CVE-2026-33489

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch function in plugin/transfer/transfer.go uses a lexicographic string comparison instead...

Spring gRPC AuthenticationException messages are reflected to remote client

The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC:...

OpenPrinting CUPS 安全漏洞

OpenPrinting CUPS is an open-source printing system developed by OpenPrinting Inc., suitable for Linux® and other Unix®-based operating systems. OpenPrinting CUPS versions 2.4.16 and earlier contain security vulnerabilities. These vulnerabilities stem from the RSS notification program, which allo...

EUVD-2026-7462

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details e.g., invalid character 'n' after top-level value to remote clients...

CVE-2025-69250

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the service reliably leaks detailed internal error messages e.g., strconv.ParseInt parsing errors to remote clients when processi...

Hibernate Reactive security vulnerability

Hibernate Reactive is a reactive API interface provided by the Hibernate company. There is a security vulnerability in Hibernate Reactive, which stems from the ability of remote clients to prematurely close HTTP connections. This could lead to the leakage of database connection pools, potentially...

Siemens SIMATIC Devices and SCALANCE Improper Certificate Validation (CVE-2024-41996)

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource...

EUVD-2016-2999

Malware in sbrugna...

EUVD-2022-24964

Malicious code in bioql PyPI...

squid: denial of service in HTTP header parser

A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...

squid: denial of service in HTTP header parser

A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...

squid: denial of service in HTTP header parser

A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...

squid: denial of service in HTTP header parser

A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...

GHSA-GPCV-P28P-FV2P odoh-rs's Invalid Slice Split Results in Server Panic

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients. Impact An attacker with knowledge of this vulnerability could craft and...

CVE-2023-3766

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and...

CVE-2023-3766

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and...

Code injection

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and...

CVE-2023-3766

The CVE-2023-3766 issue affects the odoh-rs Rust crate, caused by faulty logic in parsing encrypted queries. When processing data from remote clients, an attacker can craft specially designed encrypted queries that trigger a server panic/crash, temporarily disrupting ODOH service availability. Pa...

CVE-2023-3766 Invalid Slice Split Results in Server Panic

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and...

SUSE CVE-2016-1908

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues ...