CVE-2026-44608 Use after free and crash under special conditions in RPZ code
Published May 23, 2026
Information published.
Microsoft Security Response Center Blog Alerts
CVE-2026-42959 Crash during DNSSEC validation of malicious content
Published May 23, 2026
Information published.
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section
Published May 23, 2026
Information published.
CVE-2026-32792 Packet of death with DNSCrypt
Published May 23, 2026
Information published.
CVE-2026-41082 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
Published May 19, 2026
Information published.
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Published May 19, 2026
Information published.
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Published May 19, 2026
Information published.
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Published May 19, 2026
Information published.
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Published May 19, 2026
Information published.
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Published May 19, 2026
Information published.
