CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Published April 19, 2026
Information published.
Microsoft Security Response Center Blog Alerts
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Published April 19, 2026
Information published.
CVE-2026-5160
Published April 19, 2026
Information published.
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Published April 19, 2026
Information published.
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
Published April 19, 2026
Information published.
CVE-2026-35469 SpdyStream: DOS on CRI
Published April 17, 2026
Information published.
CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed
Published April 17, 2026
Information published.
CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers
Published April 17, 2026
Information published.
CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input
Published April 17, 2026
Information published.
CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()
Published April 17, 2026
Information published.
