Microsoft Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Microsoft product.

RSS Feeds for Microsoft security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Microsoft products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows 104713 vulnerabilities

Microsoft Windows Server 20194480 vulnerabilities

Microsoft Windows Server 20164467 vulnerabilities

Microsoft Windows Server 20123370 vulnerabilities

Microsoft Windows Server 20082820 vulnerabilities

Microsoft Windows Server 20222817 vulnerabilities

Microsoft Windows 112280 vulnerabilities

Microsoft Windows 71810 vulnerabilities

Microsoft Windows 8.11712 vulnerabilities

Microsoft Windows 11 23h21667 vulnerabilities

Microsoft Windows Rt 8 11592 vulnerabilities

Microsoft Windows 10 15071453 vulnerabilities

Microsoft Windows Server 23h21356 vulnerabilities

Microsoft Windows 11 24h21356 vulnerabilities

Microsoft Windows Server 20251317 vulnerabilities

Microsoft Windows Server 2012 R21247 vulnerabilities

Microsoft Windows931 vulnerabilities

Microsoft Windows Server655 vulnerabilities

Microsoft Office596 vulnerabilities

Microsoft Internet Explorer (IE)528 vulnerabilities
Popular web browser for windows

Microsoft Windows 11 25h2514 vulnerabilities

Microsoft 365 Apps494 vulnerabilities

Microsoft Sharepoint Server451 vulnerabilities

Microsoft Edge Browser412 vulnerabilities
Web Browser based on Chromium

Microsoft Windows Vista382 vulnerabilities

Microsoft Windows 11 26h1360 vulnerabilities

Microsoft Windows XP326 vulnerabilities

Microsoft Edge Chromium277 vulnerabilities

Microsoft Windows 10 1803275 vulnerabilities

Microsoft Windows 10 1909274 vulnerabilities

Microsoft Windows Server 2003262 vulnerabilities

Microsoft Windows Server 2004245 vulnerabilities

Microsoft Windows Server 1903240 vulnerabilities

Microsoft Office 2024231 vulnerabilities

Microsoft Windows Server 1909223 vulnerabilities

Microsoft Office 2021221 vulnerabilities

Microsoft Office 2019210 vulnerabilities

Microsoft Windows Server 20h2208 vulnerabilities

Microsoft Excel192 vulnerabilities
Spreadsheet Software

Microsoft Office Macos 2024186 vulnerabilities

Microsoft Office Macos 2021184 vulnerabilities

Microsoft Windows 2003 Server162 vulnerabilities

Microsoft Sql Server 2019136 vulnerabilities

Microsoft Office Online Server135 vulnerabilities

Microsoft Exchange Server132 vulnerabilities

Microsoft Visual Studio 2019124 vulnerabilities

Microsoft Visual Studio 2022124 vulnerabilities

Microsoft Windows 2000112 vulnerabilities

Microsoft Windows 11 2h2110 vulnerabilities

Microsoft Sql Server 2022108 vulnerabilities

Microsoft Word104 vulnerabilities

Microsoft Windows Server 1803101 vulnerabilities

Microsoft Dynamics 365101 vulnerabilities

Microsoft SQL Server98 vulnerabilities
Database Server

Microsoft Windows 10 21h198 vulnerabilities

Microsoft Net98 vulnerabilities

Microsoft Visual Studio 201796 vulnerabilities

Microsoft Sql Server 201795 vulnerabilities

Microsoft Visual Studio94 vulnerabilities
Developer IDE

Microsoft Sql Server 201693 vulnerabilities

Microsoft Excel 201687 vulnerabilities

Microsoft Office 365 Proplus87 vulnerabilities

Microsoft Outlook86 vulnerabilities

Microsoft Visual Studio Code73 vulnerabilities
VSCode Developer IDE

Microsoft Office 201662 vulnerabilities

Microsoft Windows 861 vulnerabilities

Microsoft Windows Nt57 vulnerabilities

Microsoft Office Web Apps55 vulnerabilities

Microsoft Azure Site Recovery53 vulnerabilities

Microsoft Windows Rt46 vulnerabilities

Microsoft Powershell45 vulnerabilities

Microsoft Http Server41 vulnerabilities

Microsoft Windows 10 170940 vulnerabilities

Microsoft Azure Devops Server40 vulnerabilities

Microsoft 39 vulnerabilities

Microsoft ASP.NET Core37 vulnerabilities

Microsoft Mysql36 vulnerabilities

Microsoft .NET Core35 vulnerabilities

Microsoft Excel Viewer34 vulnerabilities

Microsoft Remote Desktop34 vulnerabilities

Microsoft Office 36533 vulnerabilities

Microsoft Word 201632 vulnerabilities

Microsoft Windows 10 170331 vulnerabilities

Microsoft Teams27 vulnerabilities

Microsoft Windows 10 200426 vulnerabilities

Microsoft Windows 10 190326 vulnerabilities

