CVE-2026-42579

Summary: CVE-2026-42579 affects the Netty framework’s DNS codec. Affected versions: prior to 4.2.13.Final and 4.1.133.Final. Root cause: DNS encoding/decoding did not enforce RFC 1035 domain name constraints. Impact: potential bidirectional attack surface via malicious DNS responses (decoder) or ...

Netty 输入验证错误漏洞

Netty is a non-blocking I/O client-server framework developed by the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained a vulnerability related to input validatio...

Linux Distros Unpatched Vulnerability : CVE-2026-1035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +170 more potentially affected by CVE-2026-1035 via org.keycloak:keycloak-services (>=10.0.0 <=26.2.5)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.0.1, =1.0.2 and more Source cves: CVE-2026-1035 Source advisory: OSV:GHSA-M2W5-7XHV-W6FH...

CVE-2025-1035

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1...

CVE-2025-13711

creationtimestamp| type| source ---|---|--- 2025-12-01 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-1035/ 2026-01-12 18:07:39+00:00| seen| Telegram/Qn4zDx1gopuoFDdeF2t5YNGl6RathPfNxmtfN1VfQWpYEMo...

EUVD-2021-1035

Malware in sbrugna...

CVE-2021-1035

In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-1035

creationtimestamp| type| source ---|---|--- 2025-02-18 12:15:54+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lihah4hqyk2n 2025-02-18 13:56:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lihg3hftzo2p 2025-02-18 15:08:36+00:00| seen|...

CVE-2025-1035

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1...

CVE-2025-1035

The CVE-2025-1035 entry concerns Komtera Technolgies KLog Server with a Path Traversal vulnerability (versions prior to 3.1.1). The issue arises from improper limitation of a pathname to a restricted directory, allowing manipulation of web input to file system calls. Impact is described as potent...

CVE-2025-1035 Path Traversal in Komtera Technolgies' KLog Server

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1...

CVE-2024-33655

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service resource consumption by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst which can be considered traffic amplification in some cases, aka the...

CVE-2024-33655

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service resource consumption by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst which can be considered traffic amplification in some cases, aka the...

CVE-2024-33655

CVE-2024-33655 affects Unbound, a validating, recursive DNS resolver. Documented details describe DNSBomb: remote attackers can trigger denial of service by accumulating DNS queries so responses burst later, potentially enabling amplification. Multiple advisories reference mitigation via updating...

CVE-2024-33655

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service resource consumption by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst which can be considered traffic amplification in some cases, aka the...

CVE-2024-33655

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service resource consumption by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst which can be considered traffic amplification in some cases, aka the...

CVE-2024-1035

creationtimestamp| type| source ---|---|--- 2024-01-30 17:21:55+00:00| seen| https://t.me/ctinow/176100 2024-02-21 15:42:12+00:00| seen| https://t.me/ctinow/189683...

CVE-2023-1035

creationtimestamp| type| source ---|---|--- 2023-02-25 12:24:57+00:00| seen| https://t.me/cibsecurity/58900...

CVE-2023-1035

CVE-2023-1035 affects SourceCodester Clinics Patient Management System 1.0, with a vulnerability in the update_user.php code path. The issue originates from manipulation of the user_id argument, enabling SQL injection that can be triggered remotely. Exploitation information indicates the vulnerab...