Vendor advisories
60 alerts in this category.
Vendor-issued security advisories — the official statements from product vendors about vulnerabilities affecting their software, including patch timelines, workarounds, and detection guidance.
CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing (Severity: HIGH)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing (Severity: HIGH)". Topic areas: paloalto, firewall, vulnerability
CVE-2026-0263CVE-2026-0245 Prisma Access Agent: Information Disclosure Vulnerabilities (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0245 Prisma Access Agent: Information Disclosure Vulnerabilities (Severity: MEDIUM)". Topic areas: paloalto, firewall, vulnera
CVE-2026-0245CVE-2026-0244 Prisma SD-WAN: Improper Certificate Validation Vulnerability (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0244 Prisma SD-WAN: Improper Certificate Validation Vulnerability (Severity: MEDIUM)". Topic areas: paloalto, firewall, vulner
CVE-2026-0244CVE-2026-0247 Prisma Access Agent Endpoint DLP: Authorization Bypass Vulnerabilities (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0247 Prisma Access Agent Endpoint DLP: Authorization Bypass Vulnerabilities (Severity: MEDIUM)". Topic areas: paloalto, firewa
CVE-2026-0247CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled (Severity: HIGH)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled (Severity: HIGH)". Topic areas: paloalto, f
CVE-2026-0265CVE-2026-0240 Trust Protection Foundation: Sensitive Information Disclosure Vulnerability (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0240 Trust Protection Foundation: Sensitive Information Disclosure Vulnerability (Severity: MEDIUM)". Topic areas: paloalto, f
CVE-2026-0240CVE-2026-0256 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0256 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface (Severity: MEDIUM)". Topic areas: paloalto,
CVE-2026-0256CVE-2026-0262 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0262 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing (Severity: MEDIUM)". Topic areas: paloalto, firewall
CVE-2026-0262CVE-2026-0242 Trust Protection Foundation: SQL Injection Vulnerability (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0242 Trust Protection Foundation: SQL Injection Vulnerability (Severity: MEDIUM)". Topic areas: paloalto, firewall, vulnerabil
CVE-2026-0242CVE-2026-0261 PAN-OS: Authenticated Admin Command Injection Vulnerability (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0261 PAN-OS: Authenticated Admin Command Injection Vulnerability (Severity: MEDIUM)". Topic areas: paloalto, firewall, vulnera
CVE-2026-0261CVE-2026-0258 PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0258 PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching (Severity: MEDIUM)". Topic areas: paloalto,
CVE-2026-0258CVE-2026-0238 Broker VM: Improper Input Validation in Broker VM Certificate and Key Fields (Severity: LOW)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0238 Broker VM: Improper Input Validation in Broker VM Certificate and Key Fields (Severity: LOW)". Topic areas: paloalto, fir
CVE-2026-0238CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities (Severity: MEDIUM)". Topic areas: paloalto, firewall, vulnera
CVE-2026-0257CVE-2026-0248 Prisma Access Agent: Improper Certificate Validation Vulnerability (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0248 Prisma Access Agent: Improper Certificate Validation Vulnerability (Severity: MEDIUM)". Topic areas: paloalto, firewall,
CVE-2026-0248PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026) (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026) (Severity: MEDIUM)". Topic areas: paloalto, firew
CVE-2026-0243 Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through IPv6 Crafted Packet (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0243 Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through IPv6 Crafted Packet (Severity: MEDIUM)". Topic areas: paloal
CVE-2026-0243CVE-2026-0239 Chronosphere Chronocollector Information Disclosure Vulnerability (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0239 Chronosphere Chronocollector Information Disclosure Vulnerability (Severity: MEDIUM)". Topic areas: paloalto, firewall, v
CVE-2026-0239CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution (Severity: HIGH)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution (Severity: HI
CVE-2026-0264CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities (Severity: MEDIUM)". Topic areas: paloalto, firewall, vu
CVE-2026-0249CVE-2026-0241 Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0241 Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities (Severity: MEDIUM)". Topic areas: paloalto, fi
CVE-2026-0241Chrome Beta for iOS Update
Google Chrome Releases published an advisory on "Chrome Beta for iOS Update". Topic areas: google, chrome, browser, patch. Published May 13, 2026. See the original source linked under References for t
GoogleChrome Beta for Android Update
Google Chrome Releases published an advisory on "Chrome Beta for Android Update". Topic areas: google, chrome, browser, patch. Published May 13, 2026. See the original source linked under References f
GoogleChrome Beta for Desktop Update
