Aggregator

Microsoft warned customers on Tuesday that they may have issues installing the latest monthly updates on some Windows devices that were upgraded to Windows 11 24H2 or 25H2. [...]

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.19.3. This vulnerability affects unknown code of the component octeontx2-af. This manipulation causes denial of service. This vulnerability appears as CVE-2026-46249. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.19.3 and classified as critical. This affects the function regulator_resolve_supply of the file drivers/regulator/core.c of the component regulator. This manipulation causes improper locking. This vulnerability is handled as CVE-2026-46252. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.12.74/6.18.13/6.19.3. It has been classified as critical. This issue affects the function get_unaligned_xx of the file security/apparmor/match.c of the component AppArmor. Performing a manipulation results in stack-based buffer overflow. This vulnerability was named CVE-2026-46254. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.6.127/6.12.74/6.18.13/6.19.3. It has been declared as critical. Impacted is the function remove of the file drivers/clk/clk.c of the component dmaengine. Executing a manipulation can lead to allocation of resources. The identification of this vulnerability is CVE-2026-46255. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.18.13/6.19.3. Affected by this vulnerability is an unknown functionality of the component NFS. Performing a manipulation results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-46256. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.19.3 on ARM32. It has been rated as critical. The affected element is the function read_current_timer of the file clocksource/drivers/timer-sp804 of the component clocksource. The manipulation leads to uninitialized pointer. This vulnerability is referenced as CVE-2026-46257. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.19.3. The impacted element is the function fsl_xcvr_mode_put of the component ASoC. This manipulation of the argument controls_rwsem causes deadlock. This vulnerability is registered as CVE-2026-46262. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.19.3. It has been declared as critical. This affects the function llc_shdlc_deinit of the component nfc. The manipulation results in use after free. This vulnerability was named CVE-2026-46267. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.18.13/6.19.3. Affected is the function p2pmem_alloc_mmap of the component P2PDMA. Performing a manipulation results in improper update of reference count. This vulnerability is cataloged as CVE-2026-46268. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.19.3 and classified as critical. Impacted is the function linehandle_create of the component gpio. Performing a manipulation results in denial of service. This vulnerability is known as CVE-2026-46258. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.127/6.12.74/6.18.13/6.19.3. The impacted element is the function wpcm_fiu_probe of the component spi. The manipulation of the argument memory_size results in null pointer dereference. This vulnerability is identified as CVE-2026-46261. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.18.13/6.19.3. Affected is the function k230_pinctrl_parse_functions of the component pinctrl. Such manipulation of the argument pctl_dev leads to null pointer dereference. This vulnerability is referenced as CVE-2026-46269. The attack needs to be initiated within the local network. No exploit is available. It is advisable to upgrade the affected component.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities (KEV) catalog. The two flaws added to […]

Конкуренция может исчезнуть до финального решения регулятора.

Anthropic unveils Claude Mythos 5 and Fable 5, a restricted-access frontier AI model and guardrailed version for everyone to use

Microsoft marked its largest-ever Patch Tuesday this month, by shipping fixes for nearly 200 vulnerabilities. Within hours, “Nightmare Eclipse”, the researcher behind weeks of escalating Windows exploit releases, dropped a proof-of-concept exploit for a new zero-day: “RoguePlanet”, which abuses a race condition in Windows Defender to spawn a command shell running with SYSTEM-level privileges. Various researchers have confirmed that the PoC exploit works to achieve local privilege escalation. “In initial development, it was confirmed that … More →

The post Record Microsoft Patch Tuesday, fresh zero-day appeared first on Help Net Security.