Lucene search
K

12 matches found

OSV
OSV
added 2026/06/15 7:59 p.m.11 views

GHSA-76MC-F452-CXCM DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`

Hook mutation of data.allowedTags / data.allowedAttributes permanently pollutes DEFAULTALLOWEDTAGS / DEFAULTALLOWEDATTR CWE: CWE-501 Trust Boundary Violation — hook-scoped mutation leaks to global default sets via CWE-693 Protection Mechanism Failure — the default allow-list is silently widened f...

6.1CVSS5.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS5.6AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 10:16 p.m.28 views

UBUNTU-CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS5.9AI score0.00206EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/03/26 9:17 a.m.3 views

SUSE CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS5.8AI score0.0036EPSS
Exploits0References5
NVD
NVD
added 2026/03/25 2:16 p.m.5 views

CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS0.0036EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 2:16 p.m.3 views

DEBIAN-CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS8.5AI score0.0036EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 1:34 p.m.6 views

CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS5.8AI score0.0036EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/25 1:34 p.m.34 views

CVE-2026-3591 A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS0.0036EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 12:0 a.m.4 views

UBUNTU-CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS7.2AI score0.0036EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-4510

Malware in sbrugna...

8.1CVSS7.9AI score0.01353EPSS
Exploits0References5
Prion
Prion
added 2019/03/27 6:29 p.m.19 views

Design/Logic Flaw

When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...

6.8CVSS7.9AI score0.01353EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/03/27 5:26 p.m.25 views

CVE-2018-12550

When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...

7AI score0.01353EPSS
Exploits0References2
Rows per page
Query Builder