NLnet Labs Unbound 安全漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound 1.25.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by mixed records in the authoritative section, leading to cache poisoning. Attackers could...

NLnet Labs Unbound 资源管理错误漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. In versions 1.19.1 to 1.25.0 of NLnet Labs Unbound, there is a resource management vulnerability. This vulnerability stems from incorrect overwriting of target pointers when deep copying data structures in the DNSSE...

FreeBSD : nginx-devel -- multiple vulnerabilities (1ed77d8e-53bb-11f1-b339-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ed77d8e-53bb-11f1-b339-3497f65b111b advisory. The nginx project reports: nginx 1.31.0 fixes multiple security issues affecting HTTP/2...

UBUNTU-CVE-2026-5950

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9 versions 9.18.36 throu...

bind: Resource exhaustion via malformed DNSKEY handling

A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentiall...

Moderate: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Moderate: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: DNSBomb vulnerability CVE-2024-33655 unbound: Unbound domain hijacking via promiscuous records CVE-2025-11411 For more details about the security issues, including the impact, a CVSS...

RHEL 9 : unbound (RHSA-2026:18931)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18931 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: DNSBomb vulnerability...

ALSA-2026:18931 Moderate: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: DNSBomb vulnerability CVE-2024-33655 unbound: Unbound domain hijacking via promiscuous records CVE-2025-11411 For more details about the security issues, including the impact, a CVSS...

eduMFA: Unauthenticated Failcounter Increment on Resolver Tokens via /validate/check

Impact If the resolver parameter is passed, but the user does not exist, all failcounters of tokens in that resolver will be increased. Patches This, along with other issues, was fixed in eduMFA v2.9.1. Workarounds Limiting access to /validate/check to client applications i.e. Shibboleth/FreeRADI...

GHSA-74R7-3MJM-JC5V eduMFA: Unauthenticated Failcounter Increment on Resolver Tokens via /validate/check

Impact If the resolver parameter is passed, but the user does not exist, all failcounters of tokens in that resolver will be increased. Patches This, along with other issues, was fixed in eduMFA v2.9.1. Workarounds Limiting access to /validate/check to client applications i.e. Shibboleth/FreeRADI...

PT-2026-42165

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.18.36 through 9.18.48 BIND 9 versions 9.20.8 through 9.20.22 BIND 9 versions 9.21.7 through 9.21.21 BIND 9 versions 9.18.36-S1 through 9.18.48-S1 BIND 9 versions 9.20.9-S1 through 9.20.22-S1 Description An unbounded resend lo...

PT-2026-42155

Name of the Vulnerable Software and Affected Versions BIND versions 9.11.0 through 9.16.50 BIND versions 9.18.0 through 9.18.48 BIND versions 9.20.0 through 9.20.22 BIND versions 9.21.0 through 9.21.21 BIND versions 9.11.3-S1 through 9.16.50-S1 BIND versions 9.18.11-S1 through 9.18.48-S1 BIND...

BIT-NGINX-GATEWAY-2026-40701 NGINX ngx_http_ssl_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to "on" or "optional," and the sslocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacke...

CVE-2026-44351

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

CVE-2026-44010

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read ever...

CVE-2026-44351

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-45411 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

CVE-2026-44351

CVE-2026-44351 — fast-jwt auth bypass (pre-6.2.4) : The vulnerability exists in fast-jwt’s async key-resolver flow when the resolver returns an empty string or zero-length Buffer. The library may treat this as a valid secret and derive allowedAlgorithms as HS256/HS384/HS512, then verify a JWT aga...

CVE-2026-44351 fast-jwt: Empty HMAC secret accepted via async key resolver - JWT auth bypass

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...