Vendor advisories
60 alerts in this category.
Vendor-issued security advisories — the official statements from product vendors about vulnerabilities affecting their software, including patch timelines, workarounds, and detection guidance.
USN-8526-1: libheif vulnerabilities
Xianrui Dong discovered that libheif had an out-of-bounds read in its HEIF sequence track parser. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information
UbuntuCVE-2026-47254Chrome Beta for Desktop Update
Google Chrome Releases published an advisory on "Chrome Beta for Desktop Update". Topic areas: google, chrome, browser, patch. Published July 9, 2026. See the original source linked under References f
GoogleUSN-8523-1: libsoup vulnerabilities
Eric Su and Samuel Dainard discovered that libsoup incorrectly handled content with zero-length resources. An attacker could possibly use this issue to trigger a buffer over-read, resulting in informa
UbuntuCVE-2026-2369USN-8522-1: LibRaw vulnerabilities
It was discovered that LibRaw incorrectly handled certain Nikon RAW image files. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service. (CVE-2026-5342) I
UbuntuCVE-2026-5342USN-8521-1: Libidn vulnerability
It was discovered that Libidn incorrectly handled certain internationalized domain name strings. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service.
Chrome Beta for iOS Update
Google Chrome Releases published an advisory on "Chrome Beta for iOS Update". Topic areas: google, chrome, browser, patch. Published July 9, 2026. See the original source linked under References for t
GoogleChrome Beta for Android Update
Google Chrome Releases published an advisory on "Chrome Beta for Android Update". Topic areas: google, chrome, browser, patch. Published July 9, 2026. See the original source linked under References f
GoogleUSN-8519-1: Go Cryptography vulnerabilities
Jakub Ciolek and Nicola Murino discovered that Go Cryptography incorrectly handled SSH agent responses. An attacker could use this to cause a denial of service. (CVE-2025-47913) Yuichi Watanabe discov
CVE-2025-47913USN-8490-2: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture
LinuxCVE-2026-22984Chrome for Android Update
Google Chrome Releases published an advisory on "Chrome for Android Update". Topic areas: google, chrome, browser, patch. Published July 8, 2026. See the original source linked under References for th
GoogleDSA-6384-1 chromium - security update
https://security-tracker.debian.org/tracker/DSA-6384-1
DebianChrome Stable for iOS Update
Google Chrome Releases published an advisory on "Chrome Stable for iOS Update". Topic areas: google, chrome, browser, patch. Published July 8, 2026. See the original source linked under References for
GoogleCVE-2026-0281 PAN-OS: Information Disclosure Vulnerability in Management Web Interface (Severity: LOW)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0281 PAN-OS: Information Disclosure Vulnerability in Management Web Interface (Severity: LOW)". Topic areas: paloalto, firewal
CVE-2026-0281CVE-2026-0283 PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN) (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0283 PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN) (Severity: MEDIUM)". Topic areas: paloalto, firewa
CVE-2026-0283CVE-2026-0280 PAN-OS: IPv6 Firewall Policy Bypass (Severity: LOW)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0280 PAN-OS: IPv6 Firewall Policy Bypass (Severity: LOW)". Topic areas: paloalto, firewall, vulnerability. Published July 8, 2
CVE-2026-0280CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing (Severity: MEDIUM)". Topic areas: paloalto, firew
CVE-2026-0287CVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI (Severity: MEDIUM)". Topic areas: paloalto, firewall, vulnerability. Publi
CVE-2026-0286PAN-SA-2026-0010 Chromium and Prisma Browser: Monthly Vulnerability Update (July 2026) (Severity: HIGH)
Palo Alto Networks Security Advisories published an advisory on "PAN-SA-2026-0010 Chromium and Prisma Browser: Monthly Vulnerability Update (July 2026) (Severity: HIGH)". Topic areas: paloalto, firewa
CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities (Severity: LOW)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities (Severity: LOW)". Topic areas: paloalto, firewall, vulnerabil
CVE-2026-0279CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface (Severity: LOW)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface (Severity: LOW)". Topic areas: paloalto, firewall, vulner
CVE-2026-0282CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent (Severity: HIGH)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent (Severity: HIGH)". Topic areas: paloalto, firewa
CVE-2026-0288CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface (Severity: MEDIUM)". Topic areas: paloalto,
CVE-2026-0285CVE-2026-0278 Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0278 Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows (Severity: MEDIUM)". Topic areas: paloalto, fi
CVE-2026-0278CVE-2026-0277 Prisma Access Agent: Improper Certificate Validation on iOS (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0277 Prisma Access Agent: Improper Certificate Validation on iOS (Severity: MEDIUM)". Topic areas: paloalto, firewall, vulnera
CVE-2026-0277CVE-2026-0284 PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN) (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0284 PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN) (Severity: MEDIUM)". Topic areas: paloalto, firewall, vuln
