Microsoft Makers of the Windows Operating System and hundreds of products that run on it.
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Microsoft product.
RSS Feeds for Microsoft security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Microsoft products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Microsoft Sorted by Most Security Vulnerabilities since 2018
Recent Microsoft Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-32249 | CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137 | March 17, 2026 |
| CVE-2026-23069 | CVE-2026-23069 vsock/virtio: fix potential underflow in virtio_transport_get_credit() | March 17, 2026 |
| CVE-2026-23066 | CVE-2026-23066 rxrpc: Fix recvmsg() unconditional requeue | March 17, 2026 |
| CVE-2025-69648 | CVE-2025-69648 | March 17, 2026 |
| CVE-2025-69647 | CVE-2025-69647 | March 17, 2026 |
| CVE-2026-1703 | CVE-2026-1703 Limited path traversal when installing wheel archives | March 17, 2026 |
| CVE-2026-4105 | CVE-2026-4105 Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method | March 17, 2026 |
| CVE-2026-2673 | CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group | March 17, 2026 |
| CVE-2026-4111 | CVE-2026-4111 Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive | March 17, 2026 |
| CVE-2026-23943 | CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate | March 17, 2026 |
Known Exploited Microsoft Vulnerabilities
The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability |
Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. CVE-2008-0015 Exploit Probability: 80.6% |
February 17, 2026 |
| Microsoft Configuration Manager SQL Injection Vulnerability |
Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database. CVE-2024-43468 Exploit Probability: 84.9% |
February 12, 2026 |
| Microsoft Windows Shell Protection Mechanism Failure Vulnerability |
Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. CVE-2026-21510 Exploit Probability: 2.7% |
February 10, 2026 |
| Microsoft Windows Type Confusion Vulnerability |
Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally. CVE-2026-21519 Exploit Probability: 2.8% |
February 10, 2026 |
| Microsoft Windows Improper Privilege Management Vulnerability |
Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally. CVE-2026-21533 Exploit Probability: 2.3% |
February 10, 2026 |
| Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability |
Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally. CVE-2026-21514 Exploit Probability: 5.1% |
February 10, 2026 |
| Microsoft Internet Explorer Protection Mechanism Failure Vulnerability |
Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 Exploit Probability: 4.1% |
February 10, 2026 |
| Microsoft Windows NULL Pointer Dereference Vulnerability |
Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. CVE-2026-21525 Exploit Probability: 3.0% |
February 10, 2026 |
| Microsoft Office Security Feature Bypass Vulnerability |
Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. CVE-2026-21509 Exploit Probability: 9.8% |
January 26, 2026 |
| Microsoft Windows Information Disclosure Vulnerability |
Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally. CVE-2026-20805 Exploit Probability: 4.8% |
January 13, 2026 |
| Microsoft Office PowerPoint Code Injection Vulnerability |
Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption. CVE-2009-0556 Exploit Probability: 78.2% |
January 7, 2026 |
| Microsoft Windows Use After Free Vulnerability |
Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally. CVE-2025-62221 Exploit Probability: 3.0% |
December 9, 2025 |
| Microsoft Windows Race Condition Vulnerability |
Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-level access. CVE-2025-62215 Exploit Probability: 0.6% |
November 12, 2025 |
| Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability |
Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution. CVE-2025-59287 Exploit Probability: 75.9% |
October 24, 2025 |
| Microsoft Windows SMB Client Improper Access Control Vulnerability |
Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate. CVE-2025-33073 Exploit Probability: 57.6% |
October 20, 2025 |
| Microsoft Windows Untrusted Pointer Dereference Vulnerability |
Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges. CVE-2025-24990 Exploit Probability: 3.9% |
October 14, 2025 |
| Microsoft Windows Improper Access Control Vulnerability |
Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally. CVE-2025-59230 Exploit Probability: 7.6% |
October 14, 2025 |
| Microsoft Windows Privilege Escalation Vulnerability |
Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms. CVE-2021-43226 Exploit Probability: 7.3% |
October 6, 2025 |
| Microsoft Windows Out-of-Bounds Write Vulnerability |
Microsoft Windows contains a n out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Use CVE-2013-3918 Exploit Probability: 87.0% |
October 6, 2025 |
| Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability |
Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2010-3962 Exploit Probability: 88.3% |
October 6, 2025 |
Of the known exploited vulnerabilities above, 5 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 2 known exploited Microsoft vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Microsoft Vulnerabilities
