Patch Tuesday - May 2026

M365 Copilot Information Disclosure Vulnerability

N/A

No

7.5

M365 Copilot Information Disclosure Vulnerability

Exploitation Less Likely

No

7.5

M365 Copilot for Desktop Spoofing Vulnerability

Exploitation Less Likely

No

6.2

Microsoft 365 Copilot for Android Spoofing Vulnerability

Exploitation Unlikely

No

4.4

Microsoft Office Spoofing Vulnerability

Exploitation Unlikely

No

7.7

Microsoft Word for Android Spoofing Vulnerability

Exploitation Unlikely

No

7.1

Azure AI Foundry Elevation of Privilege Vulnerability

Exploitation More Likely

No

8.6

Azure Cloud Shell Spoofing Vulnerability

N/A

No

9.6

Azure Machine Learning Notebook Spoofing Vulnerability

n/a

No

8.8

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

N/A

No

9.9

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

N/A

No

9.0

Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability

N/A

No

8.1

Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability

N/A

No

9.3

Microsoft Partner Center Spoofing Vulnerability

N/A

No

8.2

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Azure Logic Apps Elevation of Privilege Vulnerability

Exploitation Less Likely

No

9.9

Azure Machine Learning Notebook Spoofing Vulnerability

Exploitation Less Likely

No

8.2

Azure Monitor Agent Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability

Exploitation Less Likely

No

6.5

Azure SDK for Java Security Feature Bypass Vulnerability

Exploitation Unlikely

No

9.1

Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

Exploitation More Likely

No

9.1

Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability

Exploitation Less Likely

No

8.8

Chromium: CVE-2026-7898 Use after free in Chromoting

n/a

No

Chromium: CVE-2026-7899 Out of bounds read and write in V8

n/a

No

Chromium: CVE-2026-7900 Heap buffer overflow in ANGLE

n/a

No

Chromium: CVE-2026-7901 Use after free in ANGLE

n/a

No

Chromium: CVE-2026-7902 Out of bounds memory access in V8

n/a

No

Chromium: CVE-2026-7903 Integer overflow in ANGLE

n/a

No

Chromium: CVE-2026-7904 Out of bounds read in Fonts

n/a

No

Chromium: CVE-2026-7906 Use after free in SVG

n/a

No

Chromium: CVE-2026-7907 Use after free in DOM

n/a

No

Chromium: CVE-2026-7908 Use after free in Fullscreen

n/a

No

Chromium: CVE-2026-7909 Inappropriate implementation in ServiceWorker

n/a

No

Chromium: CVE-2026-7910 Use after free in Views

n/a

No

Chromium: CVE-2026-7911 Use after free in Aura

n/a

No

Chromium: CVE-2026-7914 Type Confusion in Accessibility

n/a

No

Chromium: CVE-2026-7916 Insufficient data validation in InterestGroups

n/a

No

Chromium: CVE-2026-7917 Use after free in Fullscreen

n/a

No

Chromium: CVE-2026-7918 Use after free in GPU

n/a

No

Chromium: CVE-2026-7919 Use after free in Aura

n/a

No

Chromium: CVE-2026-7920 Use after free in Skia

n/a

No

Chromium: CVE-2026-7921 Use after free in Passwords

n/a

No

Chromium: CVE-2026-7922 Use after free in ServiceWorker

n/a

No

Chromium: CVE-2026-7923 Out of bounds write in Skia

n/a

No

Chromium: CVE-2026-7924 Uninitialized Use in Dawn

n/a

No

Chromium: CVE-2026-7925 Use after free in Chromoting

n/a

No

Chromium: CVE-2026-7926 Use after free in PresentationAPI

n/a

No

Chromium: CVE-2026-7927 Type Confusion in Runtime

n/a

No

Chromium: CVE-2026-7928 Use after free in WebRTC

n/a

No

Chromium: CVE-2026-7929 Use after free in MediaRecording

n/a

No

Chromium: CVE-2026-7930 Insufficient validation of untrusted input in Cookies

n/a

No

Chromium: CVE-2026-7932 Insufficient policy enforcement in Downloads

n/a

No

Chromium: CVE-2026-7933 Out of bounds read in WebCodecs

n/a

No

Chromium: CVE-2026-7934 Insufficient validation of untrusted input in Popup Blocker

