CVE-2026-35579

CoreDNS versions prior to 1.14.3 expose a TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports. In gRPC/QUIC, the server checks for a configured TSIG key name but never calls dns.TsigVerify(), so a matching key yields a nil tsigStatus and the request is treated as authenticated rega...

Code-Projects Online Reviewer System 安全漏洞

The Code-Projects Online Reviewer System is an online review system developed by Code-Projects as open source. Versions of the Code-Projects Online Reviewer System prior to version 1.0 contained security vulnerabilities. These vulnerabilities were caused by incorrect handling of parameters in the...

CVE-2024-2749

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting categorie...

PT-2021-7369 · Unknown · Go-Ethereum

Name of the Vulnerable Software and Affected Versions: go-ethereum versions prior to v1.10.8 Description: A consensus-vulnerability in go-ethereum Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. This issue is related to a memory-corruption bug withi...

IMAGE CONQUEST DICOM SERVER 命令注入漏洞

IMAGE CONQUEST DICOM SERVER is IMAGE an open source application. It can store, validate, query and retrieve through programmable SQL database tables. A security vulnerability exists in CONQUEST DICOM SERVER before 1.5.0, which can be exploited by attackers to execute malicious code...

PT-2020-18894 · Google +1 · Libprotobuf +1

Name of the Vulnerable Software and Affected Versions: Valve's Game Networking Sockets versions prior to v1.2.0 Description: The issue arises from improper handling of inlined statistics messages in the CConnectionTransportUDPBase::Received Data function, leading to an exception thrown from...