Network Services Group

Network Services Group https://validator.w3.org/feed/docs/rss2.html CVE-2026-41636 Apache Thrift: Node.js skip() recursion Blog Welcome to Network Services Group CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls CVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflow CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit() CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service CVE-2025-51480 Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions. CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations CVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW error CVE-2026-40622 Another 'ghost domain names' attack variant CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs CVE-2026-42534 Jostle logic bypass degrades resolution performance CVE-2026-41292 Long list of incoming EDNS options degrades performance 7 Windows 11 features SMBs should use Elevating search rankings through smart image optimization CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation 5 Ways softphones help businesses work smarter CVE-2026-41035 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka –xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable. CVE-2026-44608 Use after free and crash under special conditions in RPZ code CVE-2026-42959 Crash during DNSSEC validation of malicious content CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section CVE-2026-32792 Packet of death with DNSCrypt CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle). CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG). CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session. CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern CVE-2026-41082 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. How to pick an EMR system that actually works for your practice CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()" CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding