● Live advisory feed
Security Advisory Fusion for CSIRTs, SOCs & Defenders
Security advisories from 24 sources — CISA, CERT-EU, NCSC-UK, BSI, CERT-FR, NCSC-NL, JPCERT/CC, JVN, HKCERT, the Canadian Cyber Centre, NVD, GitHub, Microsoft, Cisco, Fortinet, Palo Alto Networks and more — normalized, translated to English and flagged against the CISA KEV catalog. One global feed for CSIRTs, SOCs and defenders.
CVE-2026-42909: Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42980: NT OS Kernel Elevation of Privilege Vulnerability
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42908: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-42907: Windows Shell Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
CVE-2026-42906: Windows Shell Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
CVE-2026-42905: Windows DWM Core Library Elevation of Privilege Vulnerability
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42904: Windows TCP/IP Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-42903: Windows Kerberos Denial of Service Vulnerability
Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
CVE-2026-52953: iommu/vt-d: Fix oops due to out of scope access
CVE-2026-53086: net: bcmgenet: fix racing timeout handler
CVE-2026-53015: erofs: unify lcn as u64 for 32-bit platforms
CVE-2026-46319: net/sched: act_ct: Only release RCU read lock after ct_ft
CVE-2026-42837: Windows Projected File System Elevation of Privilege Vulnerability
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-42836: Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-53089: bpf: Fix use-after-free in offloaded map/prog info fill
CVE-2026-52919: batman-adv: fix tp_meter counter underflow during shutdown
CVE-2026-53133: RDMA/umem: Fix truncation for block sizes >= 4G
CVE-2026-12442: Chromium: CVE-2026-12442 Use after free in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-54906: concurrent-ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption
CVE-2026-12448: Chromium: CVE-2026-12448 Inappropriate implementation in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-53275: ipv6: mcast: Fix use-after-free when processing MLD queries
CVE-2026-12469: Chromium: CVE-2026-12469 Uninitialized Use in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-12438: Chromium: CVE-2026-12438 Inappropriate implementation in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-53178: staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction
CVE-2026-12032: Chromium: CVE-2026-12032 Inappropriate implementation Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-12505: Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall
CVE-2026-52931: batman-adv: tp_meter: avoid use of uninit sender vars
CVE-2026-52923: ipc: limit next_id allocation to the valid ID range
CVE-2026-53184: udp: clear skb->dev before running a sockmap verdict
CVE-2026-12030: Chromium: CVE-2026-12031 Inappropriate implementation Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2025-15661: libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c
CVE-2026-53018: f2fs: avoid reading already updated pages during GC
CVE-2026-53107: wifi: libertas: don't kill URBs in interrupt context
CVE-2026-47241: Net::IMAP: Denial of Service via incomplete raw argument validation
CVE-2026-53181: vsock/vmci: fix sk_ack_backlog leak on failed handshake
CVE-2026-11647: Chromium: CVE-2026-11647 Use after free in Printing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-53052: ASoC: qcom: qdsp6: topology: check widget type before accessing data
CVE-2026-53143: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11
CVE-2026-53209: Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend
CVE-2026-53149: thunderbolt: Bound root directory content to block size
CVE-2026-53192: ALSA: timer: Fix UAF at snd_timer_user_params()
CVE-2026-52960: ceph: put folios not suitable for writeback
CVE-2026-52920: netfilter: xt_policy: fix strict mode inbound policy matching
CVE-2026-53150: thunderbolt: Reject zero-length property entries in validator
CVE-2026-53082: net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf
CVE-2026-12028: Chromium: CVE-2026-12028 Use after free GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.