64 matches found
Commerce Core - Moderately critical - Cross site scripting - SA-CONTRIB-2026-041
The module doesn't sufficiently sanitize customer comments in the order receipt email template; this could be exploited to achieve Cross-site Scripting XSS. This vulnerability is mitigated by the fact that it only affects installations with Checkout commercecheckout enabled, and the "Comments"...
SUSE CVE-2026-33260
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33254
An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default...
CVE-2026-33254 Resource exhaustion via DoQ/DoH3 connections
An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default...
CVE-2026-33254 Resource exhaustion via DoQ/DoH3 connections
An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default...
CVE-2026-33254
An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default...
CVE-2026-33254
CVE-2026-33254 affects PowerDNS DNSdist. An attacker can open a large number of concurrent DoQ/DoH3 connections, causing unbounded memory allocation and denial of service. DoQ/DoH3 are disabled by default, which mitigates impact per the sources; no patch/version details are provided in the docume...
EUVD-2026-24720
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
EUVD-2026-24725
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33257
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33256
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33260
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33260 Insufficient input validation of internal webserver
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33257 Insufficient input validation of internal webserver
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33256 Unbounded memory allocation by internal web server
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33256
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
PT-2026-34436
Name of the Vulnerable Software and Affected Versions DNSdist affected versions not specified Description An attacker can create a large number of concurrent DoQ DNS over QUIC or DoH3 DNS over HTTP/3 connections, causing unlimited memory allocation and leading to a denial of service. DoQ and DoH3...
PT-2026-34324
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is...
PT-2026-34321
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is...
CVE-2026-31923
CVE-2026-31923 affects Apache APISIX (0.7–3.15.0) due to openid-connect plugin tls_verify/ssl_verify being disabled by default, enabling cleartext transmission of sensitive information. The CVSSv3.1 base score is 7.5 (Network attack, Low attack complexity, no privileges or user interaction, Confi...