Recent Advisories

Severity ID Title Vendor Product Date Type
NONE MSSECURE:0C0117...

Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms_MSSECURE:0C0117AE434E10AACC147291C44D651A

The endpoint management category is being redefined in real time. Organizations no longer need tools that only inventory devices or enforce configu...

N/A N/A MSSECURE
NONE TALOSBLOG:7A5EA...

Beyond IOCs: AI-enabled threat intelligence_TALOSBLOG:7A5EACBCE90B3C23AAD5D9F502830B62

![Beyond IOCs: AI-enabled threat intelligence](https://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/06/threat_...

N/A N/A TALOSBLOG
CRITICAL 9.3 CF51C38E-52F7-

cve-research_CF51C38E-52F7-5CB5-9ACE-2BCD8F86C0BE

CVE Research Notes and code from going through public CVEs that caught my attention. Each folder has a writeup of how the bug actually worked, a de...

N/A N/A GITHUBEXPLOIT
NONE 2DBFA02A-1FF8-

pentest-cheatsheet_2DBFA02A-1FF8-528D-8CBD-0BB4657AC723

pentest-cheatsheet Commands, techniques and notes for penetration testing — web, AD, network, post-exploitation. Pentest Cheatsheet Commands, techn...

N/A N/A GITHUBEXPLOIT
MEDIUM 6 CVE-2026-6731

X.509 name constraint bypass via Subject CN treated as a DNS name_CVE-2026-6731

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's D...

wolfSSL wolfSSL 3.9.10 CVE
LOW 1 CVE-2026-6681

PKCS#7 decode ignores caller output buffer size, writing past buffer bounds_CVE-2026-6681

The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the pro...

wolfSSL wolfSSL 3.10.0 CVE
HIGH 8.8 CVE-2026-6679

DTLS 1.3 ACK serialization heap buffer overflow via integer truncation_CVE-2026-6679

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due ...

wolfSSL wolfSSL 5.4.0 CVE
LOW 1 CVE-2026-6678

Integer underflow in wc_PKCS7_DecryptOri handling crafted Other Recipient Info_CVE-2026-6678

Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption.

wolfSSL wolfSSL 3.15.5 CVE
LOW 1 CVE-2026-6450

CRL critical extension bypass in ParseCRL_Extensions_CVE-2026-6450

A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not properly enforced, allowing a crafted CRL with an u...

wolfSSL wolfSSL 4.3.0 CVE
LOW 2.3 CVE-2026-6412

Continued acceptance of SHA-1/MD5 digests in certificate processing_CVE-2026-6412

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing.

wolfSSL wolfSSL 3.9.10 CVE