CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/20 1:9 p.m.•4 views

CVE-2026-3592

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0...

5.3CVSS5.8AI score0.00024EPSS

Exploits0References5Affected Software1

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в bind9

In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions of BIND 9 Supported Preview Edition such as 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1, as well as the release version 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a...

6.5CVSS7AI score0.01018EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в mariadb-10.3

It has been discovered that MariaDB Server v10.9 and earlier contain a segmentation fault through the component sql/itemcmpfunc.cc...

7.5CVSS7AI score0.00137EPSS

Exploits1References2

CNNVD•added 2026/05/20 12:0 a.m.•5 views

ISC BIND 9 安全漏洞

ISC BIND 9 is a domain name system software developed by the ISC organization. ISC BIND 9 has a security vulnerability that stems from the parser’s susceptibility to resource exhaustion attacks. If a victim’s parser sends queries to a specially crafted zone, the parser will consume disproportiona...

5.3CVSS5.8AI score0.00024EPSS

SUSE CVE•added 2026/03/26 9:18 a.m.•2 views

SUSE CVE-2026-3119

Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....

EUVD•added 2026/03/25 3:31 p.m.•1 views

Exploits0References5

EUVD-2026-15413

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS5.8AI score0.00027EPSS

EUVD•added 2026/03/25 3:31 p.m.•2 views

EUVD-2026-15411

Vulnrichment•added 2026/03/25 1:34 p.m.•0 views

CVE-2026-3591 A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass

5.4CVSS5.8AI score0.00027EPSS

Exploits0References3

CVE•added 2026/03/25 1:31 p.m.•7 views

CVE-2026-3119

CVE-2026-3119 affects ISC BIND 9: when processing a correctly signed query containing a TSIG-signed TKEY, named may crash (terminate unexpectedly). Affected versions: 9.20.0–9.20.20, 9.21.0–9.21.19, and 9.20.9-S1–9.20.20-S1. Unaffected: 9.18.0–9.18.46 and 9.18.11-S1–9.18.46-S1. The issue requires...

Exploits0References3Affected Software1

OSV•added 2026/03/14 12:0 p.m.•3 views

RUSTSEC-2026-0040 `tracing-ethers` was removed from crates.io due to malicious code

The tracing-ethers crate attempted to exfiltrate ssh keys to an app hosted on vercel.app The malicious crate had 9 version published on 2026-03-09 approximately 5 days before removal and had no evidence of actual downloads. There were no crates depending on this crate on crates.io. Thanks to the...

5.8AI score

Exploits0References2

RustSec•added 2026/03/14 12:0 p.m.•7 views

`tracing-ethers` was removed from crates.io due to malicious code

5.8AI score

Exploits0

OSV•added 2026/01/21 3:16 p.m.•0 views

ALPINE-CVE-2025-13878

Malformed BRID/HHIT records can cause named to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1...

7.5CVSS5.5AI score0.00047EPSS

Cvelist•added 2026/01/21 2:43 p.m.•16 views

CVE-2025-13878 Malformed BRID/HHIT records can cause named to terminate unexpectedly

7.5CVSS0.00047EPSS

Vulnrichment•added 2026/01/21 2:43 p.m.•3 views

CVE-2025-13878 Malformed BRID/HHIT records can cause named to terminate unexpectedly

7.5CVSS5.4AI score0.00047EPSS

NVD•added 2026/01/10 3:15 a.m.•7 views

CVE-2025-61686

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...

9.1CVSS0.00036EPSS

Positive Technologies•added 2026/01/01 12:0 a.m.•4 views

PT-2026-27773

Name of the Vulnerable Software and Affected Versions BIND versions 9.20.0 through 9.20.20 BIND versions 9.21.0 through 9.21.19 BIND versions 9.20.9-S1 through 9.20.20-S1 Description BIND may terminate unexpectedly when processing a correctly signed query containing a TKEY record. This issue occu...

Positive Technologies•added 2026/01/01 12:0 a.m.•1 views

Exploits0References35

PT-2026-27775

Name of the Vulnerable Software and Affected Versions BIND versions 9.20.0 through 9.20.20 BIND versions 9.21.0 through 9.21.19 BIND versions 9.20.9-S1 through 9.20.20-S1 Description A use-after-return issue exists in the named server when processing DNS queries signed with SIG0. A crafted DNS...

5.4CVSS5.8AI score0.00027EPSS

Exploits0References38

Positive Technologies•added 2025/11/19 12:0 a.m.•4 views

PT-2025-47454

Name of the Vulnerable Software and Affected Versions Automated Logic WebCTRL and Carrier i-Vu versions 6.0 through 9.0 Description An open redirect exists due to a flaw in a URL parameter. This could allow attackers to exploit user sessions. Recommendations Versions 6.0 through 9.0 should be...

8.6CVSS6.2AI score0.0003EPSS