Microsoft .NET Framework25 vulnerabilities

Microsoft Exchange Server 201625 vulnerabilities

Recent Microsoft Security Advisories

Advisory Title Published
CVE-2026-40467 CVE-2026-40467 Use after free in gawk July 14, 2026
CVE-2026-40468 CVE-2026-40468 Heap buffer overflow in gawk July 14, 2026
CVE-2026-40469 CVE-2026-40469 Heap buffer overflow in gawk July 14, 2026
CVE-2026-40553 CVE-2026-40553 Stack-based buffer overflow in gawk July 14, 2026
CVE-2026-59874 CVE-2026-59874 node-tar: Negative tar entry size causes infinite loop in archive replace July 12, 2026
CVE-2026-59873 CVE-2026-59873 node-tar: Decompression/parse DoS via unlimited input July 12, 2026
CVE-2026-59871 CVE-2026-59871 node-tar: Process crash via PAX numeric path type confusion July 12, 2026
CVE-2026-15308 CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations July 12, 2026
CVE-2026-14428 Chromium: CVE-2026-14428 Insufficient validation of untrusted input in Dawn July 11, 2026
CVE-2026-14382 Chromium: CVE-2026-14382 Insufficient validation of untrusted input in ANGLE July 11, 2026

Known Exploited Microsoft Vulnerabilities

The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.
CVE-2026-45659 Exploit Probability: 1.7%
July 1, 2026
Microsoft Internet Explorer Use-After-Free Vulnerability Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
CVE-2010-0249 Exploit Probability: 91.9%
May 20, 2026
Microsoft Windows Buffer Overflow Vulnerability Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.
CVE-2008-4250 Exploit Probability: 98.8%
May 20, 2026
Microsoft Defender Denial of Service Vulnerability Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
CVE-2026-45498 Exploit Probability: 2.5%
May 20, 2026
Microsoft DirectX NULL Byte Overwrite Vulnerability Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file.
CVE-2009-1537 Exploit Probability: 50.9%
May 20, 2026
Microsoft Internet Explorer Use-After-Free Vulnerability Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
CVE-2010-0806 Exploit Probability: 82.2%
May 20, 2026
Microsoft Defender Link Following Vulnerability Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
CVE-2026-41091 Exploit Probability: 1.2%
May 20, 2026
Microsoft Exchange Server Cross-Site Scripting Vulnerability Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.
CVE-2026-42897 Exploit Probability: 2.5%
May 15, 2026
Microsoft Windows Protection Mechanism Failure Vulnerability Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32202 Exploit Probability: 20.0%
April 28, 2026
Microsoft Defender Insufficient Granularity of Access Control Vulnerability Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.
CVE-2026-33825 Exploit Probability: 6.2%
April 22, 2026
Microsoft Office Remote Code Execution Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.
CVE-2009-0238 Exploit Probability: 43.1%
April 14, 2026
Microsoft SharePoint Server Improper Input Validation Vulnerability Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32201 Exploit Probability: 24.2%
April 14, 2026
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
CVE-2023-21529 Exploit Probability: 62.1%
April 13, 2026
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.
CVE-2012-1854 Exploit Probability: 21.0%
April 13, 2026
Microsoft Windows Link Following Vulnerability Microsoft Windows contains a link following vulnerability that allows for privilege escalation
CVE-2025-60710 Exploit Probability: 4.6%
April 13, 2026
Microsoft Windows Out-of-Bounds Read Vulnerability Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation
CVE-2023-36424 Exploit Probability: 12.2%
April 13, 2026
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
CVE-2026-20963 Exploit Probability: 31.1%
March 18, 2026
Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
CVE-2008-0015 Exploit Probability: 76.6%
February 17, 2026
Microsoft Configuration Manager SQL Injection Vulnerability Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
CVE-2024-43468 Exploit Probability: 60.7%
February 12, 2026
Microsoft Internet Explorer Protection Mechanism Failure Vulnerability Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21513 Exploit Probability: 15.4%
February 10, 2026

