Lucene search
+L

440 matches found

Vulnrichment
Vulnrichment
added 2026/04/01 5:25 p.m.4 views

CVE-2026-34397 himmelblau: NSS fake-primary group lookup reintroduces name collision risk

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...

6.3CVSS5.8AI score0.00158EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/01 5:25 p.m.21 views

CVE-2026-34397 himmelblau: NSS fake-primary group lookup reintroduces name collision risk

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...

6.3CVSS0.00158EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.8 views

Himmelblau 安全漏洞

Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. There is a security vulnerability in Himmelblau, which stems from conditional local privilege escalation due to name conflicts in edge scenarios. If the mapped CN or short name matches the name of a...

7CVSS5.8AI score0.00158EPSS
Exploits1References3
NVD
NVD
added 2026/03/20 8:16 p.m.7 views

CVE-2026-4438

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

5.4CVSS0.00205EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/20 7:59 p.m.31 views

CVE-2026-4438 gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

0.00205EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/20 7:59 p.m.35 views

CVE-2026-4437 gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the...

0.00325EPSS
Exploits1References1
OSV
OSV
added 2026/03/19 9:49 p.m.7 views

CVE-2026-30871 OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parsequestion function. The issue is triggered by PTR queries for reverse DNS domains .in-addr.arpa and .ip6.arp...

9.5CVSS6AI score0.01211EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/12 5:19 a.m.4 views

CVE-2026-3904

A flaw was found in glibc. When calling NSS-backed functions that support caching via nscd, the nscd client under high load on x8664 systems may call the memcmp function on inputs that are concurrently modified by other processes or threads, causing a crash and resulting in a denial of service...

6.2CVSS5.7AI score0.00146EPSS
Exploits1References7
OSV
OSV
added 2026/03/12 12:0 a.m.7 views

UBUNTU-CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call th...

6.2CVSS5.8AI score0.00146EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/11 2:16 p.m.4 views

CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...

6.2CVSS5.9AI score0.00146EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/03/11 1:19 p.m.7 views

CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...

6.2CVSS5.4AI score0.00146EPSS
Exploits1
OSV
OSV
added 2026/03/11 1:19 p.m.8 views

CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...

6.2CVSS5.8AI score0.00146EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/03/09 10:54 p.m.2 views

CVE-2026-30919 facileManager Affected by Stored Cross-Site Scripting (XSS)

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS also known as persistent or second-order XSS occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. Thi...

7.6CVSS5.8AI score0.00187EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.11 views

PT-2026-24149

Name of the Vulnerable Software and Affected Versions facileManager versions prior to 6.0.4 Description facileManager is a suite of web applications designed for system administrators. A stored cross-site scripting XSS issue exists in the fmDNS module. This type of attack occurs when an applicati...

7.6CVSS5.7AI score0.00187EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.6 views

NewStart CGSL MAIN 6.06 (SP) : c-ares Vulnerability (NS-SA-2026-0023)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has c-ares packages installed that are affected by a vulnerability: - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames whi...

6.8CVSS7AI score0.02617EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/04 5:49 p.m.6 views

CVE-2026-20067 Multiple Cisco Products Snort 3 TBD Denial of Service Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete error checking...

5.8CVSS6AI score0.00475EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 4:23 p.m.6 views

CVE-2026-22866

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

7.5CVSS0.00177EPSS
Exploits0References3
CVE
CVE
added 2026/02/25 3:47 p.m.14 views

CVE-2026-22866

The CVE-2026-22866 entry describes a Bleichenbacher-style RSA signature forgery flaw in Ethereum Name Service (ENS) DNSSEC tooling. In ENS v1.6.2 and earlier, RSASHA256Algorithm and RSASHA1Algorithm do not validate PKCS#1 v1.5 padding correctly and only compare the trailing 32 (or 20) bytes of th...

7.5CVSS5.5AI score0.00177EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

ENS 数据伪造问题漏洞

ENS is an open-source Ethereum domain name service, involving both registrars and local resolvers. Versions of ENS 1.6.2 and earlier had a vulnerability related to data manipulation. This vulnerability stemmed from the lack of verification of the PKCS1 v1.5 padding structure during RSA signature...

7.5CVSS5.8AI score0.00177EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/02/23 12:0 a.m.173 views

📄 sudo 1.9.17 chroot Privilege Escalation

This Metasploit module exploits CVE-2025-32463, a local privilege escalation vulnerability in Sudo's chroot functionality. The vulnerability allows attackers to load malicious NSS Name Service Switch modules from within a chroot environment, leading to arbitrary code execution as root...

9.3CVSS6.4AI score0.47467EPSS
Exploits70
Rows per page
Query Builder