n/a

No

Chromium: CVE-2026-7935 Inappropriate implementation in Speech

n/a

No

Chromium: CVE-2026-7936 Object lifecycle issue in V8

n/a

No

Chromium: CVE-2026-7937 Insufficient policy enforcement in DevTools

n/a

No

Chromium: CVE-2026-7938 Use after free in CSS

n/a

No

Chromium: CVE-2026-7939 Inappropriate implementation in SanitizerAPI

n/a

No

Chromium: CVE-2026-7940 Use after free in V8

n/a

No

Chromium: CVE-2026-7942 Integer overflow in ANGLE

n/a

No

Chromium: CVE-2026-7943 Insufficient validation of untrusted input in ANGLE

n/a

No

Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cache

n/a

No

Chromium: CVE-2026-7945 Insufficient validation of untrusted input in COOP

n/a

No

Chromium: CVE-2026-7946 Insufficient policy enforcement in WebUI

n/a

No

Chromium: CVE-2026-7947 Insufficient validation of untrusted input in Network

n/a

No

Chromium: CVE-2026-7948 Race in Chromoting

n/a

No

Chromium: CVE-2026-7949 Out of bounds read in Skia

n/a

No

Chromium: CVE-2026-7950 Out of bounds read and write in GFX

n/a

No

Chromium: CVE-2026-7951 Out of bounds write in WebRTC

n/a

No

Chromium: CVE-2026-7952 Insufficient policy enforcement in Extensions

n/a

No

Chromium: CVE-2026-7953 Insufficient validation of untrusted input in Omnibox

n/a

No

Chromium: CVE-2026-7954 Race in Shared Storage

n/a

No

Chromium: CVE-2026-7955 Uninitialized Use in GPU

n/a

No

Chromium: CVE-2026-7956 Use after free in Navigation

n/a

No

Chromium: CVE-2026-7957 Out of bounds write in Media

n/a

No

Chromium: CVE-2026-7958 Inappropriate implementation in ServiceWorker

n/a

No

Chromium: CVE-2026-7959 Inappropriate implementation in Navigation

n/a

No

Chromium: CVE-2026-7960 Race in Speech

n/a

No

Chromium: CVE-2026-7961 Insufficient validation of untrusted input in Permissions

n/a

No

Chromium: CVE-2026-7962 Insufficient policy enforcement in DirectSockets

n/a

No

Chromium: CVE-2026-7963 Inappropriate implementation in ServiceWorker

n/a

No

Chromium: CVE-2026-7964 Insufficient validation of untrusted input in FileSystem

n/a

No

Chromium: CVE-2026-7965 Insufficient validation of untrusted input in DevTools

n/a

No

Chromium: CVE-2026-7966 Insufficient validation of untrusted input in SiteIsolation

