● Live advisory feed
Security Advisory Fusion for CSIRTs, SOCs & Defenders
Security advisories from 24 sources — CISA, CERT-EU, NCSC-UK, BSI, CERT-FR, NCSC-NL, JPCERT/CC, JVN, HKCERT, the Canadian Cyber Centre, NVD, GitHub, Microsoft, Cisco, Fortinet, Palo Alto Networks and more — normalized, translated to English and flagged against the CISA KEV catalog. One global feed for CSIRTs, SOCs and defenders.
CVE-2026-53063: dm cache: fix write hang in passthrough mode
CVE-2026-42971: Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42969: Windows Push Notification Information Disclosure Vulnerability
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42972: Windows Hyper-V Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
CVE-2026-53161: misc: fastrpc: fix use-after-free of fastrpc_user in workqueue context
CVE-2026-6678: Integer underflow in wc_PKCS7_DecryptOri handling crafted Other Recipient Info
CVE-2026-53115: bus: fsl-mc: use generic driver_override infrastructure
CVE-2026-52986: netfilter: nf_conntrack_sip: don't use simple_strtoul
CVE-2026-53013: macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF
CVE-2026-53194: USB: serial: kl5kusb105: fix bulk-out buffer overflow
CVE-2026-46250: MIPS: Work around LLVM bug when gp is used as global register variable
CVE-2026-48854: Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc
CVE-2026-11007: Chromium: CVE-2026-11007 Insufficient validation of untrusted input in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-45445: AES-OCB IV Ignored on EVP_Cipher() Path
CVE-2026-46643: Snappy: Binary path is never shell-escaped due to an inverted is_executable check
CVE-2026-42968: Windows Telephony Server Information Disclosure Vulnerability
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
CVE-2026-42915: Microsoft Windows VMSwitch Denial of Service Vulnerability
Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service locally.
CVE-2026-11077: Chromium: CVE-2026-11077 Out of bounds read in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-52956: libceph: Fix potential out-of-bounds access in __ceph_x_decrypt()
CVE-2026-53228: ipv6: sit: reload inner IPv6 header after GSO offloads
CVE-2026-11822: SQLite before 3.53.2 Memory Corruption in FTS5 Extension
CVE-2026-53230: net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list
CVE-2026-9539: libslirp TCP URG OOB Read Information Leak
CVE-2026-53112: wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq_prepare_bcn_tasklet
CVE-2026-9697: undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
CVE-2026-46314: drm/v3d: Reject empty multisync extension to prevent infinite loop
CVE-2026-46282: iio: frequency: admv1013: fix NULL pointer dereference on str
CVE-2026-52915: netfilter: ip6t_hbh: reject oversized option lists
CVE-2026-53065: ASoC: sti: use managed regmap_field allocations
CVE-2026-53274: net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS
CVE-2026-42914: Windows Kerberos Denial of Service Vulnerability
CVE-2026-53139: drm/v3d: Skip CSD when it has zeroed workgroups
CVE-2026-42912: Windows Telephony Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-56131: libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).
CVE-2026-11064: Chromium: CVE-2026-11064 Uninitialized Use in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-42913: Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-53096: bpf: Use RCU-safe iteration in dev_map_redirect_multi() SKB path
CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve helpers
CVE-2026-53237: gpio: mvebu: fix NULL pointer dereference in suspend/resume
CVE-2026-52922: batman-adv: dat: handle forward allocation error
CVE-2026-49851: Mistune: Potential DoS via quadratic-time parsing in parse_link_text
CVE-2026-53258: wifi: fix leak if split 6 GHz scanning fails
CVE-2026-53267: netfilter: nft_ct: bail out on template ct in get eval
CVE-2026-53220: netfilter: revalidate bridge ports
CVE-2026-53039: ocfs2: validate group add input before caching
CVE-2026-52992: fs/adfs: validate nzones in adfs_validate_bblk()
CVE-2026-42911: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-42916: NT OS Kernel Elevation of Privilege Vulnerability
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.