CVE-2025-14524 bearer token leak on cross-protocol redirect
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14524
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14524
CVE-2025-15224 libssh key passphrase bypass without agent set
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-15224
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-15224
CVE-2025-14017 broken TLS options for threaded LDAPS
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14017
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14017
CVE-2025-13034 No QUIC certificate pinning with GnuTLS
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13034
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13034
CVE-2025-68766 irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68766
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68766
CVE-2025-68753 ALSA: firewire-motu: add bounds check in put_user loop for DSP events
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68753
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68753
CVE-2025-21839 KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21839
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21839
CVE-2025-2953 PyTorch torch.mkldnn_max_pool2d denial of service
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-2953
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-2953
CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-58089
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-58089
CVE-2020-36426 An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-36426
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-36426
CVE-2022-27782 libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However several TLS andSSH settings were left out from the configuration match checks making themmatch too easily.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-27782
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-27782
CVE-2022-22576 An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S) IMAP(S) POP3(S) and LDAP(S) (openldap only).
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22576
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22576
CVE-2025-66382 In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382
CVE-2025-58436 OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436
CVE-2023-53543 vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53543
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53543
CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656
CVE-2025-68973 In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68973
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68973
CVE-2026-21620 TFTP Path Traversal
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21620
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21620
CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27211
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27211
CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26960
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26960
CVE-2026-2739 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2739
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2739