Based on the current exploit probability, these Microsoft vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2019-0708 | 94.5% | "BlueKeep" Microsoft Windows Remote Desktop Remote Code Execution Vulnerability |
| 2 | CVE-2019-0604 | 94.4% | Microsoft SharePoint Remote Code Execution Vulnerability |
| 3 | CVE-2017-7269 | 94.4% | Microsft Windows Server 2003 R2 IIS WEBDAV buffer overflow Remote Code Execution vulnerability (COVI |
| 4 | CVE-2020-0796 | 94.4% | Microsoft SMBv3 Remote Code Execution Vulnerability |
| 5 | CVE-2020-0688 | 94.4% | Microsoft Exchange Server Key Validation Vulnerability |
| 6 | CVE-2021-38647 | 94.4% | Microsoft Azure Open Management Infrastructure (OMI) Remote Code Execution Vulnerability |
| 7 | CVE-2017-11882 | 94.4% | Microsoft Office memory corruption vulnerability |
| 8 | CVE-2020-1472 | 94.4% | NetLogon Privilege Escalation Vulnerability |
| 9 | CVE-2023-29357 | 94.4% | Microsoft SharePoint Server Privilege Escalation Vulnerability |
| 10 | CVE-2021-40444 | 94.3% | Microsoft Windows, Server (spec. IE) All Arbitrary Code Execution |
By the Year
In 2026 there have been 561 vulnerabilities in Microsoft with an average score of 7.2 out of ten. Last year, in 2025 Microsoft had 2727 security vulnerabilities published. Right now, Microsoft is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.06.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 561 | 7.16 |
| 2025 | 2727 | 7.10 |
| 2024 | 2181 | 7.30 |
| 2023 | 1695 | 7.22 |
| 2022 | 1389 | 7.43 |
| 2021 | 1152 | 7.43 |
| 2020 | 1253 | 7.20 |
| 2019 | 831 | 7.09 |
| 2018 | 661 | 7.03 |
It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-32778 | Mar 16, 2026 |
CVE-2026-32778: libexpat <2.7.5 NULL ptr deref setContext retry OOMlibexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. |
|
| CVE-2026-32777 | Mar 16, 2026 |
Infinite Loop in libexpat <2.7.5 DTD Parsinglibexpat before 2.7.5 allows an infinite loop while parsing DTD content. |
|
| CVE-2026-32776 | Mar 16, 2026 |
NULL Pointer Deref in libexpat <2.7.5libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. |
|
| CVE-2026-32775 | Mar 16, 2026 |
Buf Overflow in libexif <=0.6.25 MakerNotes Decodinglibexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. |
|
| CVE-2026-0385 | Mar 13, 2026 |
Mar 2026: Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityMicrosoft Edge (Chromium-based) for Android Spoofing Vulnerability |
Edge Browser
|
| CVE-2026-26133 | Mar 13, 2026 |
Mar 2026: M365 Copilot Information Disclosure VulnerabilityAI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. |
Onenote For Ios
Outlook
Outlook 2016
And others... |
| CVE-2026-2673 | Mar 13, 2026 |
OpenSSL 3.5/3.6 TLS 1.3 Preferred KEX Tuple Bug (CVE-2026-2673)Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue. |
|
| CVE-2026-4111 | Mar 13, 2026 |
Infinite Loop in libarchive RAR5 Decompression causing DoSA flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives. |
|
| CVE-2026-23943 | Mar 13, 2026 |
Erlang OTP SSH Transport Compression Bomb OOM (OTP 17.028.4.1)Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS. Two compression algorithms are affected: * zlib: Activates immediately after key exchange, enabling unauthenticated attacks * zlib@openssh.com: Activates post-authentication, enabling authenticated attacks Each SSH packet can decompress ~255 MB from 256 KB of wire data (1029:1 amplification ratio). Multiple packets can rapidly exhaust available memory, causing OOM kills in memory-constrained environments. This vulnerability is associated with program files lib/ssh/src/ssh_transport.erl and program routines ssh_transport:decompress/2, ssh_transport:handle_packet_part/4. This issue affects OTP from OTP 17.0 until OTP 28.4.1, 27.3.4.9 and 26.2.5.18 corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14. |
|
| CVE-2026-23941 | Mar 13, 2026 |
HTTP Request Smuggling in Erlang OTP (inets) before v28.4.1Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5. |
|
| CVE-2026-23942 | Mar 13, 2026 |
Erlang OTP ssh_sftpd Path Traversal (prefix) before 28.4.2Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14. |
|
| CVE-2026-4105 | Mar 13, 2026 |
systemd Improper Access Control in D-Bus RegisterMachineA flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system. |
|
| CVE-2026-3910 | Mar 12, 2026 |
Chrome V8 Remote Code Exec via HTML (pre 146.0.7680.75)Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-3909 | Mar 12, 2026 |
Skia OOB Write in Chrome <146.0.7680.75 via crafted HTMLOut of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-32249 | Mar 12, 2026 |
Vim NFA Regex Compiler Crash CVE-2026-32249 (9.2.0136)Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137. |
|
| CVE-2026-3942 | Mar 11, 2026 |
Chrome PiP UI Spoofing <146.0.7680.71Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
|
| CVE-2026-3941 | Mar 11, 2026 |
Google Chrome DevTools Navigation Policy Bypass (Pre146.0.7680.71)Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) |
|
| CVE-2026-3940 | Mar 11, 2026 |
DevTools Policy Bypass in Google Chrome <146.0.7680.71Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) |
|
| CVE-2026-3939 | Mar 11, 2026 |
