windows, azur
CVE-2026-10275CVE-2026-53689
Microsoft Security Response Center published an advisory on "CVE-2026-53689". Topic areas: microsoft, windows, azure, patch. Published June 19, 2026. See the original source linked under References fo
CVE-2026-53689CVE-2026-12087 Socket versions before 2.041 for Perl have an out-of-bounds heap read
Microsoft Security Response Center published an advisory on "CVE-2026-12087 Socket versions before 2.041 for Perl have an out-of-bounds heap read". Topic areas: microsoft, windows, azure, patch. Publi
CVE-2026-12087CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2
Microsoft Security Response Center published an advisory on "CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2". Topic areas: microsoft, windows, azure,
CVE-2026-43966CVE-2026-42014 Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin
Microsoft Security Response Center published an advisory on "CVE-2026-42014 Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin". Topic areas: microsoft, windows, azure, patch. Published June 19
CVE-2026-42014CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling
Microsoft Security Response Center published an advisory on "CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling". Topic areas: microsoft, windows, azure, patch. Publishe
CVE-2026-48914CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow
Microsoft Security Response Center published an advisory on "CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow". Topic areas: microsoft, windows, azure, patch. Publ
CVE-2026-9669CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
MicrosoftCVE-2026-48584CVE-2026-47646 Dynamics 365 Customer Voice Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-47646CVE-2026-47633 Microsoft Cost Management Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network.
MicrosoftCVE-2026-47633CVE-2026-42895 Microsoft Copilot Tampering Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
MicrosoftCVE-2026-42895CVE-2026-54130 M365 Copilot Information Disclosure Vulnerability
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-54130CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.
MicrosoftCVE-2026-47645CVE-2026-32208 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network.
MicrosoftCVE-2026-32208CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
MicrosoftCVE-2026-48582CVE-2026-47647 Dynamics 365 Elevation of Privilege Vulnerability
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
MicrosoftCVE-2026-47647CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
AzureCVE-2026-45480CVE-2026-32174 Azure Bot Service Elevation of Privilege Vulnerability
Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network.
AzureCVE-2026-32174Chrome Dev for Desktop Update
Google Chrome Releases published an advisory on "Chrome Dev for Desktop Update". Topic areas: google, chrome, browser, patch. Published June 18, 2026. See the original source linked under References f
GoogleChrome Dev for Android Update
Google Chrome Releases published an advisory on "Chrome Dev for Android Update". Topic areas: google, chrome, browser, patch. Published June 18, 2026. See the original source linked under References f
GoogleUSN-8452-1: pbkdf2 vulnerability
Nikita Skovoroda discovered that pbkdf2 did not properly validate certain algorithm names. An attacker could possibly use this issue to generate predictable cryptographic keys, resulting in signature
USN-8453-1: Net::CIDR::Lite vulnerabilities
It was discovered that Net::CIDR::Lite incorrectly validated IP address and CIDR mask inputs. An attacker could possibly use this issue to bypass IP access control lists. (CVE-2026-45190) It was disco
CVE-2026-45190USN-8450-1: Tomcat vulnerabilities
It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could possibly use this issue to cause Tomcat to consume excessive memory, r
CVE-2026-41284USN-8454-1: libheif vulnerabilities
Elhanan Haenel discovered that libheif incorrectly handled certain malformed HEIF sequence files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubunt
UbuntuCVE-2026-32738USN-8449-1: ldns vulnerability
Pablo Ruiz discovered that ldns did not properly validate DNS responses when used as a stub resolver over UDP. A remote attacker could possibly use this issue to inject arbitrary DNS responses.
CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc
Microsoft Security Response Center published an advisory on "CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc". Topic areas: microsoft, windows, azure, p
CVE-2026-48854Chrome for Android Update
Google Chrome Releases published an advisory on "Chrome for Android Update". Topic areas: google, chrome, browser, patch. Published June 17, 2026. See the original source linked under References for t
GoogleChrome Stable for iOS Update
Google Chrome Releases published an advisory on "Chrome Stable for iOS Update". Topic areas: google, chrome, browser, patch. Published June 17, 2026. See the original source linked under References fo
GoogleDSA-6350-1 firefox-esr - security update
https://security-tracker.debian.org/tracker/DSA-6350-1
DebianDSA-6349-1 atril - security update
https://security-tracker.debian.org/tracker/DSA-6349-1
DebianUSN-8426-2: Linux kernel (Azure) vulnerabilities
It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privil
LinuxCVE-2026-31431USN-8441-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privil
LinuxCVE-2026-31431USN-8390-2: Linux kernel vulnerability
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP sub
Linux
Get alerts that match YOUR environment
This page shows everything in the category. Vulnios narrows it down to alerts that affect your actual asset inventory — only the CVEs you need to act on.
Start a free scan