22088 matches found
Hickory DNS 安全漏洞
Hickory DNS is an open-source DNS client, server, and resolver built in Rust. Versions 0.1 to 0.25.2 of Hickory DNS contain security vulnerabilities. These vulnerabilities stem from cache data that is not directly associated with queries that trigger responses, allowing cross-region poisoning...
Exploit for CVE-2026-3844
CVE-2026-3844 — Breeze Cache move $tempgrava...
CLSA-2026-1776878817 squid: Fix of 13 CVEs
CVE-2018-1000027: fix NULL pointer dereference in clientFollowXForwardedForCheck for transactions without a client connection - CVE-2018-19131: fix XSS via X.509 certificate fields rendered unescaped in SSL error pages - CVE-2019-12520: prevent cache poisoning by suppressing URL userinfo from...
squid: Fix of 13 CVEs
CVE-2018-1000027: fix NULL pointer dereference in clientFollowXForwardedForCheck for transactions without a client connection - CVE-2018-19131: fix XSS via X.509 certificate fields rendered unescaped in SSL error pages - CVE-2019-12520: prevent cache poisoning by suppressing URL userinfo from...
SUSE CVE-2026-31577
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL iassocinode dereference in nilfsmdtsavetoshadowmap The DAT inode's btree node cache iassocinode is initialized lazily during btree operations. However, nilfsmdtsavetoshadowmap assumes iassocinode is already...
SUSE CVE-2026-31668
In the Linux kernel, the following vulnerability has been resolved: seg6: separate dstcache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dstcache per encap route, shared between seg6inputcore and seg6outputcore. These two paths can perform the post-encap SID lookup ...
SUSE SLED15 / SLES15 Security Update : flatpak (SUSE-SU-2026:1600-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1600-1 advisory. - CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox-expose options bsc1261769. -...
Linux Distros Unpatched Vulnerability : CVE-2026-31577
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nilfs2: fix NULL iassocinode dereference in nilfsmdtsavetoshadowmap The DAT inode's btree node cache iassocinode is initialized lazily during btree operations...
CVE-2026-31668
A flaw was found in the Linux kernel's Segment Routing over IPv6 SRv6 lightweight tunnel seg6 lwtunnel. This component incorrectly shares a single destination cache between its input and output processing paths. This allows one path to reuse cached routing information populated by the other,...
CVE-2026-6967
Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...
CVE-2026-41425
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...
PYSEC-2026-25
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...
PYSEC-2026-25
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...
CVE-2026-6967
Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...
CVE-2026-6967 Missing Delegated Metadata Validation in awslabs/tough
Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...
CVE-2026-6967
Affected software: awslabs/tough (before tough-v0.22.0) with delegated metadata validation. Root cause: missing expiration, hash, and length enforcement in delegated metadata validation causing load_delegations to bypass TUF integrity checks for delegated targets metadata. Impact: remote authenti...
CVE-2026-6967 Missing Delegated Metadata Validation in awslabs/tough
Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...
CVE-2026-41425 Authlib: Cross-site request forging when using cache
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...
EUVD-2026-25615
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...
CVE-2026-41425 Authlib: Cross-site request forging when using cache
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...