n/a

No

Chromium: CVE-2026-7967 Insufficient validation of untrusted input in Navigation

n/a

No

Chromium: CVE-2026-7968 Insufficient validation of untrusted input in CORS

n/a

No

Chromium: CVE-2026-7969 Integer overflow in Network

n/a

No

Chromium: CVE-2026-7970 Use after free in TopChrome

n/a

No

Chromium: CVE-2026-7971 Inappropriate implementation in ORB

n/a

No

Chromium: CVE-2026-7972 Uninitialized Use in GPU

n/a

No

Chromium: CVE-2026-7973 Integer overflow in Dawn

n/a

No

Chromium: CVE-2026-7974 Use after free in Blink

n/a

No

Chromium: CVE-2026-7975 Use after free in DevTools

n/a

No

Chromium: CVE-2026-7976 Use after free in Views

n/a

No

Chromium: CVE-2026-7977 Inappropriate implementation in Canvas

n/a

No

Chromium: CVE-2026-7978 Inappropriate implementation in Companion

n/a

No

Chromium: CVE-2026-7979 Inappropriate implementation in Media

n/a

No

Chromium: CVE-2026-7980 Use after free in WebAudio

n/a

No

Chromium: CVE-2026-7981 Out of bounds read in Codecs

n/a

No

Chromium: CVE-2026-7982 Uninitialized Use in WebCodecs

n/a

No

Chromium: CVE-2026-7983 Out of bounds read in Dawn

n/a

No

Chromium: CVE-2026-7984 Use after free in ReadingMode

n/a

No

Chromium: CVE-2026-7985 Use after free in GPU

n/a

No

Chromium: CVE-2026-7986 Insufficient policy enforcement in Autofill

n/a

No

Chromium: CVE-2026-7987 Use after free in WebRTC

n/a

No

Chromium: CVE-2026-7988 Type Confusion in WebRTC

n/a

No

Chromium: CVE-2026-7989 Insufficient data validation in DataTransfer

n/a

No

Chromium: CVE-2026-7990 Insufficient validation of untrusted input in Updater

n/a

No

Chromium: CVE-2026-7991 Use after free in UI

n/a

No

Chromium: CVE-2026-7992 Insufficient validation of untrusted input in UI

n/a

No

Chromium: CVE-2026-7994 Inappropriate implementation in Chromoting

n/a

No

Chromium: CVE-2026-7995 Out of bounds read in AdFilter

n/a

No

Chromium: CVE-2026-7996 Insufficient validation of untrusted input in SSL

n/a

No

Chromium: CVE-2026-7997 Insufficient validation of untrusted input in Updater

n/a

No

Chromium: CVE-2026-7998 Insufficient validation of untrusted input in Dialog

n/a

No

Chromium: CVE-2026-7999 Inappropriate implementation in V8

n/a

No

Chromium: CVE-2026-8000 Insufficient validation of untrusted input in ChromeDriver

n/a

No

Chromium: CVE-2026-8001 Use after free in Printing

n/a

No

Chromium: CVE-2026-8002 Use after free in Audio

n/a

No

Chromium: CVE-2026-8003 Insufficient validation of untrusted input in TabGroups

n/a

No

Chromium: CVE-2026-8004 Insufficient policy enforcement in DevTools

n/a

No

Chromium: CVE-2026-8005 Insufficient validation of untrusted input in Cast

n/a

No

Chromium: CVE-2026-8006 Insufficient policy enforcement in DevTools

n/a

No

Chromium: CVE-2026-8007 Insufficient validation of untrusted input in Cast

n/a

No

Chromium: CVE-2026-8008 Inappropriate implementation in DevTools

n/a

No

Chromium: CVE-2026-8009 Inappropriate implementation in Cast

n/a

No

Chromium: CVE-2026-8010 Insufficient validation of untrusted input in SiteIsolation

