Lucene search
K

117 matches found

OSV
OSV
added 3 days ago3 views

PYSEC-2026-1137 apache-airflow-providers-apache-drill Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read fil...

8.7CVSS6.7AI score0.01776EPSS
Exploits0References10
OSV
OSV
added 3 days ago3 views

PYSEC-2026-1136 Apache Airflow Drill Provider vulnerable to improper input validation

Apache Software Foundation's Apache Airflow Drill Provider before 2.3.2 is vulnerable to improper input validation because the host passed in drill connection is not sanitized...

8.7CVSS7.1AI score0.02062EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.13 views

SUSE CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

7.5CVSS5.4AI score0.00147EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 5:15 p.m.12 views

EUVD-2026-36080

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic...

5.7CVSS5.4AI score0.00252EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 7:16 a.m.13 views

CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

8.2CVSS0.00147EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 6:37 a.m.44 views

CVE-2026-10846 Insufficient verification that responses belong to a query

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

8.2CVSS0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 6:37 a.m.8 views

CVE-2026-10846 Insufficient verification that responses belong to a query

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

8.2CVSS5.4AI score0.00147EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 6:37 a.m.13 views

EUVD-2026-35991

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

8.2CVSS5.4AI score0.00147EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 6:37 a.m.42 views

CVE-2026-10846

CVE-2026-10846 affects nlnts ldns used as a stub resolver over UDP. FreeBSD advisories confirm that ldns failed to verify response provenance (source IP/port, transaction ID, and question matching), enabling off‑path spoofing of UDP responses and arbitrary data delivery to programs using ldns (e....

8.2CVSS5.4AI score0.00147EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/09 4:0 p.m.6 views

UBUNTU-CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

8.2CVSS5.3AI score0.00147EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-48381

Name of the Vulnerable Software and Affected Versions NLnet Labs ldns versions 1.2.0 through 1.9.0 Description When used in applications as a stub resolver over UDP, the software fails to match the query destination address and port with the response source address and port. Additionally, it does...

8.2CVSS5.2AI score0.00147EPSS
Exploits0References23
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-0015

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01776EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-5833

Malicious code in bioql PyPI...

5.4CVSS5.9AI score0.01105EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2417

Malicious code in bioql PyPI...

9.8CVSS8.4AI score0.00754EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0028

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.02062EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-40391

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of...

10CVSS7.6AI score0.02894EPSS
Exploits1References2
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-35230 Malicious code in test-mlw2-drill-slopy (npm)

The package test-mlw2-drill-slopy was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-8610 Malicious code in @malware-test-drill-chape-windy-aport/test-mlw3-drill-chape-windy-aport (npm)

The package @malware-test-drill-chape-windy-aport/test-mlw3-drill-chape-windy-aport was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in test-mlw2-drill-slopy (npm)

The package test-mlw2-drill-slopy was found to contain malicious code...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:24 a.m.9 views

CVE-2023-48362

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

9.8CVSS7.1AI score0.00754EPSS
Exploits0References1
Rows per page
Query Builder