Lucene search
+L

342 matches found

nvd
nvd
added 2026/06/25 2:16 p.m.7 views

CVE-2026-42389

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS0.00175EPSS
Exploits0References1
nvd
nvd
added 2026/06/25 2:16 p.m.10 views

CVE-2026-40012

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS0.00305EPSS
Exploits0References1
euvd
euvd
added 2026/06/25 1:16 p.m.8 views

EUVD-2026-39388

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/25 1:16 p.m.6 views

CVE-2026-42389

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS5.8AI score0.00175EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/06/25 12:58 p.m.8 views

CVE-2026-40012

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS5.8AI score0.00305EPSS
Exploits0
cvelist
cvelist
added 2026/06/25 12:58 p.m.31 views

CVE-2026-40012 Information about ECS zero scoped answers might leak to clients that use a specific ECS

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS0.00305EPSS
Exploits0References1
cve
cve
added 2026/06/25 12:58 p.m.23 views

CVE-2026-40012

The vulnerability CVE-2026-40012 affects configurations with ECS enabled, where ECS zero-scoped answers are stored in the packet cache instead of being properly restricted, potentially leaking to clients. The issue has a network-based attack surface with low confidentiality impact (CVSS v3.1: 5.3...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/25 12:58 p.m.6 views

CVE-2026-40012

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS5.9AI score0.00305EPSS
Exploits0
euvd
euvd
added 2026/06/25 12:58 p.m.6 views

EUVD-2026-39356

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References1
osv
osv
added 2026/06/25 12:58 p.m.3 views

CVE-2026-40012 Information about ECS zero scoped answers might leak to clients that use a specific ECS

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS6AI score0.00305EPSS
Exploits0References5
osv
osv
added 2026/06/19 8:47 p.m.8 views

GHSA-X845-2F78-7V36 Blocky DNSSEC validation bypass and validation-cache scope pollution

Summary Blocky accepts and caches forged DNS answers while dnssec.validate: true is enabled. The issue has two related exploit paths: 1. Basic DNSSEC validation bypass. If an untrusted upstream returns an unsigned positive answer for a DNSSEC-signed public domain, Blocky classifies the response a...

8.6CVSS5.9AI score
Exploits0References2
snyk
snyk
added 2026/06/09 10:23 a.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

7.1CVSS5.3AI score0.00325EPSS
Exploits0References2
snyk
snyk
added 2026/06/09 10:23 a.m.8 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

7.1CVSS5.3AI score0.00325EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:35 p.m.11 views

CVE-2026-5797

The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...

5.3CVSS5.8AI score0.00519EPSS
Exploits0References1
nvd
nvd
added 2026/05/22 7:17 p.m.13 views

CVE-2026-39967

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...

3.1CVSS0.00186EPSS
Exploits0References3
osv
osv
added 2026/05/22 6:36 p.m.2 views

CVE-2026-39967 TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...

3.1CVSS5.9AI score0.00186EPSS
Exploits0References5
redhat
redhat
added 2026/05/19 1:52 p.m.12 views

unbound: DNSBomb vulnerability

A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the...

7.5CVSS6.9AI score0.01743EPSS
Exploits0References5
redhat
redhat
added 2026/05/19 9:14 a.m.14 views

unbound: DNSBomb vulnerability

A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the...

7.5CVSS6.9AI score0.01743EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/15 6:36 p.m.7 views

CVE-2026-46363

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQADD permission to inject malicious script tags via question or answer...

5.4CVSS5.7AI score0.00153EPSS
Exploits0References3
cve
cve
added 2026/05/15 6:36 p.m.24 views

CVE-2026-46363

CVE-2026-46363 affects phpMyFAQ prior to 4.1.2. It is a stored XSS in FAQ creation and update endpoints where sanitization is bypassed through encode–decode cycles. Exploitation requires authenticated access with the FAQ_ADD permission; an attacker can inject malicious script tags via question or...

5.4CVSS5.7AI score0.00153EPSS
Exploits0References2
Rows per page
Query Builder