n/a

No

Chromium: CVE-2026-8011 Insufficient policy enforcement in Search

n/a

No

Chromium: CVE-2026-8012 Inappropriate implementation in MHTML

n/a

No

Chromium: CVE-2026-8013 Insufficient validation of untrusted input in FedCM

n/a

No

Chromium: CVE-2026-8014 Inappropriate implementation in Preload

n/a

No

Chromium: CVE-2026-8015 Inappropriate implementation in Media

n/a

No

Chromium: CVE-2026-8016 Use after free in WebRTC

n/a

No

Chromium: CVE-2026-8017 Side-channel information leakage in Media

n/a

No

Chromium: CVE-2026-8018 Insufficient policy enforcement in DevTools

n/a

No

Chromium: CVE-2026-8019 Insufficient policy enforcement in WebApp

n/a

No

Chromium: CVE-2026-8021 Script injection in UI

n/a

No

Chromium: CVE-2026-8022 Inappropriate implementation in MHTML

n/a

No

Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability

Exploitation Less Likely

No

7.5

Chromium: CVE-2026-7896 Integer overflow in Blink

n/a

No

Chromium: CVE-2026-7897 Use after free in Mobile

n/a

No

Chromium: CVE-2026-7905 Insufficient validation of untrusted input in Media

n/a

No

Chromium: CVE-2026-7912 Integer overflow in GPU

n/a

No

Chromium: CVE-2026-7913 Insufficient policy enforcement in DevTools

n/a

No

Chromium: CVE-2026-7915 Insufficient data validation in DevTools

n/a

No

Chromium: CVE-2026-7931 Insufficient validation of untrusted input in iOS

n/a

No

Chromium: CVE-2026-7941 Insufficient validation of untrusted input in Mobile

n/a

No

Chromium: CVE-2026-7993 Insufficient validation of untrusted input in Payments

n/a

No

Chromium: CVE-2026-8020 Uninitialized Use in GPU

n/a

No

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Exploitation Less Likely

No

5.4

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Exploitation Unlikely

No

6.5

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Exploitation Unlikely

No

4.3

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Exploitation Unlikely

No

4.3

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Exploitation Less Likely

No

7.4

Azure DevOps Information Disclosure Vulnerability

N/A

No

10.0

.NET Core Tampering Vulnerability

Exploitation Less Likely

No

4.3

.NET Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.3

.NET Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.3

ASP.NET Core Denial of Service Vulnerability

Exploitation Unlikely

No

7.5

GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Exploitation Less Likely

No

8.8

Microsoft Data Formulator Remote Code Execution Vulnerability

Exploitation Less Likely

No

8.8

Visual Studio Code Elevation of Privilege Vulnerability

Exploitation Less Likely

No

8.8

Visual Studio Code Information Disclosure Vulnerability

Exploitation Less Likely

No

5.5

Visual Studio Code Remote Code Execution Vulnerability

Exploitation Less Likely

No

7.8

Visual Studio Code Security Feature Bypass Vulnerability

Exploitation Less Likely

No

6.3

AMD: CVE-2025-54518 CPU OP Cache Corruption

Exploitation Unlikely

No

Data Deduplication Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

Exploitation Unlikely

No

7.5

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Exploitation Less Likely

No

8.8

Secure Boot Security Feature Bypass Vulnerability

Exploitation Less Likely

No

6.7

Win32k Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.0

Win32k Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.8

Win32k Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.0

Windows 11 Telnet Client Information Disclosure Vulnerability

Exploitation Unlikely

No

5.4

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.0

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.0

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.8

Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.8

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.8

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.8

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.8

Windows DWM Core Library Information Disclosure Vulnerability

Exploitation Unlikely

No

7.8

Windows Event Logging Service Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability

Exploitation Unlikely

No

4.4

Windows GDI Remote Code Execution Vulnerability

Exploitation Unlikely

No

7.8

Windows Graphics Component Remote Code Execution Vulnerability

Exploitation Less Likely

No

8.8

Windows Kernel Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.8

Windows Kernel Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Exploitation Less Likely

No

5.5

Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.0

Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability

Exploitation Less Likely

No

7.5

Windows Netlogon Remote Code Execution Vulnerability

Exploitation Less Likely

No

9.8

Windows Print Spooler Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.0

Windows Projected File System Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.0

Windows Remote Desktop Services Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.8

Windows Rich Text Edit Elevation of Privilege Vulnerability

Exploitation Less Likely

No

6.7

Windows Rich Text Edit Elevation of Privilege Vulnerability

Exploitation Less Likely

No

6.7

Windows SMB Client Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.0

Windows Storage Spaces Controller Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows TCP/IP Denial of Service Vulnerability

Exploitation Unlikely

No

7.4

Windows TCP/IP Denial of Service Vulnerability

Exploitation Unlikely

No

7.1

Windows TCP/IP Denial of Service Vulnerability

Exploitation Less Likely

No

7.4

Windows TCP/IP Driver Security Feature Bypass Vulnerability

Exploitation Unlikely

No

6.5

Windows TCP/IP Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows TCP/IP Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows TCP/IP Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.8

Windows TCP/IP Information Disclosure Vulnerability

Exploitation Less Likely

No

7.5

Windows TCP/IP Local Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.8

Windows TCP/IP Remote Code Execution Vulnerability

Exploitation Unlikely

No

8.1

Windows Telephony Service Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.0

Windows Telephony Service Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Telephony Service Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Volume Manager Extension Driver Remote Code Execution Vulnerability

Exploitation Less Likely

No

6.2

Windows WAN ARP Driver Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Win32k Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Win32k Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.0

Windows Win32k Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.8

libssh2 userauth.c userauth_password integer overflow

n/a

No

7.3

Apache Thrift: Node.js web_server.js multi-vulnerability

n/a

No

7.3

Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern

n/a

No

5.3

Apache Thrift: TSSLTransportFactory.java hostname verification

n/a

No

7.3

Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability

N/A

No

7.7

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Exploitation Unlikely

No

9.9

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Exploitation Less Likely

No

9.1

Microsoft Power Automate Desktop Information Disclosure Vulnerability

Exploitation Less Likely

No

6.5

ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()

n/a

No

8.8

usb: gadget: f_subset: Fix net_device lifecycle with device_move

n/a

No

7.8

usb: gadget: f_eem: Fix net_device lifecycle with device_move

n/a

No

7.8

xfs: close crash window in attr dabtree inactivation

n/a

No

5.5

HID: core: Mitigate potential OOB by removing bogus memset()

