GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

Windows DNS Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network...

Windows Volume Manager Extension Driver Remote Code Execution Vulnerability

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack...

Windows Print Spooler Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally...

Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability

Improper access control in Windows Filtering Platform WFP allows an authorized attacker to bypass a security feature locally...

M365 Copilot for Desktop Spoofing Vulnerability

Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...

Windows TCP/IP Information Disclosure Vulnerability

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network...

Windows Storport Miniport Driver Denial of Service Vulnerability

Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network...

Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

Windows Kernel-Mode Driver Remote Code Execution Vulnerability

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network...

Visual Studio Code Elevation of Privilege Vulnerability

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-5061

The affected software is consul-template. Before version 0.42.0, the library’s file template helper is vulnerable to a sandbox path bypass that may allow reading an out-of-sandbox file. The underlying issue is a path bypass in the file template helper, enabling access outside the intended sandbox...

CVE-2026-5061 Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...

CVE-2026-5061 Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

CVE-2026-27851

The CVE-2026-27851 issue affects openSUSE openSUSE Tumbleweed dovecot24-2.4.4-1.1. The root cause is when a safe filter is used with variable expansion, causing all following pipelines on the same string to be treated as safe, which can let unsafe data be unescaped. This can enable SQL and LDAP i...

SUSE-SU-2026:21608-1 Security update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu

This update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu fixes the following issues: Changes in ongres-scram: - Version 3.2 Fix Timing Attack Vulnerability in SCRAM Authentication bsc1250399, CVE-2025-59432 Updated dependencies and maven plugins Use...

OPENSUSE-SU-2026:20742-1 Security update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu

This update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu fixes the following issues: Changes in ongres-scram: - Version 3.2 Fix Timing Attack Vulnerability in SCRAM Authentication bsc1250399, CVE-2025-59432 Updated dependencies and maven plugins Use...

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP , the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to inclu...