Exploit for CVE-2026-31431

copy-fail-blocker BPF-LSM mitigation for CVE-2026-31431htt...

CVE-2026-27699

A flaw was found in basic-ftp, an FTP client library. A malicious FTP server can exploit a path traversal vulnerability CWE-22 within the downloadToDir method. This allows the server to send directory listings containing special sequences that trick the client into writing files to unintended...

CVE-2026-22858

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = ...

CVE-2025-64345

Wasmtime is a runtime for WebAssembly. Prior to version 38.0.4, 37.0.3, 36.0.3, and 24.0.5, Wasmtime's Rust embedder API contains an unsound interaction where a WebAssembly shared linear memory could be viewed as a type which provides safe access to the host Rust to the contents of the linear...

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...