Microsoft MSRC
CVE-2026-46129 btrfs: fix double free in create_space_info() error path
Information published.
vulnerability
Archive
Page 15 of 20 — 1152 stories total
Microsoft MSRC
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46136 wifi: mt76: mt7921: fix a potential clc buffer length underflow
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46177 ipmi: Add limits to event and receive message requests
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46132 net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46196 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46127 RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46236 media: rc: xbox_remote: heed DMA restrictions
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46164 btrfs: fix double free in create_space_info_sub_group() error path
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46116 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46225 spi: rspi: fix controller deregistration
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46208 batman-adv: stop tp_meter sessions during mesh teardown
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46176 RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46107 dm-thin: fix metadata refcount underflow
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46171 riscv: kvm: fix vector context allocation leak
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46234 vsock: fix buffer size clamping order
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46205 staging: media: atomisp: Disallow all private IOCTLs
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46220 drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46197 drm/amdkfd: validate SVM ioctl nattr against buffer size
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46158 mptcp: pm: ADD_ADDR rtx: always decrease sk refcount
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46212 batman-adv: bla: prevent use-after-free when deleting claims
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46165 openvswitch: vport: fix self-deadlock on release of tunnel ports
Information published.
vulnerability
Graham Cluley
Police arrest man following hack of Ajax football club
Dutch police have arrested a 35-year-old man suspected of hacking into the computer systems of Amsterdam football giant Ajax, after the personal data of hundreds of thousands of supporters was put at risk. Read more in my article on the Hot for Security blog.
Microsoft MSRC
CVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46226 spi: fsl: fix controller deregistration
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46185 smb/client: fix out-of-bounds read in symlink_data()
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46159 btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46115 block: add pgmap check to biovec_phys_mergeable
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46180 wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task
Information published.
vulnerability
Microsoft MSRC
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directory
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46173 exit: prevent preemption of oopsing TASK_DEAD task
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46128 ipmi: Check event message buffer response for bad data
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46109 usb: ulpi: fix memory leak on ulpi_register() error paths
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46110 net: stmmac: Prevent NULL deref when RX memory exhausted
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46195 smb: client: validate dacloffset before building DACL pointers
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46131 KVM: x86: check for nEPT/nNPT in slow flush hypercalls
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX path
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46198 batman-adv: fix integer overflow on buff_pos
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46172 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-race
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46200 spi: mpc52xx: fix controller deregistration
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46214 vsock/virtio: fix accept queue count leak on transport mismatch
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insert
Information published.
vulnerability
Microsoft MSRC
CVE-2026-46219 spi: mpc52xx: fix use-after-free on unbind
Information published.
vulnerability
WeLiveSecurity
This month in security with Tony Anscombe – May 2026 edition
In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-day exploit
zero day
Graham Cluley
MyPillow listed on ransomware gang’s leak site, but denies it has been breached
A notorious ransomware gang claims to have stolen MyPillow's private data, but CEO Mike Lindell calls it a politically motivated "hit job." With the countdown ticking toward a massive dark web leak, who is telling the truth? Read more in my article on the Hot for Security blog.
ransomware