Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting

The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. id: CVE-2024-6517 info: name: Contact Form 7 Math Captcha =...

CVE-2026-12725 Dnsmasq: dnsmasq: heap buffer overflow in log_query() when logging unsupported ds/dnskey replies

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

CVE-2026-12725

CVE-2026-12725 affects dnsmasq. The flaw is a heap-based buffer overflow in the log_query() path when DNSSEC validation and query logging are both enabled and DNS responses contain DS/DNSKEY records with unsupported algorithm or digest types. This can cause dnsmasq to write past the end of an int...

Astra Linux – Vulnerability in the 389-DS-base

A flaw has been discovered in 389-ds-base versions 1.4.x.x prior to 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker who can view the screen or record the terminal’s standard error outpu...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB Server before version 10.7 is vulnerable to Denial of Service attacks. In the file extra/mariabackup/dscompress.cc, when an error occurs i.e., transitioning to the err label during the execution of the createworkerthreads method, the held lock thd-ctrlmutex is not released properly. This...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: phy: It is now possible to allow the MDIO bus’s PM operations to initiate/stop the state machine for the phylink-controlled PHY. There are two types of DSA drivers: 1. Those that call dsaswitchsuspend and dsaswitchresume...

RHSA-2026:26639 Red Hat Security Advisory: redhat-ds:12 security update

Bulletin has no description...

RHSA-2026:26597 Red Hat Security Advisory: redhat-ds:11 security update

Bulletin has no description...

RHSA-2026:26464 Red Hat Security Advisory: 389-ds-base security update

Bulletin has no description...

RHSA-2026:26465 Red Hat Security Advisory: 389-ds-base security update

Bulletin has no description...

RHSA-2026:26463 Red Hat Security Advisory: 389-ds:1.4 security update

Bulletin has no description...

RHSA-2026:26458 Red Hat Security Advisory: redhat-ds:11 security update

Bulletin has no description...

RHSA-2026:26457 Red Hat Security Advisory: 389-ds-base security update

Bulletin has no description...

RHSA-2026:26456 Red Hat Security Advisory: 389-ds-base security, bug fix, and enhancement update

Bulletin has no description...

RHSA-2026:26454 Red Hat Security Advisory: 389-ds:1.4 security update

Bulletin has no description...

RHSA-2026:26453 Red Hat Security Advisory: 389-ds-base security update

Bulletin has no description...

RHSA-2026:26452 Red Hat Security Advisory: 389-ds-base security update

Bulletin has no description...

Important: Red Hat Security Advisory: 389-ds-base security, bug fix, and enhancement update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

CVE-2026-20746

Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values...