CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 6 days ago•7 views

MGASA-2026-0163 Updated bind packages fix security vulnerabilities

Updated bind package fixes security vulnerabilities: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 Amplification vulnerabilities via self-pointed glue records CVE-2026-3592 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation CVE-2026-3593...

9.8CVSS5.8AI score0.00143EPSS

NVD•added last week•6 views

CVE-2026-9037

9.3CVSS0.00041EPSS

EUVD•added last week•4 views

EUVD-2026-32951

Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken function in object/tokenoauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revok...

5.7AI score0.00054EPSS

RedhatCVE•added 2026/05/21 12:21 p.m.•6 views

CVE-2026-5947

A flaw was found in BIND. A remote attacker could exploit a race condition during SIG0 signature validation of an incoming DNS message. If the "recursive-clients" limit is reached and the message is discarded, a use-after-free vulnerability may occur. This could lead to undefined behavior and...

7.5CVSS5.7AI score0.00044EPSS

OSV•added 2026/05/20 1:16 p.m.•1 views

ALPINE-CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

5.9CVSS5.8AI score0.00044EPSS

NVD•added 2026/05/20 1:16 p.m.•8 views

CVE-2026-5947

7.5CVSS0.00044EPSS

CVE•added 2026/05/20 1:10 p.m.•16 views

CVE-2026-5947

CVE-2026-5947 describes an undefined behavior due to a race condition in SIG(0) validation during DNS message processing under load. Affected are BIND 9.20.0–9.20.22, 9.21.0–9.21.21, and 9.20.9-S1–9.20.22-S1; versions 9.18.28–9.18.49 and 9.18.28-S1–9.18.49-S1 are not affected. Under a query flood...

7.5CVSS5.8AI score0.00044EPSS

Exploits0References3Affected Software1

EUVD•added 2026/05/20 1:10 p.m.•5 views

EUVD-2026-31110

7.5CVSS5.8AI score0.00044EPSS

OSV•added 2026/05/20 12:0 a.m.•8 views

UBUNTU-CVE-2026-5947

7.5CVSS5.8AI score0.00044EPSS

Exploits0References4

Positive Technologies•added 2026/05/19 12:0 a.m.•4 views

PT-2026-42039

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.33.3 Coder versions prior to 2.32.2 Coder versions prior to 2.31.12 Coder versions prior to 2.30.8 Coder versions prior to 2.29.13 Coder versions prior to 2.24.5 Description The azureidentity.Validate function verifie...

9.1CVSS6AI score

Exploits0References13

EUVD•added 2026/05/11 5:58 p.m.•1 views

EUVD-2026-11304

Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation...

9.1CVSS5.8AI score0.0003EPSS

Snyk•added 2026/05/11 2:48 p.m.•4 views

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize in the parsing of Git objects with malformed or ambiguous commit or tag objects. An attacker can cause inconsistent interpretation of object metadata or signature validation by...

7CVSS5.8AI score0.00007EPSS

CVE•added 2026/05/07 3:0 a.m.•3 views

CVE-2026-41669

Admidio prior to version 5.0.9 suffers a SAML signature validation bypass: validateSignature() can return an error message or false, but its return value is discarded by both handleSSORequest() and handleSLORequest(), so unsigned or invalidly signed AuthnRequests/LogoutRequests are processed like...

Vulnrichment•added 2026/05/07 3:0 a.m.•3 views

CVE-2026-41669 Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

EUVD•added 2026/05/07 3:0 a.m.•4 views

EUVD-2026-28279

Cvelist•added 2026/05/07 3:0 a.m.•28 views

CVE-2026-41669 Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed

8.2CVSS0.00008EPSS

CNNVD•added 2026/05/07 12:0 a.m.•2 views

Admidio 数据伪造问题漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a data manipulation vulnerability. This vulnerability stemm...