kernel: nvmet-tcp: fix race between ICReq handling and queue teardown

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

CVE-2026-47287

Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network...

CVE-2026-45462

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

CVE-2026-45464

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

CVE-2026-45462

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

CVE-2026-47638

Microsoft SharePoint (Office SharePoint) is affected by CVE-2026-47638 due to improper neutralization of input during web page generation, enabling an authorized attacker to spoof users over the network (XSS). The NVD entries describe this as a cross-site scripting vulnerability with network acce...

CVE-2026-47287

CVE-2026-47287 affects Visual Studio Code. The provided documents describe a relative path traversal vulnerability that could allow tampering over a network. Per CVSS data, the attack vector is NETWORK with no privileges required but user interaction is required, and the impact includes high inte...

Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2026-33829 - Security Vulnerability Quick Usage ba...

PT-2026-48030

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network. Cross-si...

PT-2026-47955

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

PT-2026-48022

Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network...

CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp, but it does so without serializing against target-side queue...

kernel: usbip: validate number_of_packets in usbip_pack_ret_submit()

A flaw was found in the Linux kernel's USB/IP subsystem. A malicious USB/IP server could exploit a vulnerability in the usbippackretsubmit function by sending a specially crafted RETSUBMIT response. This response, containing an oversized numberofpackets value, could cause a heap out-of-bounds...

PT-2026-40978

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2016 Microsoft Exchange Server 2019 Microsoft Exchange Server Subscription Edition Description An issue in the parsing and rendering architecture of Outlook Web Access OWA involves improper neutralization of input...

EUVD-2026-29715

User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-40416

User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

PT-2026-38574

Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description Improper neutralization of special elements in Copilot Business Chat allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no...

CVE-2026-32210

Server-side request forgery ssrf in Microsoft Dynamics 365 Online allows an unauthorized attacker to perform spoofing over a network...

EUVD-2026-22376

Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network...