Microsoft Security Response Center
Monthly Patch Tuesday advisories covering Windows, Azure, Office, and the wider Microsoft platform.
6,255 advisories tracked · showing 100
- Jul 1, 2026CVE-2026-11625MediumCVSS 7.5CVE-2026-11625
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes
- Jul 1, 2026CVE-2026-7531LowCVSS 9.8CVE-2026-7531
Use-after-free in PQC hybrid key-share handling
- Jul 1, 2026CVE-2026-6412LowCVSS 4.3CVE-2026-6412
Continued acceptance of SHA-1/MD5 digests in certificate processing
- Jul 1, 2026CVE-2026-6092LowCVSS 5.3CVE-2026-6092
Encrypt-then-MAC could fall back to MAC-then-Encrypt when HAVE_ENCRYPT_THEN_MAC is configured
- Jul 1, 2026CVE-2026-12340MediumCVSS 7.5CVE-2026-12340
Out-of-bounds heap read in SM2/SM3 certificate Subject Key Identifier computation
- Jul 1, 2026CVE-2026-6091MediumCVSS 6.5CVE-2026-6091
Partial-chain verification accepts untrusted intermediate as trust anchor
- Jul 1, 2026CVE-2026-7511MediumCVSS 7.5CVE-2026-7511
PKCS7_verify signer confusion allows forged signatures to be accepted
- Jul 1, 2026CVE-2026-11999HighCVSS 7.5CVE-2026-11999
X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()
- Jul 1, 2026CVE-2026-55962MediumCVSS 6.5CVE-2026-55962
TLS 1.3 post-handshake authentication: server accepts Finished without client Certificate/CertificateVerify
- Jul 1, 2026CVE-2026-55967LowCVSS 7.5CVE-2026-55967
AES-GCM streaming APIs do not reject >64 GiB cumulative single messages, enabling counter wrap and keystream reuse
- Jul 1, 2026CVE-2026-11703MediumCVSS 7.5CVE-2026-11703
Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption
- Jul 1, 2026CVE-2026-57231HighCVSS 7.5CVE-2026-57231
Podman: Malformed Image can trick podman run into leaking host environment variables into the container
- Jul 1, 2026CVE-2026-13318MediumCVSS 6.4CVE-2026-13318
Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip
- Jul 1, 2026CVE-2026-13595MediumCVSS 6.8CVE-2026-13595
Util-linux: util-linux: heap use-after-free in libblkid nested partition probing
- Jul 1, 2026CVE-2026-11310HighCVSS 7.5CVE-2026-11310
X.509 trust-chain bypass in wolfSSL_X509_verify_cert() via untrusted intermediate anchoring
- Jul 1, 2026CVE-2026-10097HighCVSS 7.5CVE-2026-10097
ML-KEM-1024 x64 AVX2 incomplete cipher text comparison enables IND-CCA2 break and static private-key recovery
- Jul 1, 2026CVE-2026-10098MediumCVSS 5.3CVE-2026-10098
OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status
- Jul 1, 2026CVE-2026-8720MediumCVSS 7.5CVE-2026-8720
HMAC-BLAKE2 final discards message when key length exceeds block size
- Jul 1, 2026CVE-2026-10512LowCVSS 7.5CVE-2026-10512
X25519 x86_64 assembly final reduction leaves non-canonical field element
- Jul 1, 2026CVE-2026-10592MediumCVSS 5.3CVE-2026-10592
Wildcard DNS SAN bypasses CA name-constraint checks
- Jul 1, 2026CVE-2026-6325LowCVSS 7.5CVE-2026-6325
Out-of-bounds write in SetSuitesHashSigAlgo on oversized signature algorithms list
- Jul 1, 2026CVE-2026-55958HighCVSS 7.5CVE-2026-55958
Renesas TSIP TLS 1.3 transcript buffer out-of-bounds write in tsip_StoreMessage
- Jul 1, 2026CVE-2026-6731MediumCVSS 7.5CVE-2026-6731
X.509 name constraint bypass via Subject CN treated as a DNS name
- Jul 1, 2026CVE-2026-6330MediumCVSS 6.5CVE-2026-6330
ML-KEM ARM64 NEON ciphertext comparison only compares half of the input
- Jul 1, 2026CVE-2026-6331LowCVSS 7.5CVE-2026-6331
HMAC zero-length tag forgery in EVP_DigestVerifyFinal
- Jul 1, 2026CVE-2026-6094MediumCVSS 9.1CVE-2026-6094
Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData
- Jul 1, 2026CVE-2026-6678LowCVSS 5.3CVE-2026-6678
Integer underflow in wc_PKCS7_DecryptOri handling crafted Other Recipient Info
- Jul 1, 2026CVE-2026-55961HighCVSS 7.5CVE-2026-55961
wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer
- Jul 1, 2026CVE-2026-6329MediumCVSS 6.5CVE-2026-6329
PKCS#12 MAC verification uses attacker-controlled comparison length
- Jul 1, 2026CVE-2026-55964MediumCVSS 5.3CVE-2026-55964
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA (temporary CA exemption)
- Jul 1, 2026CVE-2026-55960HighCVSS 7.5CVE-2026-55960
Un-negotiated Raw Public Key (RFC 7250) accepted in place of X.509, bypassing chain validation
- Jul 1, 2026CVE-2026-6450LowCVSS 5.3CVE-2026-6450
CRL critical extension bypass in ParseCRL_Extensions
- Jul 1, 2026CVE-2026-7532MediumCVSS 7.5CVE-2026-7532
iPAddress name constraints not enforced when WOLFSSL_IP_ALT_NAME is undefined
- Jul 1, 2026CVE-2026-6291MediumCVSS 6.5CVE-2026-6291
Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption
- Jul 1, 2026CVE-2026-57918HighCVSS 7.1CVE-2026-57918
libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker.
