511 matches found
CVE-2026-12994
The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...
CVE-2026-12994
Technical details are not publicly available in the provided documents. The description summarizes the vulnerability but lacks concrete affected versions, components, and remediation specifics beyond general impact. Monitor for updates.
undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.
A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...
undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.
A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...
CVE-2026-52690
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...
CVE-2026-52690
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...
CVE-2026-52690 Spoofed answers can mark an authoritative non-EDNS capable
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...
CVE-2026-52690 Spoofed answers can mark an authoritative non-EDNS capable
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...
CVE-2026-44932
A flaw was found in the wicked DHCP client. A remote attacker, by operating a malicious Dynamic Host Configuration Protocol DHCP server, could send specially crafted DHCP replies containing unsanitized strings. This vulnerability allows the attacker to execute arbitrary code on the local machine,...
CVE-2026-12725
CVE-2026-12725 affects dnsmasq. The flaw is a heap-based buffer overflow in the log_query() path when DNSSEC validation and query logging are both enabled and DNS responses contain DS/DNSKEY records with unsupported algorithm or digest types. This can cause dnsmasq to write past the end of an int...
PT-2026-51332
Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.93-1.1 Description A heap-based buffer overflow occurs when DNSSEC validation and query logging are simultaneously enabled. The issue arises when logging DS or DNSKEY replies that contain unsupported algorithm or...
Squid < 7.6 Heap-based Buffer Overflow
The version of Squid on the remote host is prior to 7.6. It is, therefore, affected by a heap-based buffer overflow vulnerability: - Due to an Improper Input Validation bug, Squid is vulnerable to a Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server to...
CVE-2026-6733
A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...
CVE-2026-54057
Kitty (cross-platform GPU-based terminal) is affected in versions prior to 0.47.3. The issue arises in the OSC 21 (color-control) query reply, which may reflect attacker-controlled bytes—including newlines—into the shell input without sanitization. This can enable local command injection or input...
CVE-2026-54057 Kitty vulnerable to command injection via unsanitized OSC 21 query reply
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue...
CVE-2026-47175
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can...
CVE-2026-47175 Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can...
CVE-2026-47175
Quest Bot (open-source Discord bot) prior to v1.0.4 allowed moderation commands to echo user-supplied reason text in public replies without disabling mention parsing, enabling a user with bot permissions to trigger @everyone/@here pings even when they lack mention permissions. The issue is fixed ...
CVE-2026-47175 Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can...
CVE-2026-47175 Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can...