CVE-2025-11411 affecting package unbound for versions less than 1.19.1-4

CVE-2025-11411 affecting package unbound for versions less than 1.19.1-4. A patched version of the package is available...

WordPress Popup Maker plugin < 1.19.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Popup Maker versions 1.19.1...

AZL-42490 CVE-2024-33655 affecting package unbound for versions less than 1.19.1-3

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service resource consumption by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst which can be considered traffic amplification in some cases, aka the...

AZL-35329 CVE-2023-50868 affecting package unbound for versions less than 1.19.1-1

The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification...

AZL-26869 CVE-2023-31147 affecting package c-ares for versions less than 1.19.1-1

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

AZL-26914 CVE-2023-31130 affecting package c-ares for versions less than 1.19.1-1

c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...