MSRC Reports
@msrcreports
61 subscribers
2.97K links
Microsoft Security Response Center Reports
(Unofficial).

Reports usually come in bursts, because that's just how Microsoft releases them.
Download Telegram
About
Blog
Apps
Platform
Join
MSRC Reports
61 subscribers
MSRC Reports
CVE-2025-71089 iommu: disable SVA when CONFIG_X86 is set

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71089
9 views
MSRC Reports
CVE-2025-15079 libssh global known_hosts override

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-15079
9 views
MSRC Reports
CVE-2025-15224 libssh key passphrase bypass without agent set

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-15224
8 views
MSRC Reports
CVE-2025-11563 wcurl path traversal with percent-encoded slashes

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11563
8 views
MSRC Reports
CVE-2025-61145 libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61145
9 views
MSRC Reports
CVE-2026-21620 TFTP Path Traversal

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21620
9 views
MSRC Reports
CVE-2026-1979 mruby JMPNOT-to-JMPIF Optimization vm.c mrb_vm_exec use after free

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-1979
10 views
MSRC Reports
CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62878
13 views
MSRC Reports
CVE-2026-27199 Werkzeug safe_join() allows Windows special device names

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27199
13 views
MSRC Reports
CVE-2026-23224 erofs: fix UAF issue for file-backed mounts w/ directio option

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23224
12 views
MSRC Reports
CVE-2025-71230 hfs: ensure sb->s_fs_info is always cleaned up

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71230
14 views
MSRC Reports
CVE-2026-23217 riscv: trace: fix snapshot deadlock with sbi ecall

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23217
15 views
MSRC Reports
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58160
13 views
MSRC Reports
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25541
12 views
MSRC Reports
CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27965
12 views
MSRC Reports
CVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi module

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-24856
12 views
MSRC Reports
CVE-2026-3338 PKCS7_verify Signature Validation Bypass in AWS-LC

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3338
12 views
MSRC Reports
CVE-2026-23231 netfilter: nf_tables: fix use-after-free in nf_tables_addchain()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23231
13 views
MSRC Reports
CVE-2025-71238 scsi: qla2xxx: Fix bsg_done() causing double free

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71238
12 views
MSRC Reports
CVE-2026-23236 fbdev: smscufx: properly copy ioctl memory to kernelspace

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23236
12 views
MSRC Reports
CVE-2026-23865 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23865
11 views