CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2961 matches found

Fedora•added 2025/10/28 1:30 a.m.•8 views

[SECURITY] Fedora 42 Update: unbound-1.24.1-1.fc42

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

7.1CVSS7AI score0.00311EPSS

Exploits0

NCSC•added 2025/10/27 8:24 a.m.•6 views

Vulnerabilities fixed in BIND 9

ISC has fixed vulnerabilities in BIND 9 Specifically for versions 9.16.0 to 9.16.50, 9.18.0 to 9.18.39, 9.20.0 to 9.20.13, and 9.21.0 to 9.21.12. The vulnerabilities are located in BIND 9's DNS resolvers. The first vulnerability allows attackers to inject forged DNS records into the cache, which...

8.6CVSS7.1AI score0.1096EPSS

Exploits1References3

OpenVAS•added 2025/10/27 12:0 a.m.•4 views

Unbound DNS Resolver < 1.24.2 Domain Hijacking Vulnerabilities

Unbound DNS Resolver is prone to a domain hijacking vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.1CVSS6.2AI score0.00311EPSS

Exploits0References4

RedhatCVE•added 2025/10/22 3:58 p.m.•4 views

CVE-2025-8677

A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentiall...

7.5CVSS6.3AI score0.1096EPSS

Exploits0References3

OSV•added 2025/10/22 1:15 p.m.•4 views

AZL-68796 CVE-2025-11411 affecting package unbound for versions less than 1.19.1-4

NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are...

7.1CVSS7.3AI score0.00311EPSS

Exploits0References1

Positive Technologies•added 2025/10/22 12:0 a.m.•2 views

PT-2025-43372

Name of the Vulnerable Software and Affected Versions BIND versions 9.11.0 through 9.16.50 BIND versions 9.18.0 through 9.18.39 BIND versions 9.20.0 through 9.20.13 BIND versions 9.21.0 through 9.21.12 BIND Supported Preview Edition versions 9.11.3-S1 through 9.16.50-S1 BIND Supported Preview...

8.6CVSS5.7AI score0.1096EPSS

Exploits1References157

Snyk•added 2025/10/10 10:41 p.m.•1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to the resolvers.SecretKeyRef process not being used for namespace validation. An attacker can gain unauthorized access to secrets across namespaces by exploiting the lack of proper namespace checks during secr...

8.7CVSS7AI score0.00278EPSS

Exploits0References2

EUVD•added 2025/10/08 5:2 a.m.•3 views

EUVD-2025-31846

A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing manipulation of the argument uname can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made availabl...

7.5CVSS7.3AI score0.00382EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-2025

Malware in sbrugna...

9.8CVSS9.4AI score0.02863EPSS

Exploits1References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-2214

Malware in sbrugna...

7.5CVSS6AI score0.01932EPSS

Exploits0References6