PT-2026-45928

An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors...

PT-2026-45930

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

PT-2026-45931

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

Vulnerabilities in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code root/admin privileges - Execution of arbitrary code user privileges -...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: added the missing negotiatefeatures operation to the Hyper-V ops table. The commit a7075f501bd3 “ixgbevf: fixed mailbox API compatibility by negotiating supported features” added the .negotiatefeatures callback to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fixed double calls to idafree in the hvpciprobe error path. If hvpciprobe fails after storing the domain number in hbus-bridge-domainnr, a call to free this domainnr is made via pcibusreleaseemuldomainnr. However, during...

CVE-2026-40402

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally...

EUVD-2026-29663

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally...

CVE-2026-40402

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally...

CVE-2026-40402

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally...

CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability

...

CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability

...

CVE-2026-40402

The CVE-2026-40402 entry describes a use-after-free in Windows Hyper-V that enables local privilege escalation by an unauthenticated attacker. The vulnerability affects Hyper-V components and, per multiple connected sources, has been addressed by May 2026 security updates (e.g., KB5087420/KB50874...

Windows Hyper-V Elevation of Privilege Vulnerability

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally...

SUSE CVE-2026-43475

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix scheduling while atomic on PREEMPTRT This resolves the follow splat and lock-up when running with PREEMPTRT enabled on Hyper-V: 415.140818 BUG: scheduling while atomic: stress-ng-iomix/1048/0x00000002 415.14082...

Microsoft Hyper-V 资源管理错误漏洞

Microsoft Hyper-V is an application developed by Microsoft Corporation in the United States. It is a system management program that enables desktop virtualization. There is a resource management vulnerability in Microsoft Hyper-V. Attackers can exploit this vulnerability to gain elevated...

KLA91040 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A denial of...

KB5087420: Windows 11 version 23H2 Security Update (May 2026)

The remote Windows host is missing security update 5087420. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. CVE-2026-41096 - Use after free in Windows Hyper-V allows an...

KB5087545: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (May 2026)

The remote Windows host is missing security update 5087545 or hotpatch 5087424. It is, therefore, affected by multiple vulnerabilities - Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. CVE-2026-41089 - Use after free in Windows Hyper...

CVE-2026-43475

A flaw was found in the Linux kernel's hvstorvsc component. When the kernel is configured with PREEMPTRT Real-Time Preemption and running on a Hyper-V virtual machine, a local process performing specific I/O operations can trigger a concurrency issue. This can lead to a system lock-up or crash,...