349 matches found
CHAOS 5.0.1 'sendCommandHandler' - Cross-Site Scripting
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. id: CVE-2024-31839 info: name: CHAOS 5.0.1 'sendCommandHandler' - Cross-Site Scripting author: riteshs4hu severity:...
GHSA-JPCC-P29G-P8MQ vulnerabilities
Vulnerabilities for packages: chartmuseum, datadog-agent-fips, newrelic-infrastructure-agent, zot, cluster-api-helm-controller, neuvector-scanner, kube-arangodb, gatekeeper, chaos-mesh-fips, google-osconfig-agent, kaniko, trivy-operator, rancher-agent, neuvector-scanner-fips, trivy-fips,...
CVE-2026-47262 vulnerabilities
Vulnerabilities for packages: chartmuseum, datadog-agent-fips, newrelic-infrastructure-agent, zot, cluster-api-helm-controller, neuvector-scanner, kube-arangodb, gatekeeper, chaos-mesh-fips, google-osconfig-agent, kaniko, trivy-operator, rancher-agent, neuvector-scanner-fips, trivy-fips,...
GHSA-XHF5-7WJV-PQXP vulnerabilities
Vulnerabilities for packages: chartmuseum, datadog-agent-fips, newrelic-infrastructure-agent, zot, cluster-api-helm-controller, neuvector-scanner, kube-arangodb, gatekeeper, chaos-mesh-fips, google-osconfig-agent, kaniko, trivy-operator, rancher-agent, neuvector-scanner-fips, trivy-fips,...
CVE-2026-53488 vulnerabilities
Vulnerabilities for packages: chartmuseum, datadog-agent-fips, newrelic-infrastructure-agent, zot, cluster-api-helm-controller, neuvector-scanner, kube-arangodb, gatekeeper, chaos-mesh-fips, google-osconfig-agent, kaniko, trivy-operator, rancher-agent, neuvector-scanner-fips, trivy-fips,...
Malicious code in yelp-react-component-chaos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 711cd262cc670c0e66cf2878b6fa22db21a2e420313a58aa029cbc619f2b27cc On npm install, preinstall.js collects hostname, username, cwd, network interfaces, and the names of environment variables matching...
CVE-2026-36618
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...
CVE-2026-36618
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...
PT-2026-46004
Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...
CVE-2026-36618
Mercusys AC12G (EU) V1 devices (firmware AC12G(EU)_V1_200909) are affected. The issue arises because the DNS resolver (unbound 1.22.0) reveals its version when responding to version.bind CHAOS TXT queries, which can aid targeted attacks against known vulnerabilities. The vulnerability pertains to...
CVE-2026-36618
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...
CVE-2026-36618
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...
Mercusys AC12G 安全漏洞
The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version has a security vulnerability. This vulnerability stems from the response to the CHAOS TXT query, and it may lead to the disclosure of the DNS resolver software...
EUVD-2026-31107
Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN — for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths — recursio...
CVE-2026-5946
Summary of CVE-2026-5946 (CVE entry for named in BIND) : The issue involves the DNS message handling in the BIND 9 recursive resolver (named) when processing DNS classes other than IN (e.g., CHAOS/HESIOD) or non-IN data in questions. According to the sources, specially crafted requests reaching c...
CVE-2026-5946
Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN — for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths — recursio...
CVE-2026-5946 Invalid handling of CLASS != IN
Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN — for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths — recursio...
GHSA-F67M-9J94-QV9J vulnerabilities
Vulnerabilities for packages: chaos-tproxy...
GHSA-F3PG-QWVG-P99C vulnerabilities
Vulnerabilities for packages: chaos-tproxy...
CVE-2021-32714 vulnerabilities
Vulnerabilities for packages: chaos-tproxy...