Google Chrome Releases published an advisory on "Chrome Beta for Desktop Update". Topic areas: google, chrome, browser, patch. Published May 13, 2026. See the original source linked under References f
GoogleLinux Kernel Vulnerability copy.fail - CVE-2026-31431
CVSSv3 Score: 7.8 CVE-2026-31431In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except
LinuxCVE-2026-31431CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
Microsoft Security Response Center published an advisory on "CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash". Topic areas: microsoft, windows
CVE-2026-6210CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls
Microsoft Security Response Center published an advisory on "CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls". Topic areas: microsoft, windows, azure, patch. Published May
CVE-2026-43249CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains
Microsoft Security Response Center published an advisory on "CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains". Topic areas: microsoft, windows, azure, patch. Published May 13,
CVE-2026-40612CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences
Microsoft Security Response Center published an advisory on "CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated
CVE-2026-8177CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro
Microsoft Security Response Center published an advisory on "CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro". Topic areas: microsoft, windows, azure, patch. P
CVE-2026-43894CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode
Microsoft Security Response Center published an advisory on "CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode". Topic areas: microsoft, windows, azure, patch. Pu
CVE-2026-31767CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f
Microsoft Security Response Center published an advisory on "CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f". Topic areas: microsoft, windows, azure, patch. Published M
CVE-2026-41256CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)
Microsoft Security Response Center published an advisory on "CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)". Topic areas: microsoft, windows, azure, patch. Published May 1
CVE-2026-41257CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge
Microsoft Security Response Center published an advisory on "CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge". Topic areas: microsoft, windows, azure, patch. Published May 13, 2026. See th
CVE-2026-43896CVE-2026-40401 Windows TCP/IP Denial of Service Vulnerability
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
CVE-2026-40401CVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-40398CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
MicrosoftCVE-2026-40359CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
MicrosoftCVE-2026-40362CVE-2026-33837 Windows TCP/IP Local Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-33837CVE-2026-34331 Win32k Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34331CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41613CVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
MicrosoftCVE-2026-40377CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-34340CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over
CVE-2026-41109CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-35424CVE-2026-34338 Windows Telephony Service Elevation of Privilege Vulnerability
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-34338CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
MicrosoftCVE-2026-40364CVE-2026-34334 Windows TCP/IP Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34334CVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34344CVE-2026-41102 Microsoft PowerPoint for Android Spoofing Vulnerability
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
MicrosoftCVE-2026-41102CVE-2026-34347 Windows Win32k Elevation of Privilege Vulnerability
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34347CVE-2026-32175 .NET Core Tampering Vulnerability
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to cer
CVE-2026-32175CVE-2026-32185 Microsoft Teams Spoofing Vulnerability
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
MicrosoftCVE-2026-32185CVE-2026-34351 Windows TCP/IP Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34351CVE-2026-40403 Windows Graphics Component Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2026-40403CVE-2026-40382 Windows Telephony Service Elevation of Privilege Vulnerability
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-40382CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32177CVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
MicrosoftCVE-2026-34329CVE-2026-34333 Windows Win32k Elevation of Privilege Vulnerability
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34333CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
MicrosoftCVE-2026-40420CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
MicrosoftCVE-2026-40361
Get alerts that match YOUR environment
This page shows everything in the category. Vulnios narrows it down to alerts that affect your actual asset inventory — only the CVEs you need to act on.
Start a free scan