Lucene search
K

343 matches found

OSV
OSV
added 2026/05/11 3:54 p.m.18 views

GHSA-WFC6-R584-VFW7 Next.js vulnerable to cache poisoning in React Server Component responses

Impact Applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker can cause an RSC response to be served from the original URL and poison shared cache entries so later...

5.4CVSS5.8AI score0.0025EPSS
Exploits0References5
OSV
OSV
added 2026/05/05 2:0 p.m.5 views

UBUNTU-CVE-2026-35192

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSIONSAVEEVERYREQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django serie...

6.5CVSS5.8AI score0.00544EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.6 views

SUSE CVE-2026-33258

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-33258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches. CVE-2026-33258 Note tha...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 12:30 p.m.4 views

EUVD-2026-24721

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

5.3CVSS5.8AI score0.00583EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 10:16 a.m.4 views

DEBIAN-CVE-2026-33258

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

7.5CVSS5.3AI score0.00583EPSS
Exploits0References1
CVE
CVE
added 2026/04/22 9:38 a.m.15 views

CVE-2026-33258

PowerDNS Recursor is affected by CVE-2026-33258. A flaw allows an attacker to publish and query a crafted zone, causing allocation of large entries in negative and aggressive NSEC3 caches. This can lead to resource usage and potential denial of service; CVSS indicates high impact on availability ...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/22 9:38 a.m.36 views

CVE-2026-33258 Crafted zones can cause increased resource usage

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

5.3CVSS0.00583EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/22 9:38 a.m.5 views

CVE-2026-33258

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

7.5CVSS5.2AI score0.00583EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/22 9:38 a.m.11 views

CVE-2026-33258

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

7.5CVSS5.2AI score0.00583EPSS
Exploits0
OSV
OSV
added 2026/04/22 9:38 a.m.1 views

CVE-2026-33258 Crafted zones can cause increased resource usage

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

5.3CVSS5.9AI score0.00583EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

PowerDNS Recursor(pdns_recursor) 安全漏洞

PowerDNS Recursor pdnsrecursor is a domain name resolution server developed by the Dutch company PowerDNS. There is a security vulnerability in PowerDNS Recursor, which stems from the ability of attackers to publish and query specially crafted zones, resulting in the allocation of large entries i...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-34322

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

5.3CVSS5.8AI score0.00583EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 10:16 p.m.6 views

CVE-2026-40942

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS0.00291EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/21 9:9 p.m.32 views

CVE-2026-40942 DSF: Inverted Time Comparison in OIDC JWKS and Token Cache

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS0.00291EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 9:9 p.m.13 views

CVE-2026-40942

The DSF vulnerability CVE-2026-40942 affects the OIDC JWKS and Metadata Document caches (and the OIDC token cache for FHIR client connections) prior to version 2.1.0, where an inverted time comparison (isBefore vs isAfter) caused the cache to never return cached values and never invalidate, resul...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References3
CVE
CVE
added 2026/04/20 9:43 a.m.27 views

CVE-2026-31429

Summary (supported): CVE-2026-31429 affects the Linux kernel, specifically a KFENCE interaction that caused a cross-cache free of KFENCE-allocated skb heads. The root cause was that kfence_ksize() could return the exact allocation size, leading to skb_end_offset matching SKB_SMALL_HEAD_HEADROOM a...

5.5CVSS5.6AI score0.00259EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-31429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: skb: fix cross-cache free of KFENCE-allocated skb head SKBSMALLHEADCACHESIZE is intentionally set to a non-power-of-2 value e.g. 704 on x8664 to avoid...

5.5CVSS6.2AI score0.00259EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/31 11:27 p.m.5 views

SUSE CVE-2026-34042

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

8.2CVSS6.4AI score0.00459EPSS
Exploits0References5
NVD
NVD
added 2026/03/31 3:15 a.m.7 views

CVE-2026-34042

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

8.2CVSS0.00459EPSS
Exploits0References4
Rows per page
Query Builder