Common Vulnerabilities and Exposures (CVE)

CVE-2026-10668

Jul 12, 2026 16:16:51 UTC

The Nuvoton NuMaker HSUSBD USB device-controller driver (drivers/usb/udc/udc_numaker.c) armed the control Data IN stage unconditionally (base->CEPTXCNT = len in numaker_hsusbd_ep_trigger). Because the HSUSBD hardware cannot disarm a control...

CVE-2026-10667

Jul 12, 2026 16:16:50 UTC

Zephyr's dynamic kernel-object tracking (kernel/userspace/userspace.c, formerly kernel/userspace.c) maintains a doubly-linked list (obj_list) of dynamically allocated kernel objects. Iteration over this list in k_object_wordlist_foreach() w...

CVE-2026-10666

Jul 12, 2026 16:16:50 UTC

parse_ipv4() in subsys/net/ip/utils.c (reached via net_ipaddr_parse() for strings of the form "a.b.c.d:port") copies the port substring into a fixed 17-byte stack buffer (char ipaddr[NET_IPV4_ADDR_LEN + 1]) using a length of str_len - end -...

CVE-2026-10665

Jul 12, 2026 16:16:49 UTC

In Zephyr's WireGuard subsystem (subsys/net/lib/wireguard), wg_process_data_message() in wg_crypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIG_WIREGUARD_BUF_LEN bytes before decryption. The call net_buf...

CVE-2026-10664

Jul 12, 2026 16:16:49 UTC

The nRF70 Wi-Fi driver's power-save event handler nrf_wifi_event_proc_get_power_save_info() in drivers/wifi/nrf_wifi/src/wifi_mgmt.c copied TWT (Target Wake Time) flow entries from an nrf_wifi_umac_event_power_save_info event into the fixed...

CVE-2026-10663

Jul 12, 2026 16:16:48 UTC

In Zephyr's experimental USB host stack (CONFIG_USB_HOST_STACK), usbh_device_disconnect() (subsys/usb/host/usbh_device.c) freed the root usb_device slab object without clearing the cached pointer ctx->root. The bus removal handler dev_remov...

CVE-2025-12613

Jul 12, 2026 15:25:24 UTC

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to...

CVE-2026-58596

Jul 12, 2026 15:22:59 UTC

Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-58525

Jul 12, 2026 15:22:57 UTC

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-58291

Jul 12, 2026 15:22:56 UTC

Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

CVE-2026-45489

Jul 12, 2026 15:22:55 UTC

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2026-54998

Jul 12, 2026 15:22:55 UTC

Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

CVE-2026-58281

Jul 12, 2026 15:22:54 UTC

Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58597

Jul 12, 2026 15:22:54 UTC

Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58524

Jul 12, 2026 15:22:53 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.