CVE-2026-12969

An out-of-bounds read vulnerability exists in dnsmasq's findsoa function in src/rfc1035.c. When parsing NS section records, extractname is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can...

CVE-2026-12969

An out-of-bounds read vulnerability exists in dnsmasq's findsoa function in src/rfc1035.c. When parsing NS section records, extractname is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ns: Initialize nslistnode for initial namespaces. Ensure that the list is always initialized for initial namespaces...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netns: Ensure that getnetns handles zero refcount nets properly. Syzkaller encountered a warning: refcountt: Addition on 0; use-after-free. WARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcountwarnsaturate+0xdf/0x1d0 Linked...

CVE-2026-47691 Netty has Insufficient Bailiwick Validation for NS Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

CVE-2026-40622

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

CVE-2026-46055

CVE-2026-46055 affects the Linux kernel AppArmor LSM. The issue is a missing string terminator in aa_dfa_match, causing a slab-out-of-bounds read/write during path mounting on ARM64 Ubuntu 26.04 with Linux 7.0-rc4 (Snapdragon X1). Reported impact includes potential DoS or information disclosure. ...

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF in all versions up to 1.2.4 due to insufficient input sanitization and output escaping. Affected: WordPress plugin NS Product icon badge; vulnerable component: code handling user input/outp...

CVE-2026-8707 NS Product icon badge <= 1.2.4 - Reflected Cross-Site Scripting via PHP_SELF

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2026-40622

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: LoongArch: BPF: Properly handles return values from struct ops that are signed-extended. The nsbpfqdisc selftest triggers a kernel panic: Oops1: CPU 0 Unable to handle kernel paging request at virtual address 0000000000741d58,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/namespace: The reference leak in grabrequestedmntns has been fixed. lookupmntns already takes a reference to mntns. grabrequestedmntns does not need to take an additional reference...

CVE-2026-43472

The CVE describes a Linux kernel unshare(2) bug: when CLONE_NEWNS is requested and current-&gt;fs wasn’t previously shared, copy_mnt_ns() could receive a non-private fs_struct. If copy_mnt_ns() succeeds but a subsequent copy_cgroup_ns() fails, the destroyed namespace can leave current-&gt;fs-&gt;...

Fedora 44 : glibc (2026-ced72ab158)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ced72ab158 advisory. This update provides various security fixes. Buffer overflow in scanf %mc CVE-2026-5450 nssprintrrf buffer overreads CVE-2026-6238 nssprintrrf buffe...

CVE-2026-6238

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a targ...

EUVD-2026-26036

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...

Prototype Pollution

Overview i18next-http-middleware is an i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Affected versions of this package are vulnerable to Prototype Pollution via the lng or ns parameters handled by the getResourcesHandler...

RUSTSEC-2026-0106 Record cache accepts AUTHORITY section NS from sibling zone via parent-pool zone-context elevation

The Hickory DNS project's experimental hickory-recursor crate's record cache DnsLru stores records from DNS responses keyed by each record's own name, type, not by the query that triggered the response. cacheresponse in crates/recursor/src/lib.rs chains ANSWER, AUTHORITY, and ADDITIONAL sections...

PT-2026-37151

Name of the Vulnerable Software and Affected Versions i18next-http-backend versions prior to 3.0.5 Description Versions of the library interpolate the lng and ns values directly into the configured loadPath or addPath URL templates without encoding, validation, or path sanitization. When...

UBUNTU-CVE-2026-23408

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of nsname in aareplaceprofiles if nsname is NULL after 1071 error = aaunpackudata, &lh, &nsname; and if ent-nsname contains an nsname in 1089 else if ent-nsname then nsname is assigned the ent-nsname 109...