Microsoft Security Response Center Blog Alerts

CVE-2025-51480 Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.

Published May 23, 2026

Information published.

CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options

Published May 23, 2026

Information published.

CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations

Published May 23, 2026

Information published.

CVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW error

Published May 23, 2026

Information published.

CVE-2026-40622 Another 'ghost domain names' attack variant

Published May 23, 2026

Information published.

CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs

Published May 23, 2026

Information published.

CVE-2026-42534 Jostle logic bypass degrades resolution performance

Published May 23, 2026

Information published.

CVE-2026-41292 Long list of incoming EDNS options degrades performance

Published May 23, 2026

Information published.

CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation

Published May 23, 2026

Information published.

CVE-2026-41035 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka –xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.

Published May 23, 2026

Information published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

AbuseIPDB Contributor Badge

© 2026, Network Services Group |  216.73.217.140
Contributor,  Detroit Internet Exchange