Lucene search
K

86 matches found

CVE
CVE
added 2026/06/25 12:23 p.m.14 views

CVE-2026-40211

Technical details about CVE-2026-40211 are not publicly available in the provided documents. Monitor for updates.

5.3CVSS6.1AI score0.00413EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 7:6 p.m.11 views

Malicious code in @tarojs/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59b4e6cd0fe6bd16c6fb2bd04e6542a2a3052182d8815a08b124df56f2d9fde2 On npm install, the package's postinstall script performs a reachability GET to https://taro.jd.com/ and, on success, invokes the package's own...

6AI score
Exploits0References2
CVE
CVE
added 2026/05/05 8:29 p.m.53 views

CVE-2026-35579

CoreDNS versions prior to 1.14.3 expose a TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports. In gRPC/QUIC, the server checks for a configured TSIG key name but never calls dns.TsigVerify(), so a matching key yields a nil tsigStatus and the request is treated as authenticated rega...

9.8CVSS5.8AI score0.0051EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/28 10:46 p.m.6 views

GHSA-QHMP-Q7XH-99RH CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC

Summary CoreDNS' tsig plugin can be bypassed on non-plain-DNS transports because it trusts the transport writer's TsigStatus instead of performing verification itself. In the attached PoC, plain DNS/TCP correctly rejects an invalid TSIG NOTAUTH, while the same invalid-TSIG request is accepted ove...

8.7CVSS5.8AI score0.00374EPSS
Exploits1References4
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.158 views

HTTPS Fetch, Windows shellcode stage, Reverse HTTP Stager Proxy

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Tunnel communication over HTTP Module Options msf use payload/cmd/windows/https/x86/custom/reversehttpproxypstore msf payloadreversehttpproxypstore show actions ...actions... msf payloadreversehttpproxypstore set ACTIO...

6AI score
Exploits0
OSV
OSV
added 2026/03/31 12:16 p.m.4 views

UBUNTU-CVE-2026-24030

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly...

7.5CVSS5.8AI score0.00537EPSS
Exploits0References4
CVE
CVE
added 2026/03/31 12:1 p.m.17 views

CVE-2026-24030

DNSdist (DNS load balancer) has a vulnerability CVE-2026-24030 where processing DNS over QUIC or DNS over HTTP/3 payloads may allocate unbounded memory, potentially causing denial of service and, in some cases, an out-of-memory state. Debian’s advisory notes a fix in dnsdist for stable (trixie) v...

7.5CVSS5.9AI score0.00537EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/31 12:1 p.m.24 views

CVE-2026-24030 Unbounded memory allocation for DoQ and DoH3

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly...

5.3CVSS0.00537EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/03/31 12:0 a.m.5 views

DNSdist -- vulnerabilities

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html reports: CVE-2026-0396: HTML injection in the web dashboard CVE-2026-0397: Information disclosure via CORS misconfiguration CVE-2026-24028: Out-of-bounds read when parsing DNS packets via Lua CVE-2026-24029: DN...

8.2CVSS5.8AI score0.01028EPSS
Exploits0References1
NVD
NVD
added 2026/03/30 10:16 p.m.6 views

CVE-2026-33952

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

6.5CVSS0.00271EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/30 9:42 p.m.8 views

CVE-2026-33952

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

6CVSS5.8AI score0.00271EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/30 9:42 p.m.3 views

EUVD-2026-17221

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

6CVSS5.8AI score0.00271EPSS
Exploits1References2
OSV
OSV
added 2026/03/30 9:42 p.m.4 views

CVE-2026-33952 FreeRDP: DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

6CVSS5.8AI score0.00271EPSS
Exploits1References4
CVE
CVE
added 2026/03/30 9:42 p.m.27 views

CVE-2026-33952

FreeRDP prior to 3.24.2 is affected by CVE-2026-33952, where an unvalidated auth_length read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks() and causes a client crash via RPC-over-HTTP gateway. The issue is mitigated by upgrading to FreeRDP 3.24.2 or later...

6.5CVSS5.8AI score0.00271EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/12 8:49 a.m.4 views

CVE-2025-41117 XSS in Grafana Explore stack trace

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

6.8CVSS6.6AI score0.0026EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.3 views

MiracleLinux 8 : nodejs:10 (AXSA:2021-1558:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1558:01 advisory. nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion CVE-2021-22883 nodejs: DNS rebinding in --inspect CVE-2021-22884 Tenable has...

7.8CVSS7.7AI score0.77385EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-29133

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2 Description FreeRDP is a free implementation of the Remote Desktop Protocol. An unvalidated auth length field read from the network triggers a WINPR ASSERT failure in the rts read auth verifier no checks...

8.1CVSS4.5AI score0.00426EPSS
Exploits1References25
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-9987

Malware in sbrugna...

9.8CVSS9.5AI score0.01551EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/18 12:0 a.m.12 views

PT-2025-38305

Name of the Vulnerable Software and Affected Versions DNSdist affected versions not specified Description DNSdist, when configured to utilize the nghttp2 library for processing DNS over HTTPS DoH queries, may be susceptible to a denial of service. A crafted DoH exchange can trigger an unbounded I...

7.5CVSS8.3AI score0.04604EPSS
Exploits3References26
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-43082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in the stats-over- http plugin of Apache Traffic Server allows an attacker to...

9.8CVSS7.3AI score0.0233EPSS
Exploits0References2
Rows per page
Query Builder