n/a

No

8.8

ALSA: ctxfi: Check the error for index mapping

n/a

No

7.0

usb: gadget: f_rndis: Fix net_device lifecycle with device_move

n/a

No

7.8

net: use skb_header_pointer() for TCPv4 GSO frag_off check

n/a

No

5.5

gpib: fix use-after-free in IO ioctl handlers

n/a

No

ksmbd: validate response sizes in ipc_validate_msg()

n/a

No

7.1

usb: gadget: f_ecm: Fix net_device lifecycle with device_move

n/a

No

7.8

HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure

n/a

No

7.0

Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists

n/a

No

mpls: add seqcount to protect the platform_label{,s} pair

n/a

No

7.1

Bluetooth: hci_event: move wake reason storage into validated event handlers

n/a

No

8.1

wifi: mac80211: check tdls flag in ieee80211_tdls_oper

n/a

No

7.0

smb: client: validate the whole DACL before rewriting it in cifsacl

n/a

No

8.8

Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails

n/a

No

ksmbd: require minimum ACE size in smb_check_perm_dacl()

n/a

No

8.3

bpf: Reject sleepable kprobe_multi programs at attach time

n/a

No

5.5

Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync

n/a

No

7.8

usb: typec: ucsi: validate connector number in ucsi_notify_common()

n/a

No

7.0

mshv: Fix error handling in mshv_region_pin

n/a

No

bpf: Fix incorrect pruning due to atomic fetch precision tracking

n/a

No

7.8

f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()

n/a

No

5.5

crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed

n/a

No

7.1

usb: gadget: f_hid: move list and spinlock inits from bind to alloc

n/a

No

7.8

smb: server: fix active_num_conn leak on transport allocation failure

n/a

No

7.5

crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed

n/a

No

7.1

fuse: reject oversized dirents in page cache

n/a

No

7.8

ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment

n/a

No

9.8

crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption

n/a

No

7.8

rxrpc: Fix missing validation of ticket length in non-XDR key preparsing

n/a

No

5.5

crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed

n/a

No

7.1

ksmbd: use check_add_overflow() to prevent u16 DACL size overflow

n/a

No

7.5

f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()

n/a

No

7.8

smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path

n/a

No

8.1

net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()

n/a

No

7.8

libssh2 userauth.c userauth_password integer overflow

n/a

No

7.3

media: vidtv: fix pass-by-value structs causing MSAN warnings

n/a

No

7.1

n/a

No

7.5

n/a

No

3.7

ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

n/a

No

7.0

CoreDNS TSIG authentication bypass on encrypted DNS transports

n/a

No

CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison

n/a

No

CoreDNS DoH GET path missing size validation causes CPU and memory amplification

n/a

No

CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service

n/a

No

CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports

n/a

No

x86-64: rename misleadingly named '__copy_user_nocache()' function

n/a

No

2.5

Prometheus Azure AD remote write OAuth client secret exposed via config API

n/a

No

7.5

Prometheus: remote read endpoint allows denial of service via crafted snappy payload

n/a

No

7.5

dlm: validate length in dlm_search_rsb_tree

n/a

No

7.8

vhost: move vdpa group bound check to vhost_vdpa

n/a

No

7.1

wifi: rtw89: pci: validate release report content before using for RTL8922DE

n/a

No

7.0

ASoC: qcom: q6asm: drop DSP responses for closed data streams

n/a

No

5.5

drm/amd/pm: Fix null pointer dereference issue

n/a

No

5.5

ALSA: mixer: oss: Add card disconnect checkpoints

n/a

No

5.5

ntfs3: fix circular locking dependency in run_unpack_ex

n/a

No

5.5

iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode

n/a

No

5.5

tcp: fix potential race in tcp_v6_syn_recv_sock()

