Network Services Group

Network Services Group https://validator.w3.org/feed/docs/rss2.html CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability Blog CVE-2025-71073 Input: lkkbd – disable pending work before freeing device CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function CVE-2026-42915 Microsoft Windows VMSwitch Denial of Service Vulnerability CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability Welcome to Network Services Group CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration CVE-2026-46291 crypto: caam – guard HMAC key hex dumps in hash_digest_key CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending() CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd CVE-2025-71072 shmem: fix recovery on rename failures CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html How VoIP helps remote teams work smarter Use Viva Insights to build a more productive team CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc Microsoft Edge features that help you work smarter in 2026 Practical strategies for securing your corporate Windows webcams Should you use private browsing to protect your data? How hospitals can keep thousands of connected devices secure Why identity is the new internal highway for cyberattacks Optimizing desktop and laptop settings for eco-friendly computing How SaaS helps SMBs save money and work more efficiently CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext. Chromium: CVE-2026-11700 Use after free in Tracing Chromium: CVE-2026-11699 Use after free in Bluetooth Chromium: CVE-2026-11698 Use after free in Bluetooth Chromium: CVE-2026-11697 Insufficient validation of untrusted input in UI Chromium: CVE-2026-11696 Uninitialized Use in Video Chromium: CVE-2026-11695 Inappropriate implementation in Passwords Chromium: CVE-2026-11694 Use after free in ServiceWorker Chromium: CVE-2026-11693 Inappropriate implementation in Plugins Chromium: CVE-2026-11692 Use after free in Read Anything Chromium: CVE-2026-11691 Insufficient validation of untrusted input in New Tab Page Chromium: CVE-2026-11690 Out of bounds read and write in Media Chromium: CVE-2026-11689 Insufficient validation of untrusted input in Passwords Chromium: CVE-2026-11688 Object lifecycle issue in SVG Chromium: CVE-2026-11687 Use after free in Dawn Chromium: CVE-2026-11686 Insufficient validation of untrusted input in Dawn Chromium: CVE-2026-11685 Insufficient data validation in MediaCapture