SUSE CVE-2026-40622

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data from LDAP referrals. An attacker can execute arbitrary code or perform unauthorized actions by supplying crafted LDAP referral data. Details Serialization is a process of converting an object into a...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the process that handles LDAP referrals. An attacker can cause unauthorized access to external LDAP servers by supplying crafted LDAP requests. Remediation Upgrade...

EUVD-2026-32508

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation...

CVE-2026-40622 Another 'ghost domain names' attack variant

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

CVE-2026-40622

Affected software: NLnet Labs Unbound (versions 1.16.2 through 1.25.0). Vulnerability: ghost domain names attack that can extend the ghost domain window by up to one cached TTL (cache-max-ttl) by overwriting the cached expired parent‑side referral NS RRset with the child‑side apex NS RRset via a ...

EUVD-2026-31080

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

CVE-2026-40622

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: NFS: Fixed an error in nfsdautomount When mounting from an NFSv4 reference, path-dentry may end up being a negative dentry. Therefore, the struct nfsserver structure is derived from the dentry itself instead...

CVE-2026-3048 Nexus Repository 3 - Improper LDAP Referral Handling

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...

Fedora 45 : bind / bind-dyndb-ldap (2026-8db2f80244)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-8db2f80244 advisory. Update to 9.18.47 rhbz2440561 Security Fixes: - Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. CVE-2026-1519 Source:...

Malicious Package

Overview nf-referral-backend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-1245 Malicious code in nf-referral-backend-placeholder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44ad77b1a6ac52b4914c8516043f3f52e27f4a328b2940bf5b4d9c63e66662b2 The package nf-referral-backend-placeholder was found to contain malicious code. Source: ghsa-malware...

Malicious code in nf-referral-backend-placeholder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44ad77b1a6ac52b4914c8516043f3f52e27f4a328b2940bf5b4d9c63e66662b2 The package nf-referral-backend-placeholder was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview nf-referral-backend-placeholder is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

MAL-2026-1243 Malicious code in nf-referral-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffb611867bc3ba4676e51a8f14605087e805e92819becb23a5be2629a5418317 The package nf-referral-backend was found to contain malicious code. Source: ghsa-malware...

Malicious code in nf-referral-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffb611867bc3ba4676e51a8f14605087e805e92819becb23a5be2629a5418317 The package nf-referral-backend was found to contain malicious code. Source: ghsa-malware...

MiracleLinux 7 : bind-9.11.4-16.P2.6.0.1.el7.AXS7 (AXSA:2020-120:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-120:04 advisory. bind: BIND does not sufficiently limit the number of fetches performed when processing referrals CVE-2020-8616 bind: A logic error in code which chec...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000849)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000849 advisory. Off-by-one error in the builduncpathtoroot function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service memory...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002235)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002235 advisory. Off-by-one error in the builduncpathtoroot function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service memory...