CVE-2026-27199 Werkzeug safe_join() allows Windows special device names

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27199

CVE-2021-20233 A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-20233

CVE-2021-20225 A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-20225

CVE-2025-11563 wcurl path traversal with percent-encoded slashes

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11563

CVE-2025-61145 libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61145

CVE-2025-61144 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61144

CVE-2025-61143 libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61143

CVE-2026-23225 sched/mmcid: Don't assume CID is CPU owned on mode switch

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23225

CVE-2026-23223 xfs: fix UAF in xchk_btree_check_block_owner

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23223

CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62878

CVE-2026-21863 Malformed Valkey Cluster bus message can lead to Remote DoS

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21863

CVE-2025-67733 Valkey Affected by RESP Protocol Injection via Lua error_reply

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-67733

CVE-2026-23224 erofs: fix UAF issue for file-backed mounts w/ directio option

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23224

CVE-2025-71230 hfs: ensure sb->s_fs_info is always cleaned up

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71230

CVE-2026-23229 crypto: virtio - Add spinlock protection with virtqueue notification

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23229

Chromium: CVE-2026-3061 Out of bounds read in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3061

Chromium: CVE-2026-3062 Out of bounds read and write in Tint

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3062

Chromium: CVE-2026-3063 Inappropriate implementation in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3063

CVE-2025-69873 ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-69873

CVE-2026-27969 Vitess users with backup storage access can write to arbitrary file paths on restore

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27969

CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27965