Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7668 matches found

CVE
CVEadded 2026/05/05 8:29 p.m.26 views

CVE-2026-35579

CoreDNS versions prior to 1.14.3 expose a TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports. In gRPC/QUIC, the server checks for a configured TSIG key name but never calls dns.TsigVerify(), so a matching key yields a nil tsigStatus and the request is treated as authenticated rega...

9.8CVSS5.8AI score0.00445EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/05/05 8:29 p.m.24 views

CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...

8.2CVSS0.00445EPSS
Exploits1References1
AlpineLinux
AlpineLinuxadded 2026/05/05 8:29 p.m.5 views

CVE-2026-35579

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...

9.8CVSS5.8AI score0.00445EPSS
Exploits1References1
NVD
NVDadded 2026/05/05 8:16 p.m.5 views

CVE-2026-32936

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS0.00672EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/05/05 7:7 p.m.2 views

CVE-2026-32936

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS5.7AI score0.00672EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2026/05/05 7:7 p.m.4 views

EUVD-2026-27442

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS5.7AI score0.00672EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/05/05 7:7 p.m.1 views

CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS5.7AI score0.00672EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/05/05 7:7 p.m.33 views

CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS0.00672EPSS
Exploits1References2
AlpineLinux
AlpineLinuxadded 2026/05/05 7:7 p.m.5 views

CVE-2026-32936

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS5.7AI score0.00672EPSS
Exploits1References2
CVE
CVEadded 2026/05/05 7:2 p.m.15 views

CVE-2026-33190

CoreDNS TSIG authentication bypass vulnerability (CVE-2026-33190) affects versions prior to 1.14.3 on non-plain-DNS transports. The tsig plugin trusts the transport writer’s TsigStatus() instead of verifying TSIG itself, causing unauthenticated remote access over DoT, DoH, DoH3, DoQ, and gRPC. Do...

8.7CVSS5.8AI score0.00374EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/05/05 5:51 p.m.5 views

GHSA-64CV-VXPR-J6VC edx-enterprise has SSRF via SAML metadata URL in sync_provider_data endpoint

Summary The syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin role can set this field to an arbitrary URL via the SAMLProviderConfigViewSet PATCH endpoint, then trigger...

8.5CVSS6.1AI score0.00301EPSS
Exploits1References4
Circl
Circladded 2026/05/05 11:19 a.m.2 views

CVE-2026-6180

creationtimestamp| type| source ---|---|--- 2026-05-05 11:19:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml42vmaprd2v 2026-05-05 14:35:15+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3ml4fubobns2c...

8.1CVSS5.8AI score0.00228EPSS
Exploits0References2
Packet Storm
Packet Stormadded 2026/05/05 12:0 a.m.43 views

📄 OpenWrt 23.05 Remote Code Execution

OpenWrt version 23.05 suffers from an authenticated remote code execution vulnerability. Exploit Title: OpenWrt 23.05 - Authenticated Remote Code Execution RCE Date: 2026-01-17 Exploit Author: Ahmet Mersin Vendor Homepage: https://github.com/stangri/luci-app-https-dns-proxy Software Link:...

6.4AI score
Exploits0
OSV
OSVadded 2026/05/04 1:12 p.m.5 views

JLSEC-2026-419 When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's...

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

5.9CVSS6.8AI score0.0197EPSS
Exploits1References16
Circl
Circladded 2026/05/04 12:35 a.m.4 views

CVE-2026-7706

creationtimestamp| type| source ---|---|--- 2026-05-04 00:35:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkyghutsvc2n...

5.3CVSS5.8AI score0.00276EPSS
Exploits0References1
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.3 views

Astra Linux – Vulnerability in Squid

A issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, sensitive information about clients using the proxy may be exposed through an HTTPS request to an internal cache manager URL. This issue has been fixed in version 5.7...

6.5CVSS6.5AI score0.0169EPSS
Exploits0References2
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.4 views

Astra Linux – Vulnerability in Perl

CPAN.pm before version 2.35 does not verify TLS certificates when downloading distributions via HTTPS...

8.1CVSS7.6AI score0.01561EPSS
Exploits1References2
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.13 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Security. The supported versions affected include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3, and 22.2.0. This easily exploitable...

5.3CVSS6AI score0.01746EPSS
Exploits0References1
NVD
NVDadded 2026/05/01 11:16 a.m.47 views

CVE-2026-42404

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

7.2CVSS0.00497EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/01 9:46 a.m.3 views

CVE-2026-42404

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

6.5CVSS5.9AI score0.00497EPSS
Exploits0References2
Rows per page
Query Builder