343 matches found
GHSA-WFC6-R584-VFW7 Next.js vulnerable to cache poisoning in React Server Component responses
Impact Applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker can cause an RSC response to be served from the original URL and poison shared cache entries so later...
UBUNTU-CVE-2026-35192
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSIONSAVEEVERYREQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django serie...
SUSE CVE-2026-33258
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...
Linux Distros Unpatched Vulnerability : CVE-2026-33258
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches. CVE-2026-33258 Note tha...
EUVD-2026-24721
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...
DEBIAN-CVE-2026-33258
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...
CVE-2026-33258
PowerDNS Recursor is affected by CVE-2026-33258. A flaw allows an attacker to publish and query a crafted zone, causing allocation of large entries in negative and aggressive NSEC3 caches. This can lead to resource usage and potential denial of service; CVSS indicates high impact on availability ...
CVE-2026-33258 Crafted zones can cause increased resource usage
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...
CVE-2026-33258
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...
CVE-2026-33258
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...
CVE-2026-33258 Crafted zones can cause increased resource usage
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...
PowerDNS Recursor(pdns_recursor) 安全漏洞
PowerDNS Recursor pdnsrecursor is a domain name resolution server developed by the Dutch company PowerDNS. There is a security vulnerability in PowerDNS Recursor, which stems from the ability of attackers to publish and query specially crafted zones, resulting in the allocation of large entries i...
PT-2026-34322
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...
CVE-2026-40942
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...
CVE-2026-40942 DSF: Inverted Time Comparison in OIDC JWKS and Token Cache
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...
CVE-2026-40942
The DSF vulnerability CVE-2026-40942 affects the OIDC JWKS and Metadata Document caches (and the OIDC token cache for FHIR client connections) prior to version 2.1.0, where an inverted time comparison (isBefore vs isAfter) caused the cache to never return cached values and never invalidate, resul...
CVE-2026-31429
Summary (supported): CVE-2026-31429 affects the Linux kernel, specifically a KFENCE interaction that caused a cross-cache free of KFENCE-allocated skb heads. The root cause was that kfence_ksize() could return the exact allocation size, leading to skb_end_offset matching SKB_SMALL_HEAD_HEADROOM a...
Linux Distros Unpatched Vulnerability : CVE-2026-31429
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: skb: fix cross-cache free of KFENCE-allocated skb head SKBSMALLHEADCACHESIZE is intentionally set to a non-power-of-2 value e.g. 704 on x8664 to avoid...
SUSE CVE-2026-34042
act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...
CVE-2026-34042
act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...