Lucene search
K

86 matches found

EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41416

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41409

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS5.9AI score0.00253EPSS
Exploits0References2
OSV
OSV
added 6 days ago2 views

SUSE-SU-2026:2673-1 Security update for bind

This update for bind fixes the following issues: Security issues: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3593: Heap use-after-free vulnerabilit...

9.8CVSS6.7AI score0.01844EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-55266

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...

7.1CVSS6AI score0.00207EPSS
Exploits0References7
NVD
NVD
added 2026/06/10 10:16 p.m.13 views

CVE-2026-44692

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...

7.7CVSS0.00262EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 8:3 p.m.10 views

EUVD-2026-36117

Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entit...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

sharp 安全漏洞

Sharp is a personal development tool by Lovell, designed to convert large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images. Versions of Sharp prior to 9.22.0 contained a security vulnerability. This vulnerability stemmed from the general download endpoint...

7.7CVSS5.4AI score0.00262EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 2:26 p.m.7 views

MINI-H67R-9X26-9QWQ

Bulletin has no description...

9.1CVSS5.2AI score0.00466EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2026/06/09 2:0 p.m.32 views

June 9, 2026—KB5094041 (Monthly Rollup)

June 9, 2026—KB5094041 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU only a...

9.8CVSS6.2AI score0.21506EPSS
Exploits2
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/29 12:0 a.m.10 views

bind-9.20.23-1.1 on GA media (moderate)

bind-9.20.23-1.1 on GA media Announcement ID: openSUSE-SU-2026:10874-1 Rating: moderate Cross-References: CVE-2026-3039 CVE-2026-3592 CVE-2026-5946 CVE-2026-5947 CVE-2026-5950 CVSS scores: CVE-2026-3039 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-3592 SUSE : 5.3...

7.5CVSS5.8AI score0.0181EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/05/20 1:9 p.m.12 views

CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

9.8CVSS5.8AI score0.01844EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/20 1:9 p.m.75 views

CVE-2026-3592 Amplification vulnerabilities via self-pointed glue records

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0...

5.3CVSS0.00406EPSS
Exploits0References4
NVD
NVD
added 2026/05/19 8:16 p.m.19 views

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS0.00413EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/26 9:54 p.m.1 views

CVE-2026-33686 Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...

8.8CVSS5.7AI score0.00547EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 2:16 p.m.4 views

CVE-2026-3119

Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....

6.5CVSS0.00576EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 1:34 p.m.17 views

CVE-2026-3591

CVE-2026-3591 - Summary A stack use-after-return vulnerability exists in the BIND 9 named server’s SIG(0) handling. A specially crafted DNS request can cause the ACL to mis-match an IP address, potentially bypassing access controls in default-allow ACLs (where all non-denied IPs are allowed). The...

5.4CVSS5.8AI score0.0036EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 1:31 p.m.3 views

CVE-2026-3119 Authenticated query containing a TKEY record may cause named to terminate unexpectedly

Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....

6.5CVSS5.9AI score0.00576EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/03/25 1:29 p.m.2 views

CVE-2026-3104

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through...

7.5CVSS5.8AI score0.00698EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

ISC BIND 9 安全漏洞

ISC BIND 9 is a domain name system software developed by the ISC organization. Vulnerabilities exist in versions 9.20.0 to 9.20.20, 9.21.0 to 9.21.19, and 9.20.9-S1 to 9.20.20-S1 of ISC BIND 9. These vulnerabilities stem from the possibility of memory leaks when special domains are used...

7.5CVSS7.5AI score0.00698EPSS
Exploits0References4
OSV
OSV
added 2026/03/25 12:0 a.m.2 views

UBUNTU-CVE-2026-3104

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through...

7.5CVSS7.3AI score0.00698EPSS
Exploits0References4
Rows per page
Query Builder