CVE Feed
- CVE-2026-14615 – Keycloak-services: keycloak: fgap v2 parent group children endpoint bypasses per-child view permission filter July 3, 2026
- CVE-2026-14614 – Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource July 3, 2026
- CVE-2026-14613 – Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission July 3, 2026
- CVE-2026-14612 – Freeipa: ipa: idm: freeipa: off-by-one buffer overflows in ipa-otpd oauth2.c during oauth2 device authorization July 3, 2026
- CVE-2026-49813 – Dell PowerProtect Data Domain OS Command Injection July 3, 2026
- CVE-2026-14460 – Missing Authorization in TUBITAK BILGEM's pardus-software July 3, 2026
- CVE-2026-49814 – Dell PowerProtect Data Domain OS Command Injection July 3, 2026
- CVE-2026-14459 – Argument Injection in TUBITAK BILGEM's pardus-software July 3, 2026
- CVE-2026-49815 – Dell PowerProtect Data Domain OS Command Injection July 3, 2026
- CVE-2026-53478 – Dell PowerProtect Data Domain OS Command Injection July 3, 2026
- CVE-2026-46463 – Dell PowerProtect Data Domain Integer Overflow Denial of Service July 3, 2026
- CVE-2026-46464 – Dell PowerProtect Data Domain Improper Link Resolution Vulnerability July 3, 2026
- CVE-2026-46465 – Dell PowerProtect Data Domain Use of Externally-Controlled Format String Vulnerability July 3, 2026
- CVE-2026-46466 – Dell PowerProtect Data Domain Use of Less Trusted Source Information Tampering July 3, 2026
- CVE-2026-46467 – Dell PowerProtect Data Domain Log Information Exposure July 3, 2026
- CVE-2026-46468 – Dell PowerProtect Data Domain Information Exposure via Improper Link Resolution July 3, 2026
- CVE-2026-56015 – Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length July 3, 2026
- CVE-2026-46730 – Dell PowerProtect Data Domain, versions 7.7.1.0 th July 3, 2026
- CVE-2026-59234 – Authorization Bypass Through User-Controlled Key in Prospero Flow CRM calendar event deletion July 3, 2026
Microsoft Security
- Improving security posture across the Microsoft partner ecosystem July 2, 2026Read how Microsoft strengthens partner ecosystem security with CSP vetting, least privilege access, monitoring, and risk management best practices. The post Improving security posture across the Microsoft partner ecosystem appeared first on Microsoft Security Blog.Raji Dani
- Microsoft named a leader in the Frost Radar for cloud and application runtime security July 1, 2026Frost & Sullivan names Microsoft a leader as cloud and application security converge into unified, runtime risk reduction. The post Microsoft named a leader in the Frost Radar for cloud and application runtime security appeared first on Microsoft Security Blog.Microsoft Security Team
- Accelerating the quantum-safe timeline June 30, 2026We’re accelerating quantum-safe readiness—and sharing what organizations can do now to transition earlier and with confidence. The post Accelerating the quantum-safe timeline appeared first on Microsoft Security Blog.Mark Russinovich
- ​​What’s new in Microsoft Security: June 2026 June 30, 2026This month’s updates help security and IT teams strengthen identity and multicloud foundations, protect data wherever it lives, and secure the developer workflows powering AI innovation. The post ​​What’s new in Microsoft Security: June 2026 appeared first on Microsoft Security Blog.Alym Rayani
- Securing AI agents: When AI tools move from reading to acting June 30, 2026MCP tool poisoning turns trusted AI agents into a control plane for data loss. Learn how threat actors manipulate tool descriptions to trigger unauthorized actions, and how to detect, contain, and prevent it. The post Securing AI agents: When AI tools move from reading to acting appeared first on Microsoft Security Blog.Microsoft Incident Response



