167 matches found
Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities
Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in Eclipse Netty and Eclipse Vert.x Vulnerability Details CVEID:CVE-2026-45416 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and...
EUVD-2026-31083
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...
CVE-2026-47107
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...
Windmill 安全漏洞
Windmill is a low-code development platform open source by Windmill Labs, Inc. Versions of Windmill prior to 1.703.2 contained security vulnerabilities. These vulnerabilities stemmed from the binding and mounting of directories under /etc in the nsjail sandbox configuration file without any...
Windows Snipping Tool - NTLMv2 Hash Hijack
Exploit Title: Windows Snipping Tool - NTLMv2 Hash Hijack Date: 2026-04-22 Exploit Author: nu11secur1ty Video Demo: https://www.patreon.com/posts/cve-2026-33829-156243398 Vendor Homepage: https://www.microsoft.com Software Link: Built-in Windows Snipping Tool Version: Windows 10, Windows 11,...
Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)
Security Vulnerability Report: DNS Codec Input Validation Bypass in Netty Encoder + Decoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-dns | | Component | io.netty.handler.codec.dns.DnsCodecUtil | |...
Exploit for Improper Restriction of XML External Entity Reference in Cisco Secure_Endpoint
--- tags: hackthebox, linux, hard, cve-2023-23946, cve-2023-200...
Erlang/OTP 安全漏洞
Erlang/OTP is an open-source library written in JavaScript that handles exceptional situations. This library can catch exceptions caused by Node.js’s built-in APIs. Erlang/OTP versions prior to 28.4.2, 27.3.4.10, and 26.2.5.19 have security vulnerabilities; these vulnerabilities stem from the...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Bouncy Castle vulnerabilities (USN-8108-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8108-1 advisory. It was discovered that Bouncy Castle did not sanitize user input when inserting it into an LDAP search...
USN-8108-1 bouncycastle vulnerabilities
It was discovered that Bouncy Castle did not sanitize user input when inserting it into an LDAP search filter. An attacker could possibly use this issue to perform an LDAP injection attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS...
EulerOS 2.0 SP11 : unbound (EulerOS-SA-2026-1623)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement...
MiracleLinux 8 : kernel-4.18.0-240.15.1.el8 (AXSA:2021-1528:05)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1528:05 advisory. kernel: net: bluetooth: heap buffer overflow when processing extended advertising report events CVE-2020-24490 kernel: Asianux only CVE-2020-12351...
EulerOS 2.0 SP10 : unbound (EulerOS-SA-2026-1060)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement...
China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware
A China-linked advanced persistent threat APT group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System DNS requests to deliver its signature MgBot backdoor in attacks targeting victims in Türkiye, China, and India. The activity,...
Evasive Panda APT poisons DNS requests to deliver MgBot
Introduction The Evasive Panda APT group also known as Bronze Highland, Daggerfly, and StormBamboo has been active since 2012, targeting multiple industries with sophisticated, evolving tactics. Our latest research June 2025 reveals that the attackers conducted highly-targeted campaigns, which...
Important: Red Hat Security Advisory: bind security update
An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
Unbound DNS Resolver < 1.24.2 Domain Hijacking Vulnerabilities
Unbound DNS Resolver is prone to a domain hijacking vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
EUVD-2007-4372
Malware in sbrugna...
EUVD-2017-2954
Malware in sbrugna...
EUVD-2023-41305
Malicious code in bioql PyPI...