Log inCVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
19 Mei 2026 om 10:49
Information published.
Normale weergave
Ontvangen β 19 Mei 2026
β
Microsoft Security
-
Microsoft Security
- CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
-
- CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
19 Mei 2026 om 10:49
Information published.
-
- CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
19 Mei 2026 om 10:49
Information published.
-
- CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
19 Mei 2026 om 10:49
Information published.
-
- CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue
CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue
19 Mei 2026 om 10:49
Information published.
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
19 Mei 2026 om 10:49
Information published.
-
- CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
19 Mei 2026 om 10:49
Information published.
-
- CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization
19 Mei 2026 om 10:48
Information published.
-
- CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization
19 Mei 2026 om 10:48
Information published.
-
- CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
19 Mei 2026 om 10:48
Information published.
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification
19 Mei 2026 om 10:48
Information published.
CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability
19 Mei 2026 om 10:48
Information published.
-
- CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
19 Mei 2026 om 10:48
Information published.
-
- CVE-2026-41082 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
CVE-2026-41082 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
19 Mei 2026 om 10:48
Information published.
-
- CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
19 Mei 2026 om 10:48
Information published.
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
19 Mei 2026 om 10:48
Information published.
-
- CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
-
- CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
-
- CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
19 Mei 2026 om 10:48
Information published.
-
- CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
19 Mei 2026 om 10:47
Information published.
-
- CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
-
- CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling
19 Mei 2026 om 10:47
Information published.
-
- CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
19 Mei 2026 om 10:47
Information published.
-
- CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
CVE-2026-4892 CVE-2026-4892
19 Mei 2026 om 10:47
Information published.
-
- CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
CVE-2026-8295 Integer overflow in simdjson
19 Mei 2026 om 10:47
Information published.
CVE-2026-5773 wrong reuse of SMB connection
19 Mei 2026 om 10:47
Information published.
CVE-2026-7168 cross-proxy Digest auth state leak
19 Mei 2026 om 10:47
Information published.
CVE-2026-6253 proxy credentials leak over redirect-to proxy
19 Mei 2026 om 10:46
Information published.
