CVE-2026-44692

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...

EUVD-2026-36117

Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entit...

sharp 安全漏洞

Sharp is a personal development tool by Lovell, designed to convert large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images. Versions of Sharp prior to 9.22.0 contained a security vulnerability. This vulnerability stemmed from the general download endpoint...

MINI-H67R-9X26-9QWQ

Bulletin has no description...

June 9, 2026—KB5094041 (Monthly Rollup)

June 9, 2026—KB5094041 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU only a...

bind-9.20.23-1.1 on GA media (moderate)

bind-9.20.23-1.1 on GA media Announcement ID: openSUSE-SU-2026:10874-1 Rating: moderate Cross-References: CVE-2026-3039 CVE-2026-3592 CVE-2026-5946 CVE-2026-5947 CVE-2026-5950 CVSS scores: CVE-2026-3039 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-3592 SUSE : 5.3...

CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

CVE-2026-3592 Amplification vulnerabilities via self-pointed glue records

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0...

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

CVE-2026-33686 Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...

CVE-2026-3119

Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....

CVE-2026-3591

CVE-2026-3591 - Summary A stack use-after-return vulnerability exists in the BIND 9 named server’s SIG(0) handling. A specially crafted DNS request can cause the ACL to mis-match an IP address, potentially bypassing access controls in default-allow ACLs (where all non-denied IPs are allowed). The...

CVE-2026-3119 Authenticated query containing a TKEY record may cause named to terminate unexpectedly

Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....

CVE-2026-3104

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through...

ISC BIND 9 安全漏洞

ISC BIND 9 is a domain name system software developed by the ISC organization. Vulnerabilities exist in versions 9.20.0 to 9.20.20, 9.21.0 to 9.21.19, and 9.20.9-S1 to 9.20.20-S1 of ISC BIND 9. These vulnerabilities stem from the possibility of memory leaks when special domains are used...

UBUNTU-CVE-2026-3104

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through...

Uncontrolled Recursion

Overview eslint is a pluggable linting utility for JavaScript and JSX Affected versions of this package are vulnerable to Uncontrolled Recursion in the isSerializable function when handling objects with circular references during the serialization process. An attacker can cause the application to...

OPENSUSE-SU-2026:20039-1 Security update for bind

This update for bind fixes the following issues: - Upgrade to release 9.20.15 Security Fixes: CVE-2025-40778: Fixed cache poisoning attacks with unsolicited RRs bsc1252379 CVE-2025-40780: Fixed cache poisoning due to weak PRNG bsc1252380 CVE-2025-8677: Fixed resource exhaustion via malformed DNSK...

CVE-2025-64734

Missing Release of Resource after Effective Lifetime CWE-772 in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific reader, preventing cardholders from badging for entry. This issue affects Command Centre Server: 9.30...

CVE-2025-12352

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...