Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

OESA-2025-2843 dhcp security update

The Dynamic Host Configuration Protocol DHCP is a network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks. Security Fixes: Unde...

Security update for bind

This update for bind fixes the following issues: CVE-2025-40778: Address various spoofing attacks bsc1252379. CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

SUSE CVE-2025-11411

NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are...

EUVD-2019-3312

Malware in sbrugna...

HPACK table poisoning in gRPC C++, Python & Ruby

...

RHEL 8 : unbound (RHSA-2025:13577)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13577 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Unbound Cache poisoning...

Important: unbound

Issue Overview: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along wit...

unbound -- Cache poisoning via the ECS-enabled Rebirthday Attack

[email protected] reports: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information...

Cache Poisoning

Next.js is vulnerable to Cache Poisoning. The vulnerability is due to improper caching of HTTP 204 responses for static pages, which allows an attacker to poison the cache and cause the 204 response to be served to all users attempting to access the affected page...

CVE-2025-49005

Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...

PT-2023-29999 · Gougucms · Gougucms

Name of the Vulnerable Software and Affected Versions: gougucms version 4.08.18 Description: The issue allows attackers to arbitrarily reset users' passwords via a crafted packet, exploiting a password reset poisoning vulnerability. Recommendations: For gougucms version 4.08.18, update to a versi...

CVE-2023-46393

gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet...

[SECURITY] [DLA 3299-1] node-qs security update

Debian LTS Advisory DLA-3299-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 30, 2023 https://wiki.debian.org/LTS Package : node-qs Version : 6.5.2-1+deb10u1 CVE ID : CVE-2022-24999 Nathanael Braun and Johan Brissaud discovered a prototype poisoning...

Moderate: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

RHEL 7 : bind (RHSA-2023:0402)

"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0402 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

Moderate: dhcp security and enhancement update

The Dynamic Host Configuration Protocol DHCP is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to...

Moderate: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

Moderate: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

RHEL 8 : bind9.16 (RHSA-2022:7643)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7643 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...