CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•4 views

CVE-2026-6634

A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...

6.5CVSS6AI score0.00014EPSS

RedhatCVE•added yesterday•3 views

CVE-2026-28986

A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination...

7.5CVSS5.4AI score0.00057EPSS

RedhatCVE•added yesterday•4 views

CVE-2026-46723

The additionaltables configuration of the page and ttcontent indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index...

5.9CVSS5.6AI score0.00051EPSS

Positive Technologies•added 3 days ago•8 views

PT-2026-46126

Name of the Vulnerable Software and Affected Versions jupyter enterprise gateway versions prior to 3.3.0 Description Unsafe Jinja2 template rendering allows for Kubernetes manifest injection. The server interpolates untrusted environment variables such as KERNEL XXX into Kubernetes manifests...

10CVSS6.3AI score

Exploits0References6

SUSE CVE•added 2026/05/30 2:6 a.m.•7 views

SUSE CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

7.5CVSS5.8AI score0.00058EPSS

Exploits0References5

CVE•added 2026/05/26 9:32 p.m.•8 views

CVE-2025-46284

CVE-2025-46284 describes a race condition that was mitigated by additional input validation. Public documents identify macOS updates as fixed in Sequoia 15.7 and Tahoe 26, with the potential for an app to gain root privileges prior to the fix. The available sources do not provide exploit details ...

7CVSS5.8AI score0.00005EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/05/26 2:24 p.m.•9 views

CVE-2026-42960

A flaw was found in Unbound's handling of DNS reply messages, complementing the earlier CVE-2025-11411 fix. Unbound accepts and caches address records from the additional section of DNS replies when they accompany authority section RRSets other than NS such as MX records. A malicious actor who ca...

10CVSS5.6AI score0.00027EPSS

RedhatCVE•added 2026/05/20 11:38 a.m.•6 views

CVE-2026-42959

A flaw was found in Unbound's DNSSEC validator when constructing chase-reply messages for validation. The code uses the wrong counter to calculate write offsets for ADDITIONAL section resource record sets. When a DNAME chain is combined with authority filtering, an uninitialized array slot is...

8.7CVSS5.7AI score0.00058EPSS

NVD•added 2026/05/20 10:16 a.m.•5 views

CVE-2026-42959

8.7CVSS0.00058EPSS

ATTACKERKB•added 2026/05/20 9:20 a.m.•6 views

CVE-2026-42959

CVE•added 2026/05/20 9:20 a.m.•14 views

Exploits0References2

CVE-2026-42959

CVE-2026-42959 affects NLnet Labs Unbound up to version 1.25.0. The vulnerability lies in the DNSSEC validator: while constructing chase-reply messages, the code uses the wrong counter to calculate write offsets for ADDITIONAL section rrsets. This, combined with DNAME duplication increasing the A...

Exploits0References1Affected Software1

EUVD•added 2026/05/20 9:20 a.m.•6 views

EUVD-2026-31084

Cvelist•added 2026/05/20 9:20 a.m.•33 views

CVE-2026-42959 Crash during DNSSEC validation of malicious content

8.7CVSS0.00058EPSS

Vulnrichment•added 2026/05/20 9:20 a.m.•8 views

CVE-2026-42959 Crash during DNSSEC validation of malicious content

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в bind9

It is possible to create a zone such that certain queries to it will generate responses containing numerous records in the Additional section. An attacker sending multiple such queries can cause either the authoritative server or an independent resolver to use excessive resources to process the...

7.5CVSS6.4AI score0.04177EPSS

Exploits0References2

Positive Technologies•added 2026/05/20 12:0 a.m.•6 views

PT-2026-42132

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions prior to 1.25.1 Description A denial of service issue exists in the DNSSEC validator. When constructing chase-reply messages for validation, the software uses an incorrect counter to calculate write offsets for...

10CVSS5.8AI score0.00322EPSS

Exploits0References48

UbuntuCve•added 2026/05/20 12:0 a.m.•5 views

CVE-2026-42959

UbuntuCve•added 2026/05/20 12:0 a.m.•5 views

CVE-2026-42960

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...

10CVSS5.7AI score0.00027EPSS

NVD•added 2026/05/19 10:16 a.m.•7 views

CVE-2026-46723

5.9CVSS0.00051EPSS