CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
Published May 19, 2026
Information published.
Microsoft Security Response Center Blog Alerts
CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
Published May 19, 2026
Information published.
CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
Published May 19, 2026
Information published.
CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
Published May 19, 2026
Information published.
CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
Published May 13, 2026
Information published.
CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload
Published May 13, 2026
Information published.
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published May 13, 2026
Acknowledgement Updated
CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published May 13, 2026
Updated the fixed version number. This is an informational change only.
CVE-2026-41636 Apache Thrift: Node.js skip() recursion
Published May 13, 2026
Information published.
CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow
Published May 13, 2026
Information published.
