4827 matches found
CVE-2026-52780
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution RCE. This vulnerability is fixed in 17.3.3 and 17.4.1...
CVE-2026-52780 OpenProject: Cache store poisoning leads to Remote Code Execution (RCE)
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution RCE. This vulnerability is fixed in 17.3.3 and 17.4.1...
CVE-2026-52780
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution RCE. This vulnerability is fixed in 17.3.3 and 17.4.1...
PT-2026-52911
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description Cache store poisoning allows for Remote Code Execution RCE, a process where an attacker executes arbitrary code on a remote machine. Recommendations Update t...
Ubuntu 25.10 / 26.04 LTS : containerd-stable vulnerabilities (USN-8473-1)
The remote Ubuntu 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8473-1 advisory. It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : containerd vulnerabilities (USN-8472-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8472-1 advisory. It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibl...
[SECURITY] [DSA 6369-1] pdns-recursor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6369-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 25, 2026 https://www.debian.org/security/faq -...
USN-8472-1 containerd-app vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...
USN-8472-1: containerd vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...
CVE-2026-33612
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning...
USN-8473-1 containerd-stable vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...
EUVD-2026-39352
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning...
CVE-2026-33612
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning...
CVE-2026-33612 ZoneToCache can poison the cache
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning...
CVE-2026-33612
CVE-2026-33612 describes a cache-poisoning vulnerability in a ZoneToCache flow: a malicious authoritative server can craft a zone that is cached, compromising integrity of cached data. The CVSS3.1 metrics indicate Network access, high attack complexity, no privileges required, no user interaction...
CVE-2026-53943
Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...
CVE-2026-53943 Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header
Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...
CVE-2026-53943
The CVE-2026-53943 entry describes a Ghost CMS vulnerability where, on sites behind a shared caching layer, an unauthenticated user can send an x-ghost-preview header that poisons cached responses, altering rendered frontend output. In affected configurations, this cached, request-specific previe...
Astra Linux – Vulnerability in unbound
A vulnerability in caching resolvers called “Rebirthday Attack” has been discovered in resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., with the option --enable-subnet, and when configured to send ECS information along with queries to...
Containerd 2.1.x < 2.1.9 / 2.2.x < 2.2.5 / 2.3.x < 2.3.2 Multiple Vulnerabilities
The version of Containerd on the remote host is 2.1.x prior to 2.1.9, 2.2.x prior to 2.2.5, or 2.3.x prior to 2.3.2. It is, therefore, affected by multiple vulnerabilities: - containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references...