Chrome <146.0.7680.71 PDF Policy Bypass via Crafted PDFInsufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low) |
|
| CVE-2026-3938 | Mar 11, 2026 |
Chrome Clipboard Leak <146.0.7680.71Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) |
|
| CVE-2026-3937 | Mar 11, 2026 |
Chrome Android <146.0.7680.71 UI Spoofing via DownloadsIncorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
|
| CVE-2026-3935 | Mar 11, 2026 |
Chrome <146.0.7680.71: WebAppInstalls UI Spoofing VulnerabilityIncorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-3936 | Mar 11, 2026 |
Use-After-Free in Chrome Android WebView (pre-146.0.7680.71)Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-3934 | Mar 11, 2026 |
ChromeDriver SOP Bypass via Crafted HTML (Prior to 146.0.7680.71)Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-3932 | Mar 11, 2026 |
Google Chrome Android <146.0.7680.71: PDF Bypass via crafted HTMLInsufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-3930 | Mar 11, 2026 |
Google Chrome iOS Unsafe Navigation before 146.0.7680.71Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-3931 | Mar 11, 2026 |
Chrome Skia Heap BOF <146.0.7680.71Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-3929 | Mar 11, 2026 |
Chrome <146.0.7680.71 ResourceTiming Side-Channel Leak (CVE-2026-3929)Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-3927 | Mar 11, 2026 |
Chrome <146.0.7680.71: PictureInPicture UI Spoofing VulnerabilityIncorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-3928 | Mar 11, 2026 |
Chrome <=146.0.7680.71 UI Spoof via Malicious ExtensionInsufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) |
|
| CVE-2026-3926 | Mar 11, 2026 |
Chrome V8 OOB Read in Chrome <146.0.7680.71 via Crafted HTMLOut of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-3925 | Mar 11, 2026 |
UI Spoofing via LookalikeChecks in Google Chrome Android <146.0.7680.71Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-3924 | Mar 11, 2026 |
Chrome<146.0.7680.71 WindowDialog UAF sandbox escapeuse after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-3923 | Mar 11, 2026 |
Chrome <146.0.7680.71: Use-After-Free in WebMIDI Heap CorruptionUse after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-3922 | Mar 11, 2026 |
Use after free in MediaStream before 146.0.7680.71 in Google ChromeUse after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-3921 | Mar 11, 2026 |
Chrome 146.0.7680.71 Use-After-Free in TextEncodingUse after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-3920 | Mar 11, 2026 |
WebML OOB VM bug (Chrome <146.0.7680.71)Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-3919 | Mar 11, 2026 |
Chrome Before 146.0.7680.71: UAF in ExtensionsUse after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-3918 | Mar 11, 2026 |
Chrome WebMCP UAF before 146.0.7680.71Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-3917 | Mar 11, 2026 |
Google Chrome <146.0.7680.71 UAF in AgentsUse after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-3916 | Mar 11, 2026 |
Chrome <146.0.7680.71: OOB read in Web Speech (Chrome WebSpeech)Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-3915 | Mar 11, 2026 |
Google Chrome WebML Heap Buffer Overflow <146.0.7680.71Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-3914 | Mar 11, 2026 |
Google Chrome 146 WebML Integer Overflow Caused by Crafted HTML PageInteger overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-3913 | Mar 11, 2026 |
Chrome WebML Heap Overflow <146.0.7680.71Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) |
|
| CVE-2026-3904 | Mar 11, 2026 |
glibc 2.35-2.36 nscd crash via memcmp UB on x86_64Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue. However in the GNU C Library version 2.36 an optimized implementation of memcmp was introduced for x86_64 which could crash when invoked with such undefined behaviour, turning this into a potential crash of the nscd client and the application that uses it. This implementation was backported to the 2.35 branch, making the nscd client in that branch vulnerable as well. Subsequently, the fix for this issue was backported to all vulnerable branches in the GNU C Library repository. It is advised that distributions that may have cherry-picked the memcpy SSE2 optimization in their copy of the GNU C Library, also apply the fix to avoid the potential crash in the nscd client. |
|
| CVE-2026-3805 | Mar 11, 2026 |
curl SMB UAF: freed memory used on repeated requestWhen doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. |
|
| CVE-2026-3784 | Mar 11, 2026 |
CURL: Improper HTTP Proxy Connection Reuse with Different Credentialscurl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection. |
|
| CVE-2026-3783 | Mar 11, 2026 |
curl HTTP Redirect Leaks OAuth2 Bearer TokenWhen an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one. |
|
| CVE-2026-1965 | Mar 11, 2026 |
libcurl Negotiate Auth Reuse Vulnerability: Wrong Credential Leaklibcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API). |
|
| CVE-2026-26123 | Mar 10, 2026 |
Mar 2026: Microsoft Authenticator Information Disclosure VulnerabilityCwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally. |
Authenticator
Authenticator For Ios
|