n/a

No

4.8

ntfs: ->d_compare() must not block

n/a

No

7.1

misc: ti_fpc202: fix a potential memory leak in probe function

n/a

No

5.5

ASoC: SOF: Intel: hda: Fix NULL pointer dereference

n/a

No

5.5

srcu: Use irq_work to start GP in tiny SRCU

n/a

No

5.5

team: avoid NETDEV_CHANGEMTU event when unregistering slave

n/a

No

5.5

drm/amdgpu/ras: Move ras data alloc before bad page check

n/a

No

5.5

wifi: iwlwifi: fix 22000 series SMEM parsing

n/a

No

5.3

net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels

n/a

No

4.7

netconsole: avoid OOB reads, msg is not nul-terminated

n/a

No

5.5

ksmbd: fix signededness bug in smb_direct_prepare_negotiation()

n/a

No

5.5

wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()

n/a

No

5.3

btrfs: fix zero size inode with non-zero size after log replay

n/a

No

3.3

x86: shadow stacks: proper error handling for mmap lock

n/a

No

7.1

xfs: remove xfs_attr_leaf_hasname

n/a

No

7.1

ima: verify the previous kernel's IMA buffer lies in addressable RAM

n/a

No

5.5

netfilter: ctnetlink: ensure safe access to master conntrack

n/a

No

7.1

mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()

n/a

No

7.1

kcm: fix zero-frag skb in frag_list on partial sendmsg error

n/a

No

5.5

drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35

n/a

No

5.5

alpha: fix user-space corruption during memory compaction

n/a

No

5.5

fs/ntfs3: handle attr_set_size() errors when truncating files

n/a

No

7.1

xfrm: account XFRMA_IF_ID in aevent size calculation

n/a

No

5.5

drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src

n/a

No

5.5

drm/amdgpu: fix NULL pointer issue buffer funcs

n/a

No

5.5

usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()

n/a

No

7.1

drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4

n/a

No

5.5

APEI/GHES: ARM processor Error: don't go past allocated memory

n/a

No

5.5

net: cpsw_new: Fix potential unregister of netdev that has not been registered yet

n/a

No

7.1

hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin

n/a

No

5.5

net: af_key: zero aligned sockaddr tail in PF_KEY exports

n/a

No

7.1

drm/amdgpu: validate user queue size constraints

n/a

No

7.1

most: core: fix resource leak in most_register_interface error paths

n/a

No

5.5

wifi: rtw89: pci: validate sequence number of TX release report

n/a

No

7.0

hfs: Replace BUG_ON with error handling for CNID count checks

n/a

No

7.1

net: Drop the lock in skb_may_tx_timestamp()

n/a

No

5.5

Bluetooth: hci_sync: annotate data-races around hdev->req_status

n/a

No

5.3

wifi: rtw89: fix potential zero beacon interval in beacon tracking

n/a

No

7.0

ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()

n/a

No

7.0

net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query

n/a

No

7.0

net: ioam6: fix OOB and missing lock

n/a

No

7.0

Apache Thrift: Node.js web_server.js multi-vulnerability

n/a

No

7.3

Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern

n/a

No

5.3

Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

n/a

No

6.5

Apache HTTP Server: http2: double free and possible RCE on early reset

n/a

No

8.8

Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()

n/a

No

7.5

Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)

n/a

No

5.3

Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

n/a

No

8.8

Apache HTTP Server: mod_auth_digest timing attack

n/a

No

4.8

Apache HTTP Server: mod_authn_socache crash

n/a

No

5.3

Apache HTTP Server: mod_dav_lock indirect lock crash

n/a

No

7.5

Apache HTTP Server: mod_md unrestricted OCSP response

n/a

No

7.3

Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

n/a

No

5.3

xmldom: XML node injection through unvalidated comment serialization

n/a

No

xmldom: XML injection through unvalidated DocumentType serialization

n/a

No

xmldom: XML node injection through unvalidated processing instruction serialization

n/a

No

xmldom: Denial of service via uncontrolled recursion in XML serialization

n/a

No

redis-server RESTORE invalid memory access may allow remote code execution

n/a

No

redis-server Lua use-after-free may allow remote code execution

n/a

No

ksmbd: validate owner of durable handle on reconnect

n/a

No

8.8

ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger

n/a

No

9.8

redis-server use-after-free in unblock client flow may allow remote code execution

