CVE-2018-0735 Timing attack against ECDSA signature generation
Published April 28, 2026
Information published.
Microsoft Security Response Center Blog Alerts
CVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardown
Published April 28, 2026
Information published.
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
Published April 28, 2026
Information published.
CVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
Published April 28, 2026
Information published.
CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability
Published April 22, 2026
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published April 22, 2026
Acknowledgement added. This is an informational change only.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Published April 22, 2026
Information published.
CVE-2026-41254
Published April 22, 2026
Information published.
CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability
Published April 22, 2026
Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.
CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
Published April 22, 2026
Added acknowledgements. This is an informational change only.