- Jul 1, 2026CVE-2026-13325HighCVSS 8.5CVE-2026-13325
Virt-handler-rhel9: kubevirt: kubevirt: disabletls migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces
- Jul 1, 2026CVE-2026-13218MediumCVSS 4.2CVE-2026-13218
Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher
- Jul 1, 2026CVE-2026-13208MediumCVSS 6.5CVE-2026-13208
Kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts vmi identity from unauthenticated grpc request body
- Jul 1, 2026CVE-2026-13322CVSS 3.8CVE-2026-13322
Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service
- Jul 1, 2026CVE-2026-58014HighCVSS 7.3CVE-2026-58014
Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list"
- Jul 1, 2026CVE-2026-58013MediumCVSS 6.5CVE-2026-58013
Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
- Jul 1, 2026CVE-2026-58011MediumCVSS 6.5CVE-2026-58011
Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime
- Jul 1, 2026CVE-2026-58012MediumCVSS 6.5CVE-2026-58012
Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
- Jul 1, 2026CVE-2026-58016MediumCVSS 7.5CVE-2026-58016
Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
- Jul 1, 2026CVE-2026-58015MediumCVSS 5.9CVE-2026-58015
Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive
- Jul 1, 2026CVE-2026-58010MediumCVSS 6.5CVE-2026-58010
Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal()
- Jul 1, 2026CVE-2026-48779HighCVSS 7.5CVE-2026-48779
ws: Memory exhaustion DoS from tiny fragments and data chunks
- Jul 1, 2026CVE-2026-42055HighCVSS 8.1CVE-2026-42055
NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability
- Jun 30, 2026CVE-2026-11979LowCVE-2026-11979
Stack-Based Buffer Overflow in libxml2
- Jun 30, 2026CVE-2026-41992MediumCVE-2026-41992
Global Buffer Overflow in GNU gzip
- Jun 30, 2026CVE-2026-53325MediumCVSS 5.5CVE-2026-53325
agp/amd64: Fix broken error propagation in agp_amd64_probe()
- Jun 30, 2026CVE-2026-54371MediumCVSS 7.1CVE-2026-54371
attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr
- Jun 30, 2026CVE-2026-41991LowCVE-2026-41991
Predictable Temporary File in GNU gzip
- Jun 30, 2026CVE-2026-58055MediumCVSS 5.4CVE-2026-58055
nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length
- Jun 30, 2026CVE-2026-52909HighCVSS 7.8CVE-2026-52909
ip6_vti: set netns_immutable on the fallback device.
- Jun 30, 2026CVE-2026-53655MediumCVSS 5.5CVE-2026-53655
node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)
- Jun 30, 2026CVE-2026-53279MediumCVSS 5.5CVE-2026-53279
drm/gma500/oaktrail_lvds: fix hang on init failure
- Jun 30, 2026CVE-2026-53295MediumCVSS 5.5CVE-2026-53295
mailbox: add sanity check for channel array
- Jun 30, 2026CVE-2026-44889MediumCVSS 6.1CVE-2026-44889
WebOb: Location header normalization during redirect leads to open redirect
- Jun 30, 2026CVE-2026-53314MediumCVSS 5.5CVE-2026-53314
padata: Put CPU offline callback in ONLINE section to allow failure
- Jun 30, 2026CVE-2026-53303HighCVSS 7.1CVE-2026-53303
f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()
- Jun 30, 2026CVE-2026-53287MediumCVSS 5.5CVE-2026-53287
audit: fix incorrect inheritable capability in CAPSET records
- Jun 30, 2026CVE-2026-53289MediumCVSS 5.5CVE-2026-53289
ice: fix NULL pointer dereference in ice_reset_all_vfs()
- Jun 30, 2026CVE-2026-53294MediumCVSS 5.5CVE-2026-53294
mailbox: mailbox-test: don't free the reused channel
- Jun 30, 2026CVE-2026-53293MediumCVSS 5.5CVE-2026-53293
drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG
- Jun 30, 2026CVE-2026-53297MediumCVSS 5.5CVE-2026-53297
net: mana: Guard mana_remove against double invocation
- Jun 30, 2026CVE-2026-53291MediumCVSS 5.5CVE-2026-53291
ALSA: hda/conexant: Fix missing error check for jack detection
- Jun 30, 2026CVE-2026-53306HighCVSS 7.1CVE-2026-53306
