CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload
Published May 13, 2026
Information published.
Microsoft Security Response Center Blog Alerts
CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
Published May 13, 2026
Information published.
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Published May 13, 2026
Information published.
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published May 13, 2026
Acknowledgement Updated
CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published May 13, 2026
Updated the fixed version number. This is an informational change only.
CVE-2026-41636 Apache Thrift: Node.js skip() recursion
Published May 13, 2026
Information published.
CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow
Published May 13, 2026
Information published.
CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification
Published May 13, 2026
Information published.
CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow
Published May 13, 2026
Information published.
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.
Published May 13, 2026
Information published.
