Lucene search
K

432 matches found

Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-14461 Out-of-bound read in mtr

mtr is vulnerable to Out-of-bound read vulnerability in ipinfolookup function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME...

5.1CVSS0.00303EPSS
Exploits0References2
OSV
OSV
added 5 days ago3 views

CVE-2026-14461 Out-of-bound read in mtr

mtr is vulnerable to Out-of-bound read vulnerability in ipinfolookup function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME...

5.1CVSS6.1AI score0.00303EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42866

mtr is vulnerable to Out-of-bound read vulnerability in ipinfolookup function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME...

5.1CVSS6.1AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 5:16 p.m.10 views

CVE-2026-10652

Zephyr's DNS resolver subsys/net/lib/dns parses resource records from DNS responses in dnsunpackanswer, which validated only the fixed RR header type, class, TTL, rdlength and accepted any attacker-declared rdlength, including one extending past the end of the received datagram. The TXT and SRV...

7.4CVSS0.00252EPSS
Exploits1References2
CVE
CVE
added 2026/06/30 3:50 p.m.14 views

CVE-2026-10652

Zephyr’s DNS resolver (subsys/net/lib/dns) is vulnerable to an out-of-bounds read in TXT/SRV records due to unvalidated rdlength in dns_unpack_answer(). The resolver accepts attacker-declared rdlength that may extend past the datagram end, and dns_validate_record() copies up to rdlength bytes fro...

7.4CVSS5.8AI score0.00252EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.8 views

ImageMagick < 6.9.13-40 / 7.x < 7.1.2-15 Multiple Vulnerabilities

The remote host has a version of ImageMagick installed that is prior to 6.9.13-40 or 7.x prior to 7.1.2-15. It is, therefore, affected by multiple vulnerabilities: - ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes:...

9.2CVSS6.2AI score0.00895EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/24 3:36 p.m.7 views

CVE-2026-56371

A memory leak flaw was found in ImageMagick. Processing specially crafted TXT files with malicious texture attributes can exhaust system memory, allowing an attacker to cause a Denial of Service DoS. Mitigation If your application does not explicitly require rendering TXT files via ImageMagick, y...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 5:33 a.m.11 views

EUVD-2026-38675

The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References7
NVD
NVD
added 2026/06/23 1:16 p.m.16 views

CVE-2026-56371

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

6.9CVSS0.00257EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:13 p.m.5 views

CVE-2026-56371

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

5.8AI score0.00257EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 12:13 p.m.19 views

CVE-2026-56371

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are affected by a memory leak in the txt coder when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released if GetTypeMetrics fails, leaking memory per crafted TXT file and enabling potential DoS...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.43 views

CVE-2026-36618

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...

0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.9 views

CVE-2026-36618

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...

5.8AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.10 views

Mercusys AC12G 安全漏洞

The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version has a security vulnerability. This vulnerability stems from the response to the CHAOS TXT query, and it may lead to the disclosure of the DNS resolver software...

4.3CVSS5.4AI score0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.19 views

PT-2026-46116

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.7 Description The 'DomainZones.add' API endpoint fails to sanitize newline characters within TXT record content. An authenticated customer with DNS editing permissions can inject newlines into TXT record values,...

7.6CVSS5.9AI score0.0027EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.24 views

PT-2026-46004

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...

5.8AI score0.00159EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 8:16 a.m.13 views

CVE-2026-10235

A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stockmanager.php. This manipulation of the argument txtsearchcategory causes sql injection. The attack may be initiated remotely. The exploit has been...

6.5CVSS0.002EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/01 7:15 a.m.8 views

CVE-2026-10235 CodeAstro Ingredients Stock Management System stock_manager.php sql injection

A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stockmanager.php. This manipulation of the argument txtsearchcategory causes sql injection. The attack may be initiated remotely. The exploit has been...

6.5CVSS5.7AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 7:15 a.m.12 views

EUVD-2026-33570

A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stockmanager.php. This manipulation of the argument txtsearchcategory causes sql injection. The attack may be initiated remotely. The exploit has been...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
OSV
OSV
added 2026/05/21 7:28 p.m.34 views

GHSA-3R75-XC34-5F44 Crawlee for Python: SSRF via sitemap-derived URLs

Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/utils/sitemap.py, src/crawlee/utils/robots.py, src/crawlee/requestloaders/sitemaprequestloader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points to an...

2.3CVSS6.4AI score0.00286EPSS
Exploits0References4
Rows per page
Query Builder