7665 matches found
CVE-2026-24218
creationtimestamp| type| source ---|---|--- 2026-05-20 20:52:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcrw542q32e 2026-05-22 22:00:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmhwoqlnxh2l...
CVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...
CVE-2026-3593
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...
CVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...
EUVD-2026-31108
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...
CVE-2026-3593
A use-after-free vulnerability exists in BIND 9’s DNS-over-HTTPS implementation. Affected: BIND 9.20.0–9.20.22, 9.21.0–9.21.21, and 9.20.9-S1–9.20.22-S1. Not affected: 9.18.0–9.18.48 and 9.18.11-S1–9.18.48-S1. Impact: memory corruption with potential denial of service or code execution (per Red H...
CVE-2026-3593
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...
CVE-2026-46635
creationtimestamp| type| source ---|---|--- 2026-05-20 10:30:36+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbp6odfv62o...
Astra Linux - уязвимость в firefox
If an attacker needed a user to load an insecure http: page and knew that the user had enabled HTTPS-only mode, the attacker could trick the user into clicking to grant an HTTPS-only exception, provided they could get the user to participate in a clicking game. This vulnerability affects Firefox...
Astra Linux - уязвимость в busybox
Busybox contains a vulnerability related to SSL certificate validation. This vulnerability exists in the “busybox wget” applet, and it can lead to the execution of arbitrary code. This vulnerability appears to be exploitable by simply downloading any file over an HTTPS connection using “busybox...
MAL-2026-4543 Malicious code in customerdigital-ui-containers-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a314a5b253dcb30b2781bda216266b7ab1b49b62eec416bd9be07b48ab46a348 On npm install, postinstall.js collects git identity, OS user/uid, hostname, internal network interface addresses, Cloudflare Pages environment...
ISC BIND 9 资源管理错误漏洞
ISC BIND 9 is a domain name system software developed by the ISC organization. ISC BIND 9 has a resource management vulnerability, which stems from the reuse of resources after release in the DNS-over-HTTPS implementation. The following versions are affected: 9.20.0 to 9.20.22, 9.21.0 to 9.21.21,...
CVE-2026-3593
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...
MAL-2026-4693 Malicious code in to-cms (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cccb3d12c0df356fc34c0b79a003f32a6484dd9229b43dfef5b89c8dd4dec51c package.json declares postinstall: node index.js. On npm install, index.js unconditionally HTTPS-GETs https://meet-fr.com/ChromeSetup.exe, writes it ...
CVE-2026-47107
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...
EUVD-2026-30958
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...
RHEL 9 : libsoup (RHSA-2026:19356)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19356 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext...
PT-2026-41986
Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.703.2 Description Incorrect default permissions in nsjail sandbox configuration files allow the /etc directory to be bind-mounted without read-write restrictions. This enables authenticated users to write arbitrary...
webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Impact When webpack-dev-server is running on a non-HTTPS origin the default, cross-origin requests from malicious websites can load the dev server's JavaScript bundles via tags. The fix introduced in v5.2.1 CVE-2025-30359 relied on Sec-Fetch-Mode and Sec-Fetch-Site request headers to block these...
CVE-2026-3637
creationtimestamp| type| source ---|---|--- 2026-05-18 08:30:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm4hj6o32x2p...