CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/05/19 9:55 p.m.•8 views

dnsmasq: NSEC bitmap parsing infinite loop

A denial of service vulnerability was discovered in dnsmasq's DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap...

7.5CVSS5.8AI score0.00987EPSS

Exploits0References5

OSV•added 2026/05/19 5:1 p.m.•5 views

MGASA-2026-0152 Updated bind packages fix security vulnerabilities

It was discovered that bind contained a vulnerability where a Malformed BRID/HHIT record can cause named to terminate unexpectedly CVE-2025-13878. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-on...

7.5CVSS7.5AI score0.08013EPSS

Exploits0References6

RedHat Linux•added 2026/05/11 8:0 p.m.•12 views

bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone

A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users...

OSV•added 2026/05/11 6:16 p.m.•3 views

ALPINE-CVE-2026-4890

A Denial of Service DoS vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet...

7.5CVSS5.8AI score0.00987EPSS

Exploits0References1

Tenable Nessus•added 2026/04/16 12:0 a.m.•3 views

AlmaLinux 10 : bind (ALSA-2026:8312)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:8312 advisory. bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 Tenable has extracted the preceding description block directly from the...

7.5CVSS5.8AI score0.00824EPSS

RedHat Linux•added 2026/04/15 2:2 p.m.•3 views

bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone

Rockylinux•added 2026/04/15 12:3 p.m.•4 views

bind9.18 security update

An update is available for bind9.18. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Na...

RedHat Linux•added 2026/04/14 5:40 p.m.•3 views

Exploits0

Important: Red Hat Security Advisory: bind9.16 security update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RedHat Linux•added 2026/04/14 5:40 p.m.•29 views

Exploits0References2

bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone

RedHat Linux•added 2026/04/14 2:56 p.m.•2 views

bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone

RedhatCVE•added 2026/03/25 4:22 p.m.•3 views

CVE-2026-1519

7.5CVSS5.8AI score0.00824EPSS

Exploits0References7

Tenable Nessus•added 2026/01/20 12:0 a.m.•5 views

MiracleLinux 8 : dnsmasq-2.79-31.el8_9.2 (AXSA:2024-7620:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7620:02 advisory. dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can...

7.5CVSS7.8AI score0.99995EPSS

Exploits1References3

Tenable Nessus•added 2026/01/14 12:0 a.m.•4 views

MiracleLinux 3 : bind-9.3.6-4.P1.2.1.AXS3 (AXSA:2010-77:01)

"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-77:01 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves hos...

4.3CVSS7.3AI score0.09363EPSS

OSV•added 2025/08/26 5:52 p.m.•4 views

CLSA-2025-1756230743 unbound: Fix of CVE-2023-50868

CVE-2023-50868: avoid availabiluty of the remote attackers to cause a denial of service using DNSSEC...

7.5CVSS7AI score0.82829EPSS

Exploits1References1

Packet Storm News•added 2025/06/24 12:0 a.m.•4 views

Quantum-Resistant Domain Name System: a Comprehensive System-Level Study

The Domain Name System DNS plays a foundational role in Internet infrastructure, yet its core protocols remain vulnerable to compromise by quantum adversaries. As cryptographically relevant quantum computers become a realistic threat, ensuring DNS confidentiality, authenticity, and integrity in t...

6.8AI score

Exploits0

OSV•added 2025/02/10 6:15 p.m.•4 views

UBUNTU-CVE-2025-25188

Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validati...

7.1CVSS5.8AI score0.0026EPSS