Microsoft security advisories
60 threat alerts tracking vulnerabilities and security advisories that affect Microsoft products.
Vulnios monitors Microsoft CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent Microsoft security news in one place, or click into an individual alert for full detail.
11th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 11th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Instructure, the US education technology company behin
criticalCVE-2026-4670Chromium: CVE-2026-8015 Inappropriate implementation in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-8015Chromium: CVE-2026-7906 Use after free in SVG
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7906Chromium: CVE-2026-7918 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7918Chromium: CVE-2026-7997 Insufficient validation of untrusted input in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7997Chromium: CVE-2026-7900 Heap buffer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7900Chromium: CVE-2026-7908 Use after free in Fullscreen
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7908Chromium: CVE-2026-8019 Insufficient policy enforcement in WebApp
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-8019Chromium: CVE-2026-7901 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7901Chromium: CVE-2026-8006 Insufficient policy enforcement in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-8006Chromium: CVE-2026-7896 Integer overflow in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7896Chromium: CVE-2026-8021 Script injection in UI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-8021Chromium: CVE-2026-7963 Inappropriate implementation in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7963Chromium: CVE-2026-7943 Insufficient validation of untrusted input in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7943Chromium: CVE-2026-7955 Uninitialized Use in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7955Chromium: CVE-2026-7996 Insufficient validation of untrusted input in SSL
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7996Chromium: CVE-2026-7938 Use after free in CSS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7938Chromium: CVE-2026-7903 Integer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7903Chromium: CVE-2026-8014 Inappropriate implementation in Preload
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-8014Chromium: CVE-2026-7958 Inappropriate implementation in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7958CVE-2026-34327 Microsoft Partner Center Spoofing Vulnerability
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
criticalCVE-2026-34327Chromium: CVE-2026-7952 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7952Chromium: CVE-2026-7933 Out of bounds read in WebCodecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7933Chromium: CVE-2026-7953 Insufficient validation of untrusted input in Omnibox
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7953Chromium: CVE-2026-7960 Race in Speech
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7960Chromium: CVE-2026-7934 Insufficient validation of untrusted input in Popup Blocker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7934Chromium: CVE-2026-7968 Insufficient validation of untrusted input in CORS
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7968Chromium: CVE-2026-7973 Integer overflow in Dawn
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7973Chromium: CVE-2026-7920 Use after free in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7920Chromium: CVE-2026-7911 Use after free in Aura
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7911Chromium: CVE-2026-8010 Insufficient validation of untrusted input in SiteIsolation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-8010Chromium: CVE-2026-7975 Use after free in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7975Chromium: CVE-2026-7902 Out of bounds memory access in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7902Chromium: CVE-2026-7907 Use after free in DOM
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7907Chromium: CVE-2026-7986 Insufficient policy enforcement in Autofill
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7986Chromium: CVE-2026-7964 Insufficient validation of untrusted input in FileSystem
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7964Chromium: CVE-2026-7910 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7910CVE-2026-33823 Microsoft Team Events Portal Information Disclosure Vulnerability
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
criticalCVE-2026-33823CVE-2026-33821 Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
criticalCVE-2026-33821Chromium: CVE-2026-7904 Out of bounds read in Fonts
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7904Chromium: CVE-2026-7923 Out of bounds write in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7923Chromium: CVE-2026-8011 Insufficient policy enforcement in Search
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-8011Chromium: CVE-2026-8016 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-8016Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cache
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7944Chromium: CVE-2026-7974 Use after free in Blink
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7974Chromium: CVE-2026-7926 Use after free in PresentationAPI
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7926Chromium: CVE-2026-7916 Insufficient data validation in InterestGroups
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7916Chromium: CVE-2026-8017 Side-channel information leakage in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-8017Chromium: CVE-2026-7930 Insufficient validation of untrusted input in Cookies
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7930Chromium: CVE-2026-8003 Insufficient validation of untrusted input in TabGroups
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-8003Chromium: CVE-2026-7948 Race in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7948Chromium: CVE-2026-7985 Use after free in GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7985Chromium: CVE-2026-7942 Integer overflow in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7942Chromium: CVE-2026-7947 Insufficient validation of untrusted input in Network
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7947Chromium: CVE-2026-7965 Insufficient validation of untrusted input in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7965Chromium: CVE-2026-8000 Insufficient validation of untrusted input in ChromeDriver
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-8000Chromium: CVE-2026-7966 Insufficient validation of untrusted input in SiteIsolation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7966Chromium: CVE-2026-7945 Insufficient validation of untrusted input in COOP
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7945Chromium: CVE-2026-8009 Inappropriate implementation in Cast
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-8009Chromium: CVE-2026-7982 Uninitialized Use in WebCodecs
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 )
criticalCVE-2026-7982
Showing the 60 most recent. Older alerts are archived but still reachable via search and the main feed.
Track Microsoft exposure across your environment
Vulnios automatically cross-references your asset inventory against new Microsoft CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan