CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added yesterday•13 views

CVE-2026-41234

CVE-2026-41234 affects Froxlor prior to 2.3.7, where the DomainZones.add API does not sanitize newline characters in TXT records. An authenticated user with DNS editing enabled can inject newlines into TXT content, causing the TXT value to break out of the line in the generated BIND zone file. Th...

7.6CVSS5.9AI score

Cvelist•added yesterday•8 views

CVE-2026-41234 Froxlor: BIND Zone File Injection via TXT Record Content

7.6CVSS

Vulnrichment•added yesterday•4 views

CVE-2026-41234 Froxlor: BIND Zone File Injection via TXT Record Content

7.6CVSS5.9AI score

ATTACKERKB•added yesterday•2 views

CVE-2026-41234

8.8CVSS5.9AI score0.00025EPSS

Exploits1References4Affected Software1

EUVD•added yesterday•3 views

EUVD-2026-34313

8.8CVSS5.9AI score0.00025EPSS

Exploits1References3

NVD•added yesterday•4 views

CVE-2025-59874

HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable...

8.1CVSS

Vulnrichment•added yesterday•4 views

CVE-2025-59874 HCL Hive Telco Observability is affected by a Required directives missing from the CSP .

EUVD•added yesterday•6 views

EUVD-2025-210064

ATTACKERKB•added yesterday•3 views

CVE-2025-59874

Exploits0References2Affected Software1

Cvelist•added yesterday•5 views

CVE-2025-59874 HCL Hive Telco Observability is affected by a Required directives missing from the CSP .

8.1CVSS

CVE•added yesterday•7 views

CVE-2025-59874

CVE-2025-59874 affects HCL Hive Telco Observability. The issue is identified as a missing CSP directive in the web application’s Keycloak component, with missing essential directives leaving the site vulnerable. The CVSS v3.1 base metrics indicate a high-severity, network-exploitability risk (AV:...

Positive Technologies•added yesterday•7 views

PT-2026-46217

RedhatCVE•added 2 days ago•9 views

Exploits0References2

CVE-2026-8404

A flaw was found in Django. The django.middleware.cache.UpdateCacheMiddleware component does not correctly process Cache-Control response directives when they use uppercase or mixed-case values. This vulnerability allows a remote attacker to read responses that should not have been cached, leadin...

3.1CVSS5.7AI score0.00038EPSS

Exploits0References6

Github Security Blog•added 2 days ago•7 views

Froxlor: BIND Zone File Injection via TXT Record Content

Summary The DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record line in the generated BIND zone file. This enables injection of arbitra...

8.8CVSS6AI score0.00025EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2 days ago•4 views

CVE-2026-45553

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

7.5CVSS5.7AI score0.00031EPSS

Vulnrichment•added 2 days ago•4 views

CVE-2026-8404 Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

3.1CVSS5.8AI score0.00038EPSS