CVE-2022-27782 libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However several TLS andSSH settings were left out from the configuration match checks making themmatch too easily.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-27782
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-27782
CVE-2022-22576 An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S) IMAP(S) POP3(S) and LDAP(S) (openldap only).
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22576
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22576
CVE-2025-66382 In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382
CVE-2025-58436 OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436
CVE-2023-53543 vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53543
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53543
CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656
CVE-2025-68973 In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68973
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68973
CVE-2026-21620 TFTP Path Traversal
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21620
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21620
CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27211
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27211
CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26960
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26960
CVE-2026-2739 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2739
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2739
CVE-2026-27199 Werkzeug safe_join() allows Windows special device names
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27199
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27199
CVE-2021-20233 A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-20233
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-20233
CVE-2021-20225 A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-20225
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-20225
CVE-2025-11563 wcurl path traversal with percent-encoded slashes
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11563
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11563
CVE-2025-61145 libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61145
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61145
CVE-2025-61144 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61144
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61144
CVE-2025-61143 libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61143
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61143
CVE-2026-23225 sched/mmcid: Don't assume CID is CPU owned on mode switch
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23225
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23225
CVE-2026-23223 xfs: fix UAF in xchk_btree_check_block_owner
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23223
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23223
CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62878
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62878