Of the known exploited vulnerabilities above, 6 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 8 known exploited Microsoft vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Microsoft Vulnerabilities

Based on the current exploit probability, these Microsoft vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2021-34473 100.0% Microsoft Exchange Server Remote Code Execution Vulnerability
2 CVE-2021-26855 100.0% Microsoft OWA Exchange Control Panel (ECP) Exploit Chain
3 CVE-2019-0708 100.0% "BlueKeep" Microsoft Windows Remote Desktop Remote Code Execution Vulnerability
4 CVE-2015-1635 100.0% Microsoft HTTP.sys Remote Code Execution Vulnerability
5 CVE-2021-34523 100.0% Microsoft Exchange Server Privilege Escalation Vulnerability
6 CVE-2025-53770 100.0% Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
7 CVE-2012-0158 100.0% Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability
8 CVE-2020-0688 100.0% Microsoft Exchange Server Key Validation Vulnerability
9 CVE-2022-41082 100.0% Microsoft Exchange Server Remote Code Execution Vulnerability
10 CVE-2025-59287 100.0% Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability

By the Year

In 2026 there have been 3845 vulnerabilities in Microsoft with an average score of 7.2 out of ten. Last year, in 2025 Microsoft had 2750 security vulnerabilities published. That is, 1095 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.14.




Year Vulnerabilities Average Score
2026 3845 7.22
2025 2750 7.08
2024 2182 7.33
2023 1695 7.22
2022 1389 7.43
2021 1153 7.44
2020 1253 7.20
2019 831 7.08
2018 661 7.03