CVE-2026-0284USN-8518-1: mailcap vulnerability
Aaron Rainbolt discovered that the cautious-launcher utility in the mailcap package did not properly restrict the execution of certain file types. An attacker could use this issue to escape a sandboxe
USN-8516-1: Apache HTTP Server vulnerabilities
It was discovered that Apache HTTP Server's mod_ldap module incorrectly handled memory when processing per-directory configurations. An attacker could use this issue to cause the server to crash, resu
ApacheCVE-2026-29167USN-8517-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled certain PE files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2026-20213, CVE-202
CVE-2026-20213Stable Channel Update for Desktop
Google Chrome Releases published an advisory on "Stable Channel Update for Desktop". Topic areas: google, chrome, browser, patch. Published July 7, 2026. See the original source linked under Reference
GoogleUSN-8515-1: Addressable vulnerability
It was discovered that Addressable incorrectly handled certain URI templates, generating regular expressions vulnerable to catastrophic backtracking. An attacker could use this issue to craft a URI th
Chrome Dev for Desktop Update
Google Chrome Releases published an advisory on "Chrome Dev for Desktop Update". Topic areas: google, chrome, browser, patch. Published July 6, 2026. See the original source linked under References fo
GoogleUSN-8513-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled SOAP object deduplication when processing apache:Map nodes with duplicate keys. An attacker could possibly use this to cause a use-after-free, resulting
ApacheCVE-2026-6722USN-8502-1: GnuTLS vulnerabilities
It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive informa
UbuntuCVE-2024-0553USN-8512-1: Gzip vulnerabilities
It was discovered that Gzip's gzexe utility handled temporary files in an insecure manner. When the mktemp utility was not available, gzexe constructed a temporary file path based on the process ID, w
CVE-2026-41991USN-8504-1: SOGo vulnerabilities
It was discovered that SOGo did not properly sanitize categories used for events, tasks, and contacts. A remote authenticated attacker could possibly use this issue to perform cross-site scripting att
UbuntuCVE-2025-71276USN-8511-1: socat vulnerabilities
It was discovered that socat incorrectly handled the SOCKS5 proxy server reply parser. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-56123) It was discovered tha
UbuntuCVE-2026-56123USN-8510-1: tar vulnerability
It was discovered that tar incorrectly handled symlinks when extracting archives. An attacker could possibly use this issue to overwrite arbitrary files.
USN-8505-1: Parsl vulnerability
It was discovered that Parsl incorrectly constructed SQL queries using unsafe string formatting with user-supplied input in the parsl-visualize component. A remote attacker could possibly use this iss
USN-8508-1: Linux kernel (NVIDIA) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture
LinuxCVE-2025-71088DSA-6380-1 mediawiki - security update
https://security-tracker.debian.org/tracker/DSA-6380-1
DebianDSA-6381-1 linux - security update
https://security-tracker.debian.org/tracker/DSA-6381-1
LinuxDSA-6379-1 bird3 - security update
https://security-tracker.debian.org/tracker/DSA-6379-1
DebianDSA-6378-1 chromium - security update
https://security-tracker.debian.org/tracker/DSA-6378-1
DebianChromium: CVE-2026-14144 Incorrect security UI in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-14144Chromium: CVE-2026-13930 Insufficient policy enforcement in Actor
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-13930Chromium: CVE-2026-14149 Use after free in Audio
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-14149Chromium: CVE-2026-13984 Incorrect security UI in TabStrip
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-13984Chromium: CVE-2026-14098 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-14098Chromium: CVE-2026-14076 Policy bypass in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-14076Chromium: CVE-2026-14023 Insufficient validation of untrusted input in SanitizerAPI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-14023Chromium: CVE-2026-14006 Use after free in Navigation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-14006Chromium: CVE-2026-13837 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-13837Chromium: CVE-2026-14150 Insufficient validation of untrusted input in Speech
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-14150CVE-2026-56646 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
MicrosoftCVE-2026-56646Chromium: CVE-2026-13821 Use after free in Canvas
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-13821Chromium: CVE-2026-14000 Inappropriate implementation in XML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-14000CVE-2026-45499 Azure OpenAI Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.
AzureCVE-2026-45499Chromium: CVE-2026-14083 Insufficient validation of untrusted input in HTML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-14083Chromium: CVE-2026-13848 Use after free in Forms
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-13848Chromium: CVE-2026-14121 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) f
MicrosoftCVE-2026-14121
Get alerts that match YOUR environment
This page shows everything in the category. Vulnios narrows it down to alerts that affect your actual asset inventory — only the CVEs you need to act on.
Start a free scan