n/a

No

RedisTimeSeries RESTORE invalid memory access may allow remote code execution

n/a

No

RedisBloom RESTORE invalid memory access may allow remote code execution

n/a

No

fs: init flags_valid before calling vfs_fileattr_get

n/a

No

btrfs: reserve enough transaction items for qgroup ioctls

n/a

No

drm/panthor: fix for dma-fence safe access rules

n/a

No

drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify

n/a

No

7.1

md raid: fix hang when stopping arrays with metadata through dm-raid

n/a

No

5.5

powerpc, perf: Check that current->mm is alive before getting user callchain

n/a

No

spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing

n/a

No

5.5

xfrm: esp: avoid in-place decrypt on shared skb frags

n/a

No

7.8

i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue

n/a

No

5.5

drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()

n/a

No

5.5

x86/kexec: Disable KCOV instrumentation after load_segments()

n/a

No

drm/amd/display: Fix dsc eDP issue

n/a

No

bpf: crypto: Use the correct destructor kfunc type

n/a

No

7.0

ASoC: amd: acp-mach-common: Add missing error check for clock acquisition

n/a

No

most: core: fix leak on early registration failure

n/a

No

spi: spidev: fix lock inversion between spi_lock and buf_lock

n/a

No

mm/page_alloc: clear page->private in free_pages_prepare()

n/a

No

7.0

perf/x86/intel/uncore: Fix die ID init and look up bugs

n/a

No

bpf: Properly mark live registers for indirect jumps

n/a

No

7.8

bonding: fix type confusion in bond_setup_by_slave()

n/a

No

5.5

drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path

n/a

No

5.5

drm/amdgpu: Skip vcn poison irq release on VF

n/a

No

7.8

btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()

n/a

No

5.5

drm/amdgpu: add upper bound check on user inputs in signal ioctl

n/a

No

media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC

n/a

No

5.5

drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels

n/a

No

5.5

i3c: mipi-i3c-hci: Fix race in DMA ring dequeue

n/a

No

7.8

mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node

n/a

No

5.5

drm/amdgpu: add upper bound check on user inputs in wait ioctl

n/a

No

soc/tegra: pmc: Fix unsafe generic_handle_irq() call

n/a

No

5.5

usb: gadget: f_ncm: Fix net_device lifecycle with device_move

n/a

No

btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()

n/a

No

5.5

n/a

No

6.5

n/a

No

7.5

Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly

n/a

No

7.5

PgBouncer integer overflow in PgBouncer network packet parsing

n/a

No

7.5

PgBouncer buffer overflow in SCRAM

n/a

No

8.1

PgBouncer missing authorization check in KILL_CLIENT admin command

n/a

No

4.3

PgBouncer crash in kill_pool_logins_server_error

n/a

No

5.9

Vim: Heap Buffer Overflow in spell file loading

n/a

No

6.6

Vim: OS Command Injection via 'path' completion

n/a

No

Crash when handling long CNAME response in net

n/a

No

7.5

Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

n/a

No

7.5

Invoking "go tool pack" does not sanitize output paths in cmd/go

n/a

No

5.9

Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

n/a

No

5.3

Quadratic string concatentation in consumeComment in net/mail

n/a

No

7.5

Bypass of meta content URL escaping causes XSS in html/template

n/a

No

6.1

ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil

n/a

No

5.3

Escaper bypass leads to XSS in html/template

n/a

No

6.1

Panic in Dial and LookupPort when handling NUL byte on Windows in net

n/a

No

7.5

Quadratic string concatenation in consumePhrase in net/mail

n/a

No

7.5

Malicious module proxy can bypass checksum database in cmd/go

n/a

No

7.5

Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles

n/a

No

pgx: SQL Injection via placeholder confusion with dollar quoted string literals

n/a

No

net-imap: Command Injection via "raw" arguments to multiple commands

n/a

No

net-imap: Command Injection via unvalidated Symbol inputs

n/a

No

net-imap: Denial of service via high iteration count for `SCRAM-*` authentication

n/a

No

net-imap vulnerable to STARTTLS stripping via invalid response timing

n/a

No

n/a

No

2.9

SoapServer session-persisted object use-after-free via SOAP header fault

n/a

No

Out-of-bounds read in urldecode() on NetBSD

n/a

No

Use-After-Free in SOAP using Apache map

n/a

No

XSS within PHP-FPM status endpoint

n/a

No

NULL pointer dereference in SOAP apache:Map decoder with missing <value>

n/a

No

SQL injection in pdo_firebird via NUL bytes in quoted strings

n/a

No

Signed integer overflow in metaphone()

n/a

No

Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()