tty: hvc_iucv: fix off-by-one in number of supported devices
- Jun 30, 2026CVE-2026-53313MediumCVSS 5.5CVE-2026-53313
drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths
- Jun 30, 2026CVE-2026-53304MediumCVSS 5.5CVE-2026-53304
scsi: sg: Resolve soft lockup issue when opening /dev/sgX
- Jun 30, 2026CVE-2026-53309CriticalCVSS 9.8CVE-2026-53309
ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison
- Jun 30, 2026CVE-2026-53284HighCVSS 7.5CVE-2026-53284
btrfs: only release the dirty pages io tree after successful writes
- Jun 30, 2026CVE-2026-53292MediumCVSS 5.5CVE-2026-53292
net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind
- Jun 30, 2026CVE-2026-53296MediumCVSS 5.5CVE-2026-53296
mailbox: mailbox-test: free channels on probe error
- Jun 30, 2026CVE-2026-53320MediumCVSS 5.5CVE-2026-53320
nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()
- Jun 30, 2026CVE-2026-53252MediumCVSS 5.5CVE-2026-53252
Bluetooth: fix memory leak in error path of hci_alloc_dev()
- Jun 30, 2026CVE-2026-57451MediumCVSS 5.3CVE-2026-57451
Vim: Out-of-bounds Read in Text Property Count
- Jun 30, 2026CVE-2026-53156MediumCVSS 5.5CVE-2026-53156
nvmem: core: fix use-after-free bugs in error paths
- Jun 30, 2026CVE-2026-52944CriticalCVSS 9.8CVE-2026-52944
ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE
- Jun 30, 2026CVE-2026-53070MediumCVSS 5.5CVE-2026-53070
sctp: disable BH before calling udp_tunnel_xmit_skb()
- Jun 30, 2026CVE-2026-53176HighCVSS 9.1CVE-2026-53176
IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN
- Jun 30, 2026CVE-2026-52985MediumCVSS 5.5CVE-2026-52985
netdevsim: zero initialize struct iphdr in dummy sk_buff
- Jun 30, 2026CVE-2026-52935HighCVSS 7.8CVE-2026-52935
xfrm: espintcp: do not reuse an in-progress partial send
- Jun 30, 2026CVE-2026-52962CriticalCVSS 9.8CVE-2026-52962
ceph: fix a buffer leak in __ceph_setxattr()
- Jun 30, 2026CVE-2026-53034MediumCVSS 7.0CVE-2026-53034
bpf, sockmap: Fix af_unix null-ptr-deref in proto update
- Jun 30, 2026CVE-2026-53016MediumCVSS 7.1CVE-2026-53016
crypto: ccp - copy IV using skcipher ivsize
- Jun 30, 2026CVE-2026-57235HighCVSS 8.2CVE-2026-57235
Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`
- Jun 30, 2026CVE-2026-53050MediumCVSS 5.5CVE-2026-53050
quota: Fix race of dquot_scan_active() with quota deactivation
- Jun 30, 2026CVE-2026-52958MediumCVSS 5.5CVE-2026-52958
libceph: Fix potential out-of-bounds access in osdmap_decode()
- Jun 30, 2026CVE-2026-53232MediumCVSS 5.5CVE-2026-53232
net: phy: clean the sfp upstream if phy probing fails
- Jun 30, 2026CVE-2026-57434HighCVSS 7.5CVE-2026-57434
Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes
- Jun 30, 2026CVE-2026-52998MediumCVSS 7.0CVE-2026-52998
netfilter: nfnetlink_osf: fix potential NULL dereference in ttl check
- Jun 30, 2026CVE-2026-53091MediumCVSS 7.1CVE-2026-53091
net: pull headers in qdisc_pkt_len_segs_init()
- Jun 30, 2026CVE-2026-53108MediumCVSS 5.5CVE-2026-53108
powerpc/64s: Fix unmap race with PMD migration entries
- Jun 30, 2026CVE-2026-53080MediumCVSS 5.5CVE-2026-53080
net/sched: cls_fw: fix NULL dereference of "old" filters before change()
- Jun 30, 2026CVE-2026-53135MediumCVSS 5.5CVE-2026-53135
drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs
- Jun 30, 2026CVE-2026-57234LowCVSS 2.6CVE-2026-57234
Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247
- Jun 30, 2026CVE-2026-52970MediumCVSS 5.5CVE-2026-52970
netfilter: nft_ct: fix missing expect put in obj eval
- Jun 30, 2026CVE-2026-52930MediumCVSS 5.5CVE-2026-52930
ipc/shm: serialize orphan cleanup with shm_nattch updates
- Jun 30, 2026CVE-2026-57236HighCVSS 8.2CVE-2026-57236
Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception