CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Published May 19, 2026
Information published.
Microsoft Security Response Center Blog Alerts
CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue
Published May 19, 2026
Information published.
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Published May 19, 2026
Information published.
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
Published May 19, 2026
Information published.
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization
Published May 19, 2026
Information published.
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization
Published May 19, 2026
Information published.
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
Published May 19, 2026
Information published.
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification
Published May 19, 2026
Information published.
CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability
Published May 19, 2026
Information published.
CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
Published May 19, 2026
Information published.
