CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Published May 10, 2026
Information published.
Microsoft Security Response Center Blog Alerts
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
Published May 10, 2026
Information published.
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Published May 10, 2026
Information published.
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Published May 10, 2026
Information published.
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Published May 10, 2026
Information published.
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Published May 10, 2026
Information published.
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Published May 10, 2026
Information published.
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Published May 10, 2026
Information published.
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Published May 10, 2026
Information published.
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Published May 10, 2026
Information published.