n/a

No

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

n/a

No

7.8

SQL Server Remote Code Execution Vulnerability

Exploitation Less Likely

No

8.8

AMD: CVE-2025-54518 CPU OP Cache Corruption

Exploitation Unlikely

No

Data Deduplication Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

Exploitation Unlikely

No

7.5

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Exploitation Less Likely

No

8.8

Secure Boot Security Feature Bypass Vulnerability

Exploitation Less Likely

No

6.7

Win32k Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.0

Win32k Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.8

Win32k Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.8

Win32k Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.0

Windows 11 Telnet Client Information Disclosure Vulnerability

Exploitation Unlikely

No

5.4

Windows Admin Center Elevation of Privilege Vulnerability

Exploitation Less Likely

No

8.3

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.0

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.0

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.8

Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.8

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.8

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.8

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.8

Windows DNS Client Remote Code Execution Vulnerability

Exploitation Unlikely

No

9.8

Windows DWM Core Library Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows DWM Core Library Information Disclosure Vulnerability

Exploitation Less Likely

No

5.5

Windows DWM Core Library Information Disclosure Vulnerability

Exploitation Unlikely

No

7.8

Windows Event Logging Service Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability

Exploitation Unlikely

No

4.4

Windows GDI Remote Code Execution Vulnerability

Exploitation Unlikely

No

7.8

Windows Graphics Component Remote Code Execution Vulnerability

Exploitation Less Likely

No

8.8

Windows Hyper-V Elevation of Privilege Vulnerability

Exploitation Less Likely

No

9.3

Windows Kernel Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.8

Windows Kernel Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Kernel Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.8

Windows Kernel-Mode Driver Remote Code Execution Vulnerability

Exploitation Unlikely

No

8.0

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Exploitation Less Likely

No

5.5

Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.0

Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability

Exploitation Less Likely

No

7.5

Windows Netlogon Remote Code Execution Vulnerability

Exploitation Less Likely

No

9.8

Windows Print Spooler Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.0

Windows Projected File System Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.0

Windows Remote Desktop Services Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.8

Windows Rich Text Edit Elevation of Privilege Vulnerability

Exploitation Less Likely

No

6.7

Windows Rich Text Edit Elevation of Privilege Vulnerability

Exploitation Less Likely

No

6.7

Windows SMB Client Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.0

Windows Storage Spaces Controller Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Storport Miniport Driver Denial of Service Vulnerability

Exploitation Unlikely

No

6.5

Windows TCP/IP Denial of Service Vulnerability

Exploitation Less Likely

No

7.5

Windows TCP/IP Denial of Service Vulnerability

Exploitation Unlikely

No

7.4

Windows TCP/IP Denial of Service Vulnerability

Exploitation Unlikely

No

7.1

Windows TCP/IP Denial of Service Vulnerability

Exploitation Less Likely

No

7.4

Windows TCP/IP Driver Security Feature Bypass Vulnerability

Exploitation Unlikely

No

6.5

Windows TCP/IP Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows TCP/IP Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows TCP/IP Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.8

Windows TCP/IP Information Disclosure Vulnerability

Exploitation Less Likely

No

7.5

Windows TCP/IP Local Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.8

Windows TCP/IP Remote Code Execution Vulnerability

Exploitation Unlikely

No

8.1

Windows Telephony Service Elevation of Privilege Vulnerability

Exploitation Unlikely

No

7.0

Windows Telephony Service Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Telephony Service Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Volume Manager Extension Driver Remote Code Execution Vulnerability

Exploitation Less Likely

No

6.2

Windows WAN ARP Driver Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Win32k Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.8

Windows Win32k Elevation of Privilege Vulnerability

Exploitation Less Likely

No

7.0

Windows Win32k Elevation of Privilege Vulnerability

Exploitation More Likely

No

7.8

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

N/A

No

9.9

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

N/A

No

9.0

Azure Logic Apps Elevation of Privilege Vulnerability

Exploitation Less Likely

No

9.9

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Exploitation Unlikely

No

9.9

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Exploitation Less Likely

No

9.1

Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

Exploitation More Likely

No

9.1

Windows DNS Client Remote Code Execution Vulnerability

Exploitation Unlikely

No

9.8

Windows Hyper-V Elevation of Privilege Vulnerability

Exploitation Less Likely

No

9.3

Windows Netlogon Remote Code Execution Vulnerability

Exploitation Less Likely

No

9.8