Lucene search
K

1769 matches found

OSV
OSV
added 2026/05/21 1:31 a.m.8 views

MAL-2026-4642 Malicious code in polygon-toolkit-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77c6fa5fc2aa45c8649c09e54e0f5b318b096a78a133380d18d5379621ba819c The package presents a Polygon/Polymarket validation/crypto utility but its exported APIs silently relay caller data to a hardcoded remote endpoint. ...

5.9AI score
Exploits0References1
Snyk
Snyk
added 2026/05/20 7:7 p.m.10 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the OCI validator process when upstream rate limits are encountered. An attacker can bypass intended ownership restrictions by exploiting the lack of proper checks during rate-limited conditions. Remediation...

5.1CVSS5.8AI score0.00206EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/20 11:38 a.m.9 views

CVE-2026-42959

A flaw was found in Unbound's DNSSEC validator when constructing chase-reply messages for validation. The code uses the wrong counter to calculate write offsets for ADDITIONAL section resource record sets. When a DNAME chain is combined with authority filtering, an uninitialized array slot is...

8.7CVSS5.7AI score0.00779EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/20 11:38 a.m.8 views

CVE-2026-33278

A flaw was discovered in Unbound’s DNSSEC validator can leave it using an invalid memory pointer after certain DS sub-query validations fail due to NSEC3 budget exhaustion. This may cause crashes and could potentially allow arbitrary code execution...

10CVSS6AI score0.01272EPSS
Exploits0References3
NVD
NVD
added 2026/05/20 10:16 a.m.19 views

CVE-2026-42923

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the...

6.9CVSS0.00339EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 10:16 a.m.9 views

ALPINE-CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

7.5CVSS5.6AI score0.00779EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 10:16 a.m.18 views

CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

8.7CVSS0.00779EPSS
Exploits0References8
OSV
OSV
added 2026/05/20 10:16 a.m.5 views

ALPINE-CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

9.8CVSS6.6AI score0.01272EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 9:20 a.m.41 views

CVE-2026-42959

CVE-2026-42959 affects NLnet Labs Unbound up to version 1.25.0. The vulnerability lies in the DNSSEC validator: while constructing chase-reply messages, the code uses the wrong counter to calculate write offsets for ADDITIONAL section rrsets. This, combined with DNAME duplication increasing the A...

8.7CVSS5.8AI score0.00779EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/20 9:20 a.m.11 views

CVE-2026-42959 Crash during DNSSEC validation of malicious content

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

8.7CVSS5.8AI score0.00779EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 9:20 a.m.8 views

CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

8.7CVSS5.8AI score0.00779EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 9:20 a.m.51 views

CVE-2026-42959 Crash during DNSSEC validation of malicious content

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

8.7CVSS0.00779EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 9:20 a.m.13 views

EUVD-2026-31084

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

8.7CVSS5.8AI score0.00779EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/20 9:20 a.m.13 views

CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

8.7CVSS5.8AI score0.00779EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/20 9:20 a.m.7 views

CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the...

6.9CVSS5.7AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 9:20 a.m.50 views

CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the...

6.9CVSS0.00339EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 9:18 a.m.10 views

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

10CVSS6.5AI score0.01272EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/20 9:18 a.m.53 views

CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

10CVSS0.01272EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/20 9:18 a.m.12 views

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

10CVSS6.5AI score0.01272EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in symfony

symfony/validator is a module for the Symphony PHP framework that provides tools for validating values. It’s possible to trick a Validator configured with a regular expression using the $ metacharacter, especially when the input ends with \n. Starting from versions 5.4.43, 6.4.11, and 7.1.4,...

3.1CVSS5.8AI score0.00465EPSS
Exploits0References2
Rows per page
Query Builder