22088 matches found
CVE-2026-33258 Crafted zones can cause increased resource usage
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...
CVE-2026-33258
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...
CVE-2026-33258
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...
CVE-2026-33601 Insufficient validation of zonemd record
If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service...
CVE-2026-33601
If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service...
EUVD-2026-24658
The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the...
org.apache.httpcomponents.client5:httpclient5-cache (=5.6-alpha1), org.apache.httpcomponents.client5:httpclient5-fluent (=5.6-alpha1) +2 more potentially affected by CVE-2026-40542 via org.apache.httpcomponents.client5:httpclient5 (=5.6-alpha1)
org.apache.httpcomponents.client5:httpclient5 MAVEN version =5.6-alpha1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.httpcomponents.client5:httpclient5 and may be impacted: - org.apache.httpcomponents.client5:httpclient5-cache =5.6-alpha1...
CVE-2026-4117
The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the...
CVE-2026-4117 CalJ <= 1.5 - Authenticated (Subscriber+) Arbitrary Settings Modification via 'save-obtained-key' Action
The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the...
CVE-2026-4117
CVE-2026-4117 affects the WordPress CalJ plugin (≤ v1.5). The vulnerability is caused by a missing authorization check in the CalJSettingsPage constructor that processes the POST operation 'save-obtained-key' without verifying the user’s capability or nonce, allowing authenticated users (Subscrib...
Security update for flatpak
This update for flatpak fixes the following issues: CVE-2026-34078: improper processing of app-controlled symlinks by sandbox-expose can lead to sandbox escape, host file access and code execution in the host context bsc1261769. CVE-2026-34079: improper removal of outdated cache files allows for...
SUSE-SU-2026:1541-1 Security update for flatpak
This update for flatpak fixes the following issues: - CVE-2026-34078: improper processing of app-controlled symlinks by sandbox-expose can lead to sandbox escape, host file access and code execution in the host context bsc1261769. - CVE-2026-34079: improper removal of outdated cache files allows...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...
CVE-2026-41133
pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database...
PT-2026-34285
Name of the Vulnerable Software and Affected Versions CalJ versions prior to 1.6 Description The CalJ plugin for WordPress contains a missing authorization flaw. The CalJSettingsPage class constructor processes the 'save-obtained-key' operation from POST data without verifying if the user possess...
OpenFGA 安全漏洞
OpenFGA is an open-source authorization/licensing engine built for developers, inspired by Google Zanzibar. Versions of OpenFGA prior to 1.14.1 contained a security vulnerability. This vulnerability arises from the use of cache conditions in certain scenarios, which may lead to two different chec...