CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE Linux•added 4 days ago•5 views

Security update for unbound

This update for unbound fixes the following issues CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. CVE-2026-40622: "Ghost domain name" variant bsc1265581. CVE-2026-41292: Parsing a long list of incoming...

8.6CVSS6.2AI score0.00322EPSS

Exploits0References44

OSV•added 4 days ago•3 views

SUSE-SU-2026:2281-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: 'Ghost domain name' variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.2AI score0.00322EPSS

Exploits0References23

OSV•added last week•6 views

USN-8282-2 unbound vulnerabilities

USN-8282-1 fixed vulnerabilities in Unbound. This update provides the corresponding updates for CVE-2026-41292 in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS and CVE-2026-42959, CVE-2026-42960 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Andr...

10CVSS6.1AI score0.00075EPSS

Exploits0References4

Ubuntu•added last week•10 views

USN-8282-2: Unbound vulnerabilities

10CVSS6.1AI score0.00075EPSS

SUSE CVE•added 2026/05/30 2:7 a.m.•9 views

SUSE CVE-2026-40622

5.9CVSS5.7AI score0.0002EPSS

Exploits0References6

Tenable Nessus•added 2026/05/27 12:0 a.m.•11 views

Amazon Linux 2023 : python3-unbound, unbound, unbound-anchor (ALAS2023-2026-1756)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1756 advisory. NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep...

10CVSS6.4AI score0.00322EPSS

Exploits0References22

Amazon•added 2026/05/26 12:0 a.m.•12 views

Important: unbound

Issue Overview: NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary c...

10CVSS6.6AI score0.00322EPSS

Microsoft CVE•added 2026/05/21 8:2 a.m.•10 views

Another 'ghost domain names' attack variant

...

8.7CVSS5.8AI score0.0002EPSS

OSV•added 2026/05/20 12:20 p.m.•8 views

USN-8282-1 unbound vulnerabilities

Andrew Griffiths discovered that Unbound did not properly handle certain DNSCrypt packets. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service. CVE-2026-32792 Qifan Zhang discovered that Unbound incorrectly handled DNSSEC validation in certa...

10CVSS6.1AI score0.00322EPSS

Exploits0References12

NVD•added 2026/05/20 10:16 a.m.•10 views

CVE-2026-40622

8.7CVSS0.0002EPSS

Vulnrichment•added 2026/05/20 9:18 a.m.•6 views

CVE-2026-40622 Another 'ghost domain names' attack variant

AlpineLinux•added 2026/05/20 9:18 a.m.•6 views

CVE-2026-40622

Debian CVE•added 2026/05/20 9:18 a.m.•9 views

CVE-2026-40622

CVE•added 2026/05/20 9:18 a.m.•17 views

CVE-2026-40622

Affected software: NLnet Labs Unbound (versions 1.16.2 through 1.25.0). Vulnerability: ghost domain names attack that can extend the ghost domain window by up to one cached TTL (cache-max-ttl) by overwriting the cached expired parent‑side referral NS RRset with the child‑side apex NS RRset via a ...

Exploits0References1Affected Software1

EUVD•added 2026/05/20 9:18 a.m.•5 views

EUVD-2026-31080

Cvelist•added 2026/05/20 9:18 a.m.•37 views

CVE-2026-40622 Another 'ghost domain names' attack variant

8.7CVSS0.0002EPSS

ATTACKERKB•added 2026/05/20 9:18 a.m.•6 views

CVE-2026-40622