Lucene search
+L

821 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/04 5:47 p.m.11 views

CVE-2026-41234

Froxlor is open source server administration software. Prior to version 2.3.7, the DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record...

8.8CVSS5.9AI score0.00544EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/06/04 5:47 p.m.31 views

CVE-2026-41234

CVE-2026-41234 affects Froxlor prior to 2.3.7, where the DomainZones.add API does not sanitize newline characters in TXT records. An authenticated user with DNS editing enabled can inject newlines into TXT content, causing the TXT value to break out of the line in the generated BIND zone file. Th...

7.6CVSS5.9AI score0.0027EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 5:47 p.m.11 views

EUVD-2026-34313

Froxlor is open source server administration software. Prior to version 2.3.7, the DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record...

8.8CVSS5.9AI score0.00544EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/03 9:2 p.m.15 views

Froxlor: BIND Zone File Injection via TXT Record Content

Summary The DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record line in the generated BIND zone file. This enables injection of arbitra...

8.8CVSS6AI score0.00544EPSS
Exploits1References5Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/30 2:5 a.m.17 views

SUSE CVE-2026-44608

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

5.9CVSS5.7AI score0.00255EPSS
Exploits0References9
OSV
OSV
added 2026/05/28 9:35 a.m.2 views

CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget

In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or ifid-parentblock from the NFS file handle to isofsexportiget, which...

7.5CVSS5.8AI score0.00425EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/05/21 11:53 a.m.14 views

CVE-2026-6474

A flaw was found in PostgreSQL. This vulnerability, an externally-controlled format string in the timeofday function, allows a remote attacker to craft specific timezone zones. Successful exploitation can lead to the retrieval of sensitive portions of server memory, potentially disclosing...

4.3CVSS5.7AI score0.00208EPSS
Exploits0References4
OSV
OSV
added 2026/05/20 1:16 p.m.2 views

CVE-2026-3592

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0...

5.3CVSS6.1AI score0.00406EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: Thermal: Fix NULL pointer dereferencing in ofthermal functions. The function ofparsethermalzones parses the thermal-zone node and registers a thermalzone device for each subnode. However, if a thermal zone uses a thermal senso...

5.5CVSS6.4AI score0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: block: RCU protection for disk-convzonesbitmap It is ensured that revalidating a disk by changing the conventional zones bitmap does not cause invalid memory references when using the helper function diskzoneisconv, with RCU...

5.5CVSS6.2AI score0.00179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.27 views

PT-2026-42125

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.19.1 through 1.25.0 Description A flaw in the DNSSEC validator allows for denial of service and potential remote code execution. The issue occurs during the deep copying of a data structure when DS sub-queries...

10CVSS6.3AI score0.01272EPSS
Exploits0References83
UbuntuCve
UbuntuCve
added 2026/05/14 2:16 p.m.15 views

CVE-2026-6474

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.18 views

CVE-2026-6474

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.8AI score0.00208EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/14 1:0 p.m.73 views

CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 1:0 p.m.6 views

CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 1:0 p.m.12 views

CVE-2026-6474

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 1:0 p.m.106 views

CVE-2026-6474

CVE-2026-6474 involves PostgreSQL's timeofday() function, where an externally-controlled format string can cause memory disclosure. The vulnerability arises from crafted timezone zones and affects PostgreSQL versions before 18.4, 17.10, 16.14, 15.18, and 14.23. The connected documents provide the...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References1Affected Software1
PostrgeSql
PostrgeSql
added 2026/05/14 12:0 a.m.29 views

Vulnerability in core server (CVE-2026-6474)

PostgreSQL timeofday can disclose portions of server memory Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/13 6:30 p.m.11 views

EUVD-2020-31222

Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and...

8.6CVSS6.5AI score0.00152EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 4:16 p.m.10 views

CVE-2020-37221

Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and...

8.6CVSS0.00152EPSS
Exploits0References2
Rows per page
Query Builder