ISC BIND 9.11.3-S1 < 9.18.38-S1 / 9.18.11-S1 < 9.18.38-S1 / 9.20.9-S1 < 9.20.11-S1 Vulnerability (cve-2025-40776)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40776 advisory. - A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning...

ISC BIND 9.20.0 < 9.20.9 / 9.21.0 < 9.21.8 Assertion Failure (cve-2025-40775)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40775 advisory. - When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains a...

PT-2026-7926

Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110...

PT-2026-7918

AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button ...

ISC BIND 9.16.0 < 9.18.41 / 9.16.8-S1 < 9.18.41-S1 / 9.18.0 < 9.18.41 / 9.18.11-S1 < 9.18.41-S1 / 9.20.0 < 9.20.15 / 9.20.9-S1 < 9.20.15-S1 / 9.21.0 < 9.21.14 Vulnerability (cve-2025-40780)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40780 advisory. - In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for a...

ISC BIND 9.11.0 < 9.18.41 / 9.11.3-S1 < 9.18.41-S1 / 9.18.0 < 9.18.41 / 9.18.11-S1 < 9.18.41-S1 / 9.20.0 < 9.20.15 / 9.20.9-S1 < 9.20.15-S1 / 9.21.0 < 9.21.14 Vulnerability (cve-2025-40778)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40778 advisory. - Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forge...

ISC BIND 9.20.0 < 9.20.11 / 9.20.9-S1 < 9.20.11-S1 / 9.21.0 < 9.21.10 Assertion Failure (cve-2025-40777)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40777 advisory. - If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer- client-timeout set to 0 the...

CVE-2026-23906

Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind Vulnerability Description An authentication bypass...

CVE-2026-21528

Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network...

Missing Authentication

Overview org.apache.druid.extensions:druid-basic-security is a basic security package for Apache Druid. Affected versions of this package are vulnerable to Missing Authentication in validateCredentials for LDAP, which does not check passwords for anonymous bind requests. An attacker in possession...

GHSA-Q672-HFC7-G833 Apache Druid Vulnerable to Authentication Bypass

Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...

Apache Druid Vulnerable to Authentication Bypass

Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...

CVE-2026-23906 Apache Druid: Authentication Bypass via LDAP Anonymous Bind

Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...

CVE-2026-23906

Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...

CVE-2026-23906

Summary (CVE-2026-23906) : Apache Druid versions 0.17.0 through 35.x are affected when using the druid-basic-security extension with LDAP authentication and an LDAP server that allows anonymous bind. The vulnerability arises from improper validation of LDAP authentication responses, where anonymo...

CVE-2026-2186

A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public a...

PT-2026-7281

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 7.6.0 through 7.6.4 Description An authentication bypass issue exists in Fortinet FortiOS. This flaw may allow an unauthenticated attacker to bypass LDAP authentication for Agentless VPN or Fortinet Single Sign-On FSS...

CVE-2025-13878 affecting package bind for versions less than 9.20.18-1

CVE-2025-13878 affecting package bind for versions less than 9.20.18-1. An upgraded version of the package is available that resolves this issue...

PT-2026-7140

Name of the Vulnerable Software and Affected Versions Apache Druid versions 0.17.0 through 35.x Description An authentication bypass issue exists in Apache Druid when the druid-basic-security extension is enabled with LDAP authentication. If the underlying LDAP server allows anonymous binds, an...

Fedora: Security Advisory (FEDORA-2026-34c921d252)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...