Chromium: CVE-2026-8514 Use after free in Aura

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8515 Use after free in HID

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8513 Use after free in Input

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8512 Use after free in FileSystem

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8511 Use after free in UI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8510 Integer overflow in Skia

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8509 Heap buffer overflow in WebML

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

Microsoft Edge (Chromium-based) Spoofing Vulnerability

...

CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1

...

Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

...

Openvswitch: open vswitch: denial of service via malformed ftp epasv command

...

Gnutls: gnutls: authentication bypass via nul character in username

...

CVE-2026-4890

...

CVE-2026-5172

...

CVE-2026-2291

...

CVE-2026-4893

...

CVE-2026-4891

...

Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains

...

Microsoft Authenticator Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network...

Microsoft Exchange Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

cross-proxy Digest auth state leak

...

proxy credentials leak over redirect-to proxy

...

wrong reuse of HTTP Negotiate connection

...

netrc credential leak with reused proxy connection

...

connection reuse ignores TLS requirement

...

stale custom cookie host causes cookie leak

...

jq: stack overflow in module loading on mutual `include`

...

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences

...

jq: Embedded NUL truncates top-level jq programs loaded with -f

...

jq: Stack overflow via unbounded recursion in jv_contains

...

jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

...

jq: Stack Overflow in Recursive Object Merge

...

jq: Signed-int overflow in `stack_reallocate` (jq VM stack)

...

Azure Logic Apps Elevation of Privilege Vulnerability

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

Windows GDI Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally...

Windows Win32k Elevation of Privilege Vulnerability

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...

Win32k Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...

Windows Kernel Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...

Win32k Elevation of Privilege Vulnerability

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally...

Windows Rich Text Edit Elevation of Privilege Vulnerability

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally...

.NET Elevation of Privilege Vulnerability

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally...

AMD: CVE-2025-54518 CPU OP Cache Corruption

This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible. The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for thi...

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network...

Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

Visual Studio Code Elevation of Privilege Vulnerability

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network...

Windows Graphics Component Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally...