Lucene search
K

812 matches found

Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.16 views

PT-2026-40622

Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and...

8.6CVSS6.5AI score0.00152EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-42155

Name of the Vulnerable Software and Affected Versions BIND versions 9.11.0 through 9.16.50 BIND versions 9.18.0 through 9.18.48 BIND versions 9.20.0 through 9.20.22 BIND versions 9.21.0 through 9.21.21 BIND versions 9.11.3-S1 through 9.16.50-S1 BIND versions 9.18.11-S1 through 9.18.48-S1 BIND...

9.8CVSS5.8AI score0.01844EPSS
Exploits0References58
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.11 views

From Conceptual Scaffold to Prototype: A Standardized Zonal Architecture for Wi-Fi Security Training

Wi-Fi is the dominant wireless access technology, but its widespread use also exposes systems to threats such as rogue access points, deauthentication attacks, and other IEEE 802.11-specific vulnerabilities. Although Cyber Ranges CRs have become valuable platforms for cybersecurity training and...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/06 9:31 a.m.18 views

CVE-2026-43060

A flaw was found in the Linux kernel's netfilter nftct component. When the nftct module is removed, packets still enqueued in the nfqueue might retain outdated references to connection tracking conntrack zone templates or timeout policies. This can lead to stale references, potentially causing...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from race conditions during the process of removing and reverting hot zones. This vulnerability may le...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.9 views

PT-2026-35808

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows attackers to bypass strict SSRF checks. Attackers can exploit request-time navigation to reach private targets that should be restricted by browser SSRF protections...

6.5CVSS5.2AI score0.00188EPSS
Exploits0References6
NVD
NVD
added 2026/04/23 4:16 a.m.7 views

CVE-2026-41230

Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g.,...

8.5CVSS0.00347EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/23 3:47 a.m.3 views

CVE-2026-41230 Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()

Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g.,...

8.5CVSS5.8AI score0.00347EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/23 3:47 a.m.4 views

CVE-2026-41230

Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g.,...

8.5CVSS5.8AI score0.00347EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/23 3:47 a.m.44 views

CVE-2026-41230 Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()

Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g.,...

8.5CVSS0.00347EPSS
Exploits1References3
CVE
CVE
added 2026/04/23 3:47 a.m.18 views

CVE-2026-41230

CVE-2026-41230 affects Froxlor prior to 2.3.6 through DomainZones::add(), where arbitrary DNS record types and newline-containing content are not sanitized. This allows an authenticated user to inject DNS records and BIND directives (e.g., $INCLUDE, $ORIGIN, $GENERATE) into zone files by submitti...

8.5CVSS5.8AI score0.00347EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 9:38 a.m.7 views

CVE-2026-33258 Crafted zones can cause increased resource usage

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

5.3CVSS5.8AI score0.00583EPSS
Exploits0References1
CVE
CVE
added 2026/04/22 9:38 a.m.14 views

CVE-2026-33258

PowerDNS Recursor is affected by CVE-2026-33258. A flaw allows an attacker to publish and query a crafted zone, causing allocation of large entries in negative and aggressive NSEC3 caches. This can lead to resource usage and potential denial of service; CVSS indicates high impact on availability ...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/22 9:38 a.m.36 views

CVE-2026-33258 Crafted zones can cause increased resource usage

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

5.3CVSS0.00583EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

PowerDNS Recursor(pdns_recursor) 安全漏洞

PowerDNS Recursor pdnsrecursor is a domain name resolution server developed by the Dutch company PowerDNS. There is a security vulnerability in PowerDNS Recursor, which stems from the ability of attackers to publish and query specially crafted zones, resulting in the allocation of large entries i...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.11 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007307)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007307 advisory. In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in ofthermal functions ofparsethermalzones parses the...

5.5CVSS6.3AI score0.00235EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/16 12:47 a.m.7 views

CRLF Injection

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to CRLF Injection via the DomainZones::add process. An attacker can inject arbitrary DNS records and BIND directives into zone files by submitting crafted DNS record types and content...

8.5CVSS5.8AI score0.00347EPSS
Exploits1References2
OSV
OSV
added 2026/04/16 12:47 a.m.25 views

GHSA-47HF-23PW-3M8C Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()

Summary DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g., NAPTR, PTR, HINFO, content validation is entirely bypassed. Embedded...

8.5CVSS5.9AI score0.00347EPSS
Exploits1References5
Oracle linux
Oracle linux
added 2026/04/14 12:0 a.m.9 views

bind9.18 security update

32:9.18.29-5.4 - Correct backport issue in the patch CVE-2026-1519 32:9.18.29-5.3 - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519...

7.5CVSS5.8AI score0.01545EPSS
Exploits0
Hacker One
Hacker One
added 2026/04/05 7:15 a.m.21 views

Revive Adserver: Missing access control when linking banners or campaigns to zones

A missing access control check was identified when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API. This could have allowed a low-privileged user to link their zones to banners or campaigns owned by other managers on...

4.3CVSS5.7AI score0.00235EPSS
Exploits1
Rows per page
Query Builder