It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-40553 Jul 13, 2026
gawk <5.4.0 Buffer Overflow (ftype) Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk (ftype() routine). This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below.
CVE-2026-40469 Jul 13, 2026
Integer Overflow in Builtin.c of gawk 5.4.0 (32bit) Integer overflow vulnerability has been found in "builtin.c" program file of gawk (do_sub() routine). This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below.
CVE-2026-40468 Jul 13, 2026
gawk Integer Overflow in builtin.c (<=5.4.0) Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below.
CVE-2026-40467 Jul 13, 2026
Gawk Use After Free in io.c (do_getline_redir) - Before 5.4.0 Use After Free vulnerability has been found in "io.c" program file of gawk (do_getline_redir() routine). This issue may lead to a crash. It affects gawk in versions 5.4.0 and below.
CVE-2026-58596 Jul 12, 2026
Jul 2026: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
Edge Chromium
CVE-2026-58281 Jul 11, 2026
Jul 2026: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Edge Chromium
CVE-2026-14461 Jul 10, 2026
mtr 0.96 OOB Read in ipinfo_lookup() via DNS TXT mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME field. ipinfo_lookup() function uses the length of the response as the end-of-message boundary for dn_expand() function. The result is a reliable crash. This issue exists in the mtr through version 0.96 and it was fixed in commit 48e1794414d338ce47abc0f27c25ade8788af9c3.
CVE-2026-59856 Jul 09, 2026
Vim 9.2.0736 PHP Omni-Completion Open Shell via win_execute Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search() pattern that is run via win_execute() without escaping. A name containing a single quote can terminate the search() string argument early, and because the bar is honored as an Ex command separator, the remainder of the name is run as Ex commands; via the :! command this allows arbitrary operating-system command execution when a victim opens a crafted PHP file and invokes omni-completion. This issue is fixed in version 9.2.0736.
CVE-2026-15308 Jul 09, 2026
CPython <3.16 CPU DoS via Unterminated Markup in html.parser.HTMLParser The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data.
CVE-2026-56289 Jul 09, 2026
DoS in GNU Patch via Unrealistic Hunk Offsets GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop while attempting to locate the requested position. This results in excessive CPU consumption and prevents the process from completing. An attacker can trigger this behavior by supplying a malicious patch file, causing the utility to become unresponsive and require manual termination. This issue has been fixed in the commit faba04ef4f2b410257f76c1b9dc85e350929c4b9
CVE-2026-56288 Jul 09, 2026
Null Pointer Dereference in GNU Patch (CVE-2026-56288) GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing. An attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service. This issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313
CVE-2026-47646 Jul 08, 2026
Jul 2026: Dynamics 365 Customer Voice Spoofing Vulnerability Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.
Dynamics 365 Customer Voice
CVE-2026-59818 Jul 08, 2026
Etcd gRPC Auth Bypass: CRL Not Enforced up to v3.6.13 or <3.5.32 etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the gRPC listener, allowing a client with a revoked certificate to authenticate successfully over gRPC. This issue is fixed in versions 3.5.32 and 3.6.13.
CVE-2026-58525 Jul 08, 2026
Jul 2026: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
Edge Chromium
CVE-2026-58208 Jul 08, 2026
NATS Server WebSocket MQTT Crash (Unauthenticated) 2.12.12-2.14.2 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with access to the WebSocket listener to reach uninitialized MQTT state and crash the server process. This issue is fixed in versions 2.14.3 and 2.12.12.
CVE-2026-58207 Jul 08, 2026
NATS Server 2.12/2.14 Crash from Connz Pagination Overflow NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal arithmetic before the response window was safely bounded. This issue is fixed in versions 2.14.3 and 2.12.12.
CVE-2026-58209 Jul 08, 2026
NATS Server MQTT Topic Bypass: Deny Rules Not Enforced (v<2.12.12, v<2.14.3) NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these delivery paths did not consistently recheck the concrete original topic before sending the MQTT PUBLISH to the subscriber. This issue is fixed in versions 2.14.3 and 2.12.12.
CVE-2026-58250 Jul 08, 2026
NATS Server <2.12.8 / <2.11.17: Unauth Peer Crash via Leafnode INFO NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO protocol messages before authentication and account setup completed. This issue is fixed in versions 2.12.8 and 2.11.17.
CVE-2026-58252 Jul 08, 2026
NATS Server <=2.11.16 Auth User Bypass Denied Subject via Wildcard Sub NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset of it, and queue subscriptions could also affect delivery to legitimate queue consumers. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16.
CVE-2026-58253 Jul 08, 2026
NATS Server NO_AUTH Bypass before 2.11.16 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an unauthenticated peer to bypass inter-server CONNECT authentication and operate with the privileges associated with that connection type. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16.
CVE-2026-58251 Jul 08, 2026
NATS Server 2.11.x Queue Sub Deny Bypass NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny evaluation could override the plain subject deny result when the queue name itself was not denied. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16.
CVE-2026-59928 Jul 08, 2026
Python Mistune <3.3.0 DoS via quadratic ref link parsing Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/block_parser.py and the ref_links environment dictionary handling, allowing denial of service through CPU exhaustion. This issue is fixed in version 3.3.0.
CVE-2026-59925 Jul 08, 2026
Misuse of Double/Triple Asterisk Emphasis in Mistune 3.2.9 Leads to DOS Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inline_parser.py because the parser scans forward for matching close markers from every potential opening run, allowing denial of service in default Mistune parsing. This issue is fixed in version 3.3.0.
CVE-2026-59926 Jul 08, 2026
