● Live advisory feed
Security Advisory Fusion for CSIRTs, SOCs & Defenders
Security advisories from 24 sources — CISA, CERT-EU, NCSC-UK, BSI, CERT-FR, NCSC-NL, JPCERT/CC, JVN, HKCERT, the Canadian Cyber Centre, NVD, GitHub, Microsoft, Cisco, Fortinet, Palo Alto Networks and more — normalized, translated to English and flagged against the CISA KEV catalog. One global feed for CSIRTs, SOCs and defenders.
CVE-2026-52955: libceph: Fix potential out-of-bounds access in crush_decode()
CVE-2026-40930: LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body
CVE-2026-58015: Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive
CVE-2026-53106: bpf: Do not allow deleting local storage in NMI
CVE-2026-58012: Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
CVE-2026-52937: tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDR
CVE-2026-58013: Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
CVE-2026-58014: Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list"
CVE-2026-13322: Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service
CVE-2026-53010: ksmbd: fix use-after-free in smb2_open during durable reconnect
CVE-2026-53208: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig
CVE-2026-10722: cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow
CVE-2026-12013: Chromium: CVE-2026-12013 Use after free Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-53041: ocfs2: fix listxattr handling when the buffer is full
CVE-2026-53011: net/sched: taprio: fix use-after-free in advance_sched() on schedule switch
CVE-2026-53043: ocfs2/dlm: validate qr_numregions in dlm_match_regions()
CVE-2026-52961: ceph: fix BUG_ON in __ceph_build_xattrs_blob() due to stale blob size
CVE-2026-53190: drm/virtio: fix dma_fence refcount leak on error in virtio_gpu_dma_fence_wait()
CVE-2026-12014: Chromium: CVE-2026-12014 Use after free Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-53132: vsock/virtio: fix potential unbounded skb queue
CVE-2026-52977: futex: Prevent lockup in requeue-PI during signal/ timeout wakeup
CVE-2026-50263: Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()
CVE-2026-50258: Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels
CVE-2026-57062: CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182.
CVE-2026-53212: netfilter: nft_tunnel: fix use-after-free on object destroy
CVE-2026-46245: drm/amd/display: Fix dc_link NULL handling in HPD init
CVE-2026-11007: Chromium: CVE-2026-11007 Insufficient validation of untrusted input in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-56409: xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.
CVE-2026-50257: Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()
CVE-2026-50260: Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()
CVE-2026-53021: scsi: target: core: Fix integer overflow in UNMAP bounds check
CVE-2026-50262: Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes
CVE-2026-50256: Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch
CVE-2026-53059: dm log: fix out-of-bounds write due to region_count overflow
CVE-2026-10879: DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders
CVE-2026-49975: Apache HTTP Server: mod_http2 denial of service
CVE-2026-11463: USCiLab Cereal Shared Pointer type confusion
CVE-2026-43958: Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service
CVE-2026-52912: netfilter: nf_queue: hold bridge skb->dev while queued
CVE-2026-50219: libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,
CVE-2026-42504: Quadratic complexity in WordDecoder.DecodeHeader in mime
CVE-2026-46244: netfilter: nft_inner: Fix IPv6 inner_thoff desync
CVE-2026-46252: regulator: core: fix locking in regulator_resolve_supply() error path
CVE-2026-12017: Chromium: CVE-2026-12017 Insufficient validation of untrusted input Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-42824: M365 Copilot Information Disclosure Vulnerability
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-45497: Microsoft M365 Copilot Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
CVE-2026-46320: tap: free page on error paths in tap_get_user_xdp()
CVE-2026-46324: netfilter: nf_tables: use list_del_rcu for netlink hooks
CVE-2026-12007: Chromium: CVE-2026-12007 Use after free Core
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.