Log inCVE-2026-35433 .NET Elevation of Privilege Vulnerability
17 Juni 2026 om 16:00
This CVE was updated to remove Windows 11 (21H1 and 22H2) as impacted
Normale weergave
Ontvangen β 17 Juni 2026
β
Microsoft Security
-
Microsoft Security
- CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability
17 Juni 2026 om 16:00
Acknowledgement added. This is an informational change only.
CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability
17 Juni 2026 om 16:00
Acknowledgement added. This is an informational change only.
CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability
17 Juni 2026 om 16:00
Acknowledgement added. This is an informational change only.
Ontvangen β 16 Juni 2026
β
Microsoft Security
CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability
16 Juni 2026 om 16:00
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.
CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability
16 Juni 2026 om 16:00
Corrected the CVE description and title. This is an informational change only.
-
- CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
16 Juni 2026 om 16:00
Updated the fixed version information and download link. The fix was previously believed to be included in Dynamics 365 Server (on-premises) version 6.2; however, it has been confirmed that the fix is included in Dynamics 365 Server v9.1 (on-premises) Update 1.45 (version 9.1.0045.0011). The download link, release notes, and build number has been updated accordingly in the Updates Table.
-
- CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability
CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability
16 Juni 2026 om 16:00
Updated CWE value. This is an informational change only.
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
16 Juni 2026 om 11:14
Information published.
-
- CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.
Chromium: CVE-2026-11700 Use after free in Tracing
16 Juni 2026 om 04:15
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11699 Use after free in Bluetooth
16 Juni 2026 om 04:15
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11698 Use after free in Bluetooth
16 Juni 2026 om 04:15
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11697 Insufficient validation of untrusted input in UI
16 Juni 2026 om 04:15
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11696 Uninitialized Use in Video
16 Juni 2026 om 04:15
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11695 Inappropriate implementation in Passwords
16 Juni 2026 om 04:15
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11694 Use after free in ServiceWorker
16 Juni 2026 om 04:14
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11693 Inappropriate implementation in Plugins
16 Juni 2026 om 04:14
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11692 Use after free in Read Anything
16 Juni 2026 om 04:14
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
-
- Chromium: CVE-2026-11691 Insufficient validation of untrusted input in New Tab Page
Chromium: CVE-2026-11691 Insufficient validation of untrusted input in New Tab Page
16 Juni 2026 om 04:14
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11690 Out of bounds read and write in Media
16 Juni 2026 om 04:14
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11689 Insufficient validation of untrusted input in Passwords
16 Juni 2026 om 04:14
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11688 Object lifecycle issue in SVG
16 Juni 2026 om 04:14
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11687 Use after free in Dawn
16 Juni 2026 om 04:14
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11686 Insufficient validation of untrusted input in Dawn
16 Juni 2026 om 04:14
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11685 Insufficient data validation in MediaCapture
16 Juni 2026 om 04:14
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11684 Insufficient policy enforcement in Network
16 Juni 2026 om 04:14
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11683 Use after free in WebCodecs
16 Juni 2026 om 04:14
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11682 Insufficient validation of untrusted input in Views
16 Juni 2026 om 04:14
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2026-11681 Use after free in Ozone
16 Juni 2026 om 04:14
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
