71 matches found
CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp, but it does so without serializing against target-side queue...
kernel: usbip: validate number_of_packets in usbip_pack_ret_submit()
A flaw was found in the Linux kernel's USB/IP subsystem. A malicious USB/IP server could exploit a vulnerability in the usbippackretsubmit function by sending a specially crafted RETSUBMIT response. This response, containing an oversized numberofpackets value, could cause a heap out-of-bounds...
PT-2026-40978
Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2016 affected versions not specified Microsoft Exchange Server 2019 affected versions not specified Microsoft Exchange Server Subscription Edition affected versions not specified Description An issue exists in the...
EUVD-2026-29715
User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-40416
User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
PT-2026-38574
Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description Improper neutralization of special elements in Copilot Business Chat allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no...
CVE-2026-32210
Server-side request forgery ssrf in Microsoft Dynamics 365 Online allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-22376
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network...
CVE-2026-32202
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-32178
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network...
Microsoft Edge 安全漏洞
Microsoft Edge is a web browser included with Windows 10 and later versions of the operating system developed by Microsoft. There is a security vulnerability in Microsoft Edge, which stems from errors in the handling of critical information within the Edge browser based on the Chromium kernel. Th...
CVE-2026-26120
Server-side request forgery ssrf in Microsoft Bing allows an unauthorized attacker to perform tampering over a network...
CVE-2026-4652
Summary of CVE-2026-4652 (NVMe/TCP) : A remote attacker with network access to an NVMe/TCP target can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID, leading to an unauthenticated Denial of Service. Affected systems expose an NVMe/TCP target; imp...
nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec
...
CVE-2026-21527
User interface ui misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
PT-2026-7398
Server-side request forgery ssrf in Azure DevOps Server allows an authorized attacker to perform spoofing over a network...
CVE-2026-0391
User interface ui misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-0391
User interface ui misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-21264
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Account allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-21924
Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications component: General. Supported versions that are affected are 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 25.4 and 25.10. Easily exploitable vulnerability allows low privileged attacker...