CVE-2025-71119 powerpc/kexec: Enable SMT before waking offline CPUs
Published February 18, 2026
Information published.
Microsoft Security Response Center Blog Alerts
CVE-2025-71118 ACPICA: Avoid walking the Namespace if start_node is NULL
Published February 18, 2026
Information published.
CVE-2025-71111 hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
Published February 18, 2026
Information published.
CVE-2024-40635 containerd has an integer overflow in User ID handling
Published February 18, 2026
Information published.
CVE-2025-2295 Potential iSCSI R2T PDU Vulnerability
Published February 18, 2026
Information published.
CVE-2023-5764 Ansible: template injection
Published February 18, 2026
Information published.
CVE-2023-6864 Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Published February 18, 2026
Information published.
CVE-2021-32714 Integer Overflow in Chunked Transfer-Encoding
Published February 18, 2026
Information published.
CVE-2017-15042 An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.
Published February 18, 2026
Information published.
CVE-2023-6856 The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Published February 18, 2026
Information published.
