Vendor advisories

60 alerts in this category.

Vendor-issued security advisories — the official statements from product vendors about vulnerabilities affecting their software, including patch timelines, workarounds, and detection guidance.

CVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
CVE-2026-43037
CVE-2026-43964
CVE-2026-43964
USN-8230-1: Docker vulnerabilities
It was discovered that BuildKit, contained within Docker, incorrectly handled file path validation when processing frontend API messages. An attacker could possibly use this issue to write files outsi
DockerCVE-2026-33747
Stable Channel Update for Desktop
Stable Channel Update for Desktop
Google
Chrome for Android Update
Chrome for Android Update
Google
Chrome Beta for Android Update
Chrome Beta for Android Update
Google
USN-8234-1: Mako vulnerability
It was discovered that Mako incorrectly handled URIs with double-slash prefixes in TemplateLookup. A remote attacker could possibly use this issue to obtain sensitive information.
USN-8233-1: nghttp2 vulnerability
Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to cras
CVE-2026-42798
CVE-2026-42798
CVE-2026-37457
CVE-2026-37457
USN-8228-1: Exim vulnerabilities
It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-40685) It was discovered
CVE-2026-40685
USN-8227-1: curl vulnerabilities
It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive informatio
CVE-2026-4873
USN-8229-1: sed vulnerability
Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary
DSA-6246-1 openjdk-25 - security update
https://security-tracker.debian.org/tracker/DSA-6246-1
Debian
DSA-6245-1 imagemagick - security update
https://security-tracker.debian.org/tracker/DSA-6245-1
Debian
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
CVE-2026-6842
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
CVE-2025-11083
CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file
CVE-2026-6845
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
CVE-2025-8224
CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing
CVE-2026-6846
CVE-2017-20230 Storable versions before 3.05 for Perl has a stack overflow
CVE-2017-20230
CVE-2026-30656
CVE-2026-30656
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion
CVE-2025-9403
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
CVE-2026-7598
CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass
CVE-2026-32148
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
CVE-2026-6843
CVE-2026-37555
CVE-2026-37555
CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions
CVE-2026-28532
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
CVE-2026-4948
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-31431 Linux Kernel Incorrect Resource Transfer Between Sph
LinuxCVE-2026-31431
DSA-6197-3 dovecot - regression update
https://security-tracker.debian.org/tracker/DSA-6197-3
Debian
DSA-6239-1 chromium - security update
https://security-tracker.debian.org/tracker/DSA-6239-1
Debian
USN-8226-2: kmod update
USN-8226-1 added a mitigation to kmod to disable loading the algif_aead module. This update adds the same mitigation to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Orig
Linux
USN-8226-1: kmod update
It was discovered that the Linux kernel algif_aead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algif_ae
Linux
Careful Adoption of Agentic AI Services
CISA, in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other international and U.S. partners, released guidance for organizations on adoptin
Intel
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns
CVE-2026-31692
CVE-2026-41526
CVE-2026-41526
CVE-2026-40356
CVE-2026-40356
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
CVE-2026-3087
CVE-2026-31533 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
CVE-2026-31533
CVE-2026-40355
CVE-2026-40355
Chromium: CVE-2026-7337 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7337
Chromium: CVE-2026-7346 Inappropriate implementation in Tint
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7346
Chromium: CVE-2026-7343 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7343
Chromium: CVE-2026-7358 Use after free in Animation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7358
Chromium: CVE-2026-7345 Insufficient validation of untrusted input in Feedback
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7345
Chromium: CVE-2026-7339 Heap buffer overflow in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7339
Chromium: CVE-2026-7350 Use after free in WebMIDI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7350
Chromium: CVE-2026-7356 Use after free in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7356
Chromium: CVE-2026-7333 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7333
Chromium: CVE-2026-7348 Use after free in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7348
Chromium: CVE-2026-7347 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7347
Chromium: CVE-2026-7338 Use after free in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7338
Chromium: CVE-2026-7357 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7357
Chromium: CVE-2026-7340 Integer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7340
Chromium: CVE-2026-7341 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7341
Chromium: CVE-2026-7334 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7334
Chromium: CVE-2026-7355 Use after free in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7355
Chromium: CVE-2026-7344 Use after free in Accessibility
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7344
Chromium: CVE-2026-7360 Insufficient validation of untrusted input in Compositing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-7360

Get alerts that match YOUR environment

This page shows everything in the category. Vulnios narrows it down to alerts that affect your actual asset inventory — only the CVEs you need to act on.

Start a free scan

Vendor advisories

CVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

CVE-2026-43964

USN-8230-1: Docker vulnerabilities

Stable Channel Update for Desktop

Chrome for Android Update

Chrome Beta for Android Update

USN-8234-1: Mako vulnerability

USN-8233-1: nghttp2 vulnerability

CVE-2026-42798

CVE-2026-37457

USN-8228-1: Exim vulnerabilities

USN-8227-1: curl vulnerabilities

USN-8229-1: sed vulnerability

DSA-6246-1 openjdk-25 - security update

DSA-6245-1 imagemagick - security update

CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions

CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow

CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file

CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference

CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing

CVE-2017-20230 Storable versions before 3.05 for Perl has a stack overflow

CVE-2026-30656

CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion

CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow

CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass

CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service

CVE-2026-37555

CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions

CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization

CISA Adds One Known Exploited Vulnerability to Catalog

DSA-6197-3 dovecot - regression update

DSA-6239-1 chromium - security update

USN-8226-2: kmod update

USN-8226-1: kmod update

Careful Adoption of Agentic AI Services

CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns

CVE-2026-41526

CVE-2026-40356

CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs

CVE-2026-31533 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption

CVE-2026-40355

Chromium: CVE-2026-7337 Type Confusion in V8

Chromium: CVE-2026-7346 Inappropriate implementation in Tint

Chromium: CVE-2026-7343 Use after free in Views

Chromium: CVE-2026-7358 Use after free in Animation

Chromium: CVE-2026-7345 Insufficient validation of untrusted input in Feedback

Chromium: CVE-2026-7339 Heap buffer overflow in WebRTC

Chromium: CVE-2026-7350 Use after free in WebMIDI

Chromium: CVE-2026-7356 Use after free in Navigation

Chromium: CVE-2026-7333 Use after free in GPU

Chromium: CVE-2026-7348 Use after free in Codecs

Chromium: CVE-2026-7347 Use after free in Chromoting

Chromium: CVE-2026-7338 Use after free in Cast

Chromium: CVE-2026-7357 Use after free in GPU

Chromium: CVE-2026-7340 Integer overflow in ANGLE

Chromium: CVE-2026-7341 Use after free in WebRTC

Chromium: CVE-2026-7334 Use after free in Views

Chromium: CVE-2026-7355 Use after free in Media

Chromium: CVE-2026-7344 Use after free in Accessibility

Chromium: CVE-2026-7360 Insufficient validation of untrusted input in Compositing

Get alerts that match YOUR environment