Log in
CVE-2025-71072 shmem: fix recovery on rename failures
Information published.
Lees weergave
CVE-2025-71073 Input: lkkbd - disable pending work before freeing device
Information published.
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key
Information published.
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Information published.
CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption
Information published.
CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing
Information published.
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption
Information published.
CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption
Information published.
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Information published.
CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function
Information published.
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
This CVE was updated to remove Windows 11 (21H1 and 22H2) as impacted
CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-45475 Microsoft Office Remote Code Execution Vulnerability
Acknowledgement added. This is an informational change only.
CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.
CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability
Corrected the CVE description and title. This is an informational change only.
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
Updated the fixed version information and download link. The fix was previously believed to be included in Dynamics 365 Server (on-premises) version 6.2; however, it has been confirmed that the fix is included in Dynamics 365 Server v9.1 (on-premises) Update 1.45 (version 9.1.0045.0011). The download link, release notes, and build number has been updated accordingly in the Updates Table.
CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability
Updated CWE value. This is an informational change only.
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Information published.
Chromium: CVE-2026-11700 Use after free in Tracing
This CVE was assigned by Chrome.Β Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