Python Mistune <3.2.1 Admonition: unescaped :class: leads to XSS in HTMLRenderer Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonition() in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even when HTMLRenderer escape mode is enabled. This issue is fixed in version 3.2.1.
CVE-2026-59930 Jul 08, 2026
Mistune <3.3.0 ID Collision via TOC Plugin Allows Same-Page Redirect Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable toc_N values without slugifying the heading text, allowing attacker-controlled id="toc_N" content to collide with generated anchors and redirect same-page navigation, CSS selectors, or JavaScript handlers. This issue is fixed in version 3.3.0.
CVE-2026-59922 Jul 08, 2026
CVE-2026-59922: Mistune DDoS via Quadratic Work in Markup Parser <3.3.0 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for matching markers from each possible start position, allowing denial of service through CPU exhaustion. This issue is fixed in version 3.3.0.
CVE-2026-59890 Jul 08, 2026
setuptools <83 FileList Unicode normalization bypass (CVE-2026-59890) setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0.
CVE-2026-59871 Jul 08, 2026
Node-tar <7.5.18 PAX Path Coercion Causing Uncaught TypeError node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPath(entry.path).split('/') to throw an uncaught TypeError. This issue is fixed in version 7.5.18.
CVE-2026-59874 Jul 08, 2026
node-tar 7.5.18: tar.replace Negative Size Header Infinite Loop node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18.
CVE-2026-59873 Jul 08, 2026
Disk Exhaustion via Gzip Bomb in node-tar <7.5.19 node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk space and CPU. This issue is fixed in version 7.5.19.
CVE-2026-59869 Jul 08, 2026
js-yaml Quadratic CPU DoS via Merge Keys before 3.15/4.3 js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in versions 3.15.0 and 4.3.0.
CVE-2026-56003 Jul 08, 2026
libXfont2 <2.0.8: Heap BOV in ComputeScaledProperties PCF parsing A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server.
CVE-2026-56002 Jul 08, 2026
libXfont2 heap buffer overflow in pcfReadFont() before 2.0.8 (X exec) A heap bufferflow in pcfReadFont() due to missing glyph bounds checking in libXfont2 before 2.0.8  allows attackers authenticated as X client to execute code within the X server.
CVE-2026-56001 Jul 08, 2026
Heap Buffer Overflow in libXfont2 <2.0.8 (BitmapScaleBitmaps) X Server RCE A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont
CVE-2026-55999 Jul 08, 2026
Local Heap Overflow via PCX Font in Xorg-Server <21.2.24 (SetFont) Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks.
CVE-2026-56000 Jul 08, 2026
Heap UAF in xorg-server/xwayland <21.2.24/24.1.13 via GLX commit Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.
CVE-2026-60002 Jul 08, 2026
OpenSSH <=10.3 Use-After-Free via Host Key Change (ssh) ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
CVE-2026-60001 Jul 08, 2026
OpenSSH sshd min auth delay bypass before 10.4 sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
CVE-2026-60000 Jul 08, 2026
OpenSSH <10.4 GSSAPI MaxAuthTries DoS sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication.
CVE-2026-59999 Jul 08, 2026
OpenSSH<10.4 DisableForwarding fails to block PermitTunnel In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.
CVE-2026-59998 Jul 08, 2026
OpenSSH sshd GSSAPIStrictAcceptorCheck Misconfig Pre-10.4 on AD sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
CVE-2026-59997 Jul 08, 2026
OpenSSH <=10.3 internal-sftp accepts only first 9 args internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.
CVE-2026-59996 Jul 08, 2026
OpenSSH <10.4 SCP Path Traversal Remote Files Pushed to Parent Directory scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.
CVE-2026-59995 Jul 08, 2026
OpenSSH SFTP Server Path Constraint Flaw <10.4 sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.
CVE-2026-14740 Jul 07, 2026
DBI 1.649 OOB Read in preparse during comment deletion DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.
CVE-2026-14739 Jul 07, 2026
Perl DBI <1.650 Heap Overflow via Excessive SQL Placeholders DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders.
CVE-2026-14380 Jul 07, 2026
DBI <1.650 Code Exec via Caller-Influenced Profile DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name. Any caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands. The Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=>SPEC):db. An attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host.
CVE-2026-14647 Jul 04, 2026
onnxruntime OOB Read via convPoolShapeInference_opset19 (<=1.21.x) A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Patch name: a7bf3a0f1d18bb62575236ef6e4944980c40e045. It is recommended to apply a patch to fix this issue.
CVE-2026-53359 Jul 04, 2026
Linux KVM x86 Shadow Paging UAF via Role Mismatch In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs; the bug could be triggered by changing a PDE mapping from outside the guest, and then deleting a memslot. The rmap_remove() call would miss entries created after the PDE change because the GFN of the leaf SPTE does not match the GFN of the struct kvm_mmu_page. A similar hole however remains if the modified PDE points to a non-leaf page. In this case the gfn can be made to match, but the role does not match: the original large 2MB page creates a kvm_mmu_page with direct=1, while the new 4KB needs a kvm_mmu_page with direct=0. However, kvm_mmu_get_child_sp() does not compare the role, and therefore reuses the page. The next step is installing a leaf (4KB) SPTE on the new path which records an rmap entry under the gfn resolved by the walk. But when that child is zapped its parent kvm_mmu_page has direct=1 and kvm_mmu_page_get_gfn() computes the gfn for the 4KB page as sp->gfn + index instead of using sp->shadowed_translation[] (or sp->gfns[] in older kernels). It therefore fails to remove the recorded entry. When the memslot is dropped the shadow page is freed but the rmap entry survives, as in the scenario that was already fixed. Code that later walks that gfn (dirty logging, MMU notifier invalidation, and so on) dereferences an sptep that lies in the freed page, causing the use-after-free.
CVE-2026-58523 Jul 03, 2026
Jul 2026: Microsoft Edge for Android Security Feature Bypass Vulnerability Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.
Edge Chromium
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.