● Live advisory feed
Security Advisory Fusion for CSIRTs, SOCs & Defenders
Security advisories from 24 sources — CISA, CERT-EU, NCSC-UK, BSI, CERT-FR, NCSC-NL, JPCERT/CC, JVN, HKCERT, the Canadian Cyber Centre, NVD, GitHub, Microsoft, Cisco, Fortinet, Palo Alto Networks and more — normalized, translated to English and flagged against the CISA KEV catalog. One global feed for CSIRTs, SOCs and defenders.
CVE-2026-44814: Windows DWM Core Library Information Disclosure Vulnerability
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-46280: lib: test_hmm: evict device pages on file close to avoid use-after-free
CVE-2026-11215: Chromium: CVE-2026-11215 Inappropriate implementation in Cronet
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-46285: mtd: docg3: fix use-after-free in docg3_release()
CVE-2026-46275: Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
CVE-2026-42983: Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44815: DHCP Client Service Remote Code Execution Vulnerability
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
CVE-2026-11172: Chromium: CVE-2026-11172 Incorrect security UI in Contact Picker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-11167: Chromium: CVE-2026-11167 Inappropriate implementation in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-44799: Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-44807: Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44808: Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-52942: netfilter: nf_log: validate MAC header was set before dumping it
CVE-2026-11163: Chromium: CVE-2026-11163 Use after free in Messages
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-44811: Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-53249: ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options
CVE-2026-44805: Windows Network Controller (NC) Host Agent Denial of Service Vulnerability
Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.
CVE-2026-42992: Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-11127: Chromium: CVE-2026-11127 Inappropriate implementation in WebAPKs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-48574: Windows Media Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-47162: Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name
CVE-2026-44810: Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
CVE-2026-52918: Bluetooth: serialize accept_q access
CVE-2026-52934: batman-adv: tvlv: reject oversized TVLV packets
CVE-2026-53151: rxrpc: Fix the ACK parser to extract the SACK table for parsing
CVE-2026-53120: PCI: use generic driver_override infrastructure
CVE-2026-54905: concurrent-ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity
CVE-2026-49161: Microsoft PC Manager Security Feature Bypass Vulnerability
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-55653: Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service
CVE-2026-48779: ws: Memory exhaustion DoS from tiny fragments and data chunks
CVE-2026-44809: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-42989: Winlogon Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-42991: Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-53158: misc: fastrpc: Fix NULL pointer dereference in rpmsg callback
CVE-2026-42979: Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42977: Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42978: Windows Push Notifications Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-10940: Chromium: CVE-2026-10940 Race in Codecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-53213: drm/vc4: fix krealloc() memory leak
CVE-2026-53022: platform/x86: dell-wmi-sysman: bound enumeration string aggregation
CVE-2026-42986: Microsoft Graphics Component Elevation of Privilege Vulnerability
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-45645: Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-53163: locking/rtmutex: Skip remove_waiter() when waiter is not enqueued
CVE-2026-42974: Windows Performance Monitor Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-53325: agp/amd64: Fix broken error propagation in agp_amd64_probe()
CVE-2026-42981: Windows Performance Monitor Remote Code Execution Vulnerability
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-42984: Windows Kernel Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42973: Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42970: Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.