Service Finder Bookings - Authentication Bypass

Service Finder Bookings WordPress plugin = 6.0 contains a privilege escalation caused by improper validation of user cookie in servicefinderswitchback function, letting unauthenticated attackers login as any user including admins. id: CVE-2025-5947 info: name: Service Finder Bookings -...

CVE-2026-5947 affecting package bind for versions less than 9.20.23-1

CVE-2026-5947 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

BELL-CVE-2026-5947

Bulletin has no description...

DEBIAN-CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

CVE-2026-5947 SIG(0) validation during query flood may lead to undefined behavior

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

CVE-2026-5947

creationtimestamp| type| source ---|---|--- 2026-05-20 07:42:48+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-per-isc-bind-5 2026-05-20 10:23:00+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/isc-bind-security-advisory-av26-490 2026-05-20 14:24:10+00:00| seen|...

CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

ISC BIND 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Vulnerability (cve-2026-5947)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-5947 advisory. - Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming D...

Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit

An Authentication Bypass CVE-2025-5947 in Service Finder Bookings plugin allows any unauthenticated attacker to log in as an administrator. Over 13,800 exploit attempts detected. Update to v6.1 immediately...

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites. The authentication bypass vulnerability, tracked as...

WordPress Service Finder Bookings plugin <= 6.0 - Authentication Bypass via User Switch Cookie vulnerability

Authentication Bypass via User Switch Cookie vulnerability discovered by Foxyyy in WordPress Plugin Service Finder Booking versions = 6.0...

EUVD-2015-5894

Malware in sbrugna...

CVE-2025-5947

creationtimestamp| type| source ---|---|--- 2025-08-01 04:31:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lvcsxn247l2t 2025-10-07 16:44:43+00:00| seen| https://gist.github.com/Darkcrai86/b6a8eee2ed2df4a5d2becbda7f7b6538 2025-10-08 04:16:06+00:00| seen|...

CVE-2020-5947

In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 200...

Deep Sea Electronics DSE855 Remote Authentication Bypass

Deep Sea Electronics DSE855 Remote Authentication Bypass Vendor: Deep Sea Electronics plc Product web page: https://www.deepseaelectronics.com Affected version: Model: DSE855 Software version: 1.0.26 Module version: 1.0.78 Bootloader version: 1.0.3 Firmware version: 1.1.0 Summary: The DSE855...

Deep Sea Electronics DSE855 Remote Authentication Bypass Vulnerability

Deep Sea Electronics DSE855 is vulnerable to configuration disclosure when direct object reference is made to the Backup.bin file using an HTTP GET request. This will enable an attacker to disclose sensitive information and help her in authentication bypass, privilege escalation, and full system...

CVE-2024-5947

Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...

CVE-2023-5947

creationtimestamp| type| source ---|---|--- 2024-02-27 16:26:16+00:00| seen| https://t.me/ctinow/194570 2024-02-27 16:32:16+00:00| seen| https://t.me/ctinow/194579...

K64571774: BIG-IP virtual server TCP sequence numbers vulnerability CVE-2020-5947

Security Advisory Description On specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. CVE-2020-5947 Impact Attackers may be able to spoof TCP packet...