CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21985

CVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-46754

CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4543

CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656

CVE-2025-8732 libxml2 xmlcatalog xmlParseSGMLCatalog recursion

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8732

CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53219

CVE-2026-24821 A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in turanszkij/WickedEngine.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24821

CVE-2025-68121 Unexpected session resumption in crypto/tls

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68121

CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27141

CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26122

CVE-2026-26125 Payment Orchestrator Service Elevation of Privilege Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26125

CVE-2026-26124 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26124

CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21536

CVE-2026-23651 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23651

CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68146

CVE-2026-22701 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22701

CVE-2026-28364 In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-28364

CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3494

CVE-2025-14524 bearer token leak on cross-protocol redirect

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14524

CVE-2025-10966 missing SFTP host verification with wolfSSH

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10966

CVE-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27138