Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
criticalMicrosoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.
Watch items
Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows ยท sorted newest first
Operations viewMicrosoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.
Information published. Information published. Information published.
Information published. Information published. Information published.
Information published. Information published. Information published.
Information published. Information published.
Information published. Information published.
Information published. Information published.
Information published. Information published. Information published.
Information published. Information published.
Information published. Information published. Information published.
Information published. Information published. Information published.
Information published. Information published. Information published.
Information published. Information published.
Information published. Information published.
Information published. Information published.
Information published. Information published. Information published.
Information published. Information published.
Information published. Information published.
Information published. Information published. Information published.
Information published. Information published. Information published.
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
Microsoft SharePoint Server Deserialization of Untrusted Data VulnerabilityMicrosoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network. SharePoint Server | criticalCVE-2026-45659 Critical | active | Jun 30, 2026, 7:00 PM | CISA KEVOpen source |
Global Buffer Overflow in GNU gzip (CVE-2026-41992)Information published. Information published. Information published. Mariner | CVE-2026-41992 Elevated | active | Jun 30, 2026, 3:02 AM | Vendor advisoryOpen source |
attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr (CVE-2026-54371)Information published. Information published. Information published. Mariner | highCVE-2026-54371 High | active | Jun 30, 2026, 3:01 AM | Vendor advisoryOpen source |
WebOb: Location header normalization during redirect leads to open redirect (CVE-2026-44889)Information published. Information published. Information published. Mariner | mediumCVE-2026-44889 Elevated | active | Jun 28, 2026, 3:04 AM | Vendor advisoryOpen source |
Bluetooth: fix memory leak in error path of hci_alloc_dev() (CVE-2026-53252)Information published. Information published. Mariner | CVE-2026-53252 Elevated | active | Jun 27, 2026, 3:19 AM | Vendor advisoryOpen source |
6lowpan: fix off-by-one in multicast context address compression (CVE-2026-53263)Information published. Information published. Mariner | CVE-2026-53263 Elevated | active | Jun 27, 2026, 3:19 AM | Vendor advisoryOpen source |
mm/hugetlb: restore reservation on error in hugetlb folio copy paths (CVE-2026-53154)Information published. Information published. Mariner | CVE-2026-53154 Elevated | active | Jun 27, 2026, 3:18 AM | Vendor advisoryOpen source |
Vim: Out-of-bounds Read with Text Properties (CVE-2026-57454)Information published. Information published. Information published. Mariner | mediumCVE-2026-57454 Elevated | active | Jun 27, 2026, 3:18 AM | Vendor advisoryOpen source |
net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove (CVE-2026-52947)Information published. Information published. Mariner | CVE-2026-52947 Elevated | active | Jun 27, 2026, 3:18 AM | Vendor advisoryOpen source |
Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction (CVE-2026-57453)Information published. Information published. Information published. Mariner | mediumCVE-2026-57453 Elevated | active | Jun 27, 2026, 3:18 AM | Vendor advisoryOpen source |
Vim: Out-of-bounds Read in Text Property Count (CVE-2026-57451)Information published. Information published. Information published. Mariner | mediumCVE-2026-57451 Elevated | active | Jun 27, 2026, 3:18 AM | Vendor advisoryOpen source |
Vim: Out-of-bounds Write in Spell File Prefix Dump (CVE-2026-55892)Information published. Information published. Information published. Mariner | mediumCVE-2026-55892 Elevated | active | Jun 27, 2026, 3:18 AM | Vendor advisoryOpen source |
net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint (CVE-2026-52941)Information published. Information published. Mariner | CVE-2026-52941 Elevated | active | Jun 27, 2026, 3:18 AM | Vendor advisoryOpen source |
net: mvpp2: refill RX buffers before XDP or skb use (CVE-2026-53215)Information published. Information published. Mariner | CVE-2026-53215 Elevated | active | Jun 27, 2026, 3:18 AM | Vendor advisoryOpen source |
ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE (CVE-2026-52944)Information published. Information published. Mariner | CVE-2026-52944 Elevated | active | Jun 27, 2026, 3:18 AM | Vendor advisoryOpen source |
Vim: Arbitrary Code Execution via Python Omni-Completion Docstrings (CVE-2026-57456)Information published. Information published. Information published. Mariner | highCVE-2026-57456 High | active | Jun 27, 2026, 3:18 AM | Vendor advisoryOpen source |
IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN (CVE-2026-53176)Information published. Information published. Mariner | CVE-2026-53176 Elevated | active | Jun 27, 2026, 3:18 AM | Vendor advisoryOpen source |
USB: serial: io_ti: fix heap overflow in get_manuf_info() (CVE-2026-53196)Information published. Information published. Mariner | CVE-2026-53196 Elevated | active | Jun 27, 2026, 3:18 AM | Vendor advisoryOpen source |
Vim: Out-of-bounds Write in Spell File Word Count (CVE-2026-55693)Information published. Information published. Information published. Mariner | highCVE-2026-55693 High | active | Jun 27, 2026, 3:18 AM | Vendor advisoryOpen source |
Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename (CVE-2026-55895)Information published. Information published. Information published. Mariner | highCVE-2026-55895 High | active | Jun 27, 2026, 3:18 AM | Vendor advisoryOpen source |
Vendor watch hub
The Microsoftwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
At a glance
Tracked
Active
Featured
Unique CVEs
Most recent entry
Jun 30, 2026, 7:00 PM
Feed refreshes daily ยท 5:15 a.m. Central
SourcesยทMicrosoft Security Update Guide (MSRC), CISA KEV, and NVD
"Most recent entry" is the newest item the upstream feed has published โ not our sync time.
ITECS response pathways
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Use the microsoft 365 consulting pathway when this vendor alert needs an ITECS-managed response plan.
Connect the vendor watch page to broader managed detection, response, and governance planning.
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
It is the Microsoft-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
Use it to confirm whether current Microsoft issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Yes. ITECS can help map Microsoft advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.