CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/03/10 12:0 a.m.•2 views

PT-2026-24613

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

Positive Technologies•added 2026/03/10 12:0 a.m.•5 views

Exploits0References4

PT-2026-24188

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.13 Parse Server versions prior to 9.5.1-alpha.2 Description An unauthenticated attacker can cause a denial of service by crashing the Parse Server process. This occurs by calling a Cloud Function endpoint wit...

8.8CVSS5.7AI score0.00181EPSS

Exploits0References13

RedhatCVE•added 2026/03/09 1:20 p.m.•1 views

CVE-2026-24281

A flaw was found in Apache ZooKeeper. The ZKTrustManager component's hostname verification process can fall back to reverse DNS PTR lookup when IP Subject Alternative Name SAN validation fails. This vulnerability allows an attacker who can control or spoof PTR records to impersonate ZooKeeper...

7.4CVSS5.7AI score0.0003EPSS

Exploits0References4

The Hacker News•added 2026/03/09 7:21 a.m.•6 views

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been...

6AI score

Exploits0

OSV•added 2026/03/08 7:1 p.m.•2 views

MAL-2026-1288 Malicious code in arnavtest123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d77a638a8dbd52def0458fe1227c5dd5491bc8fedb0ae9e50f28eed74e4ef89d During installation, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

6AI score

OSSF Malicious Packages•added 2026/03/08 7:1 p.m.•2 views

Malicious code in arnavtest123 (PyPI)

6AI score

EUVD•added 2026/03/07 9:30 a.m.•2 views

EUVD-2026-10139

5.8AI score0.0003EPSS

OSV•added 2026/03/07 9:30 a.m.•1 views

GHSA-7XRH-HQFC-G7QR Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager

OSV•added 2026/03/07 9:16 a.m.•1 views

Exploits0References6

CVE-2026-24281

7.4CVSS5.7AI score

OSV•added 2026/03/07 9:16 a.m.•1 views

DEBIAN-CVE-2026-24281

7.4CVSS8.4AI score0.0003EPSS

NVD•added 2026/03/07 9:16 a.m.•2 views

CVE-2026-24281

7.4CVSS0.0003EPSS

UbuntuCve•added 2026/03/07 9:16 a.m.•1 views

CVE-2026-24281

OSV•added 2026/03/07 9:16 a.m.•1 views

Exploits0References3

UBUNTU-CVE-2026-24281

Vulnrichment•added 2026/03/07 8:50 a.m.•1 views

Exploits0References4

CVE-2026-24281 Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager

5.8AI score0.0003EPSS

Debian CVE•added 2026/03/07 8:50 a.m.•3 views

CVE-2026-24281

7.4CVSS8.4AI score0.0003EPSS

Exploits0

CVE•added 2026/03/07 8:50 a.m.•32 views

CVE-2026-24281

CVE-2026-24281 affects Apache ZooKeeper’s ZKTrustManager, where hostname verification falls back to reverse DNS (PTR) when IP SAN validation fails. An attacker who controls or spoofs PTR records and can present a certificate trusted by ZKTrustManager could impersonate ZooKeeper servers or clients...