CoreDNS Loop Detection Denial of Service Vulnerability

Executive Summary A Denial of Service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator PRNG for generating a secret...

CVE-2026-30798

Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Heartbeat sync loop, strategy processing modules allows Protocol Manipulation. This vulnerability is...

CVE-2026-30793

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

Cross-site Scripting (XSS)

Overview defuddle is an Extract article content and metadata from web pages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the findContentBySchemaText fallback in src/defuddle.ts. An attacker can execute arbitrary scripts in consuming applications extensions,...

CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable...

CVE-2026-28799 PJSIP: Heap use-after-free in PJSIP presence subscription termination handler

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework evsub.c that is triggered during presence unsubscription SUBSCRIBE with Expires=0. This issue has been patched i...

CVE-2026-3610

CVE-2026-3610 affects HSC Cybersecurity Mailinspector (up to 5.3.2-3). The issue is in the URL Handler’s file /mailinspector/mliUserValidation.php, where manipulating the argument error_description leads to a cross-site scripting vulnerability. The attack can be performed remotely; exploit public...

(Pwn2Own) Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this vulnerability in that the user must initiate the device pairing process. The specific flaw exists within the handling of...

PT-2026-23722

Name of the Vulnerable Software and Affected Versions CoreDNS versions prior to 1.14.2 Description CoreDNS is a DNS server that utilizes chained plugins. A denial of service condition exists in the loop detection plugin due to a predictable pseudo-random number generator PRNG used for generating ...

GHSA-XXH7-FCF3-RJ7F The Eclipse Jetty Server Artifact has a Gzip request memory leak

Description as reported There is a memory leak when using GzipHandler in jetty-12.0.30 that can cause off-heap OOMs. This can be used for DoS attacks so I'm reporting this as a vulnerability. The leak is created by requests where the request is inflated Content-Encoding: gzip and the response is...

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +432 more potentially affected by CVE-2026-28277 via langgraph (>=0.1.15 <=1.0.10)

langgraph PYPI version =0.1.15, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.0.1, =2.1.7, =0.0.2, =0.0.1, =0.1.1, =0.1.2, =0.0.4, =0.5.5 and more Source cves: CVE-2026-28277 Source advisory: OSV:PYSEC-2026-83...

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

EUVD-2026-9827

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

CVE-2026-30797

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, config import modules allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files...

CVE-2026-30793

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

CVE-2026-30784

...

CVE-2026-30797 RustDesk rustdesk://config/ URI Silently Re-homes Client to Attacker-Controlled Server

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, config import modules allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files...

CVE-2026-30797

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, config import modules allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files...

CVE-2026-30797

CVE-2026-30797 describes a Missing Authorization vulnerability in the RustDesk Client (rustdesk-client) across Windows, macOS, Linux, iOS, and Android. The issue involves the Flutter URI scheme handler and config import modules, permitting Application API Message Manipulation via Man-in-the-Middl...

CVE-2026-30793 RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Confirmation

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...