Lucene search
+L

2356 matches found

cve
cve
added 2 days ago9 views

CVE-2026-47158

CVE-2026-47158 – Vaultwarden (Rust) : A CSRF flaw in Vaultwarden’s SSO authorization flow prior to 1.36.0 allowed an unauthenticated attacker to induce IdP authentication and redeem tokens for a fully authenticated session. The root causes include: the OAuth state parameter from /connect/authoriz...

8.3CVSS6.1AI score0.0016EPSS
Exploits0References4
nvd
nvd
added 3 days ago4 views

CVE-2026-45073

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, PdoAdapter::doClear builds a DELETE statement using a namespace derived from the caller-supplied $prefix without binding or escaping it, allowing a caller...

7.3CVSS0.0041EPSS
Exploits0References6
osv
osv
added 2026/07/09 4:57 p.m.4 views

CVE-2026-59215 Open WebUI: Private channel messages can be disclosed through cross-channel thread parent_id binding

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parentid to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose...

3.1CVSS6.1AI score0.00255EPSS
Exploits0References6
nessus
nessus
added 2026/07/06 12:0 a.m.6 views

MiracleLinux 9 : unbound-1.24.2-2.el9 (AXSA:2026-1052:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-1052:06 advisory. unbound: DNSBomb vulnerability CVE-2024-33655 unbound: Unbound domain hijacking via promiscuous records CVE-2025-11411 Tenable has extracted the...

7.5CVSS7AI score0.01743EPSS
Exploits0References3
cve
cve
added 2026/06/26 7:40 p.m.15 views

CVE-2026-53292

Summary (CVE-2026-53292): The Linux kernel phonet subsystem contains a flaw in pn_socket_autobind() where, if pn_socket_bind() returns -EINVAL while the socket was never bound (pn_port() == 0) and sk states are not TCP_CLOSE, a BUG_ON() triggers a kernel panic from a user-triggerable path. The pa...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References2Affected Software1
nessus
nessus
added 2026/06/24 12:0 a.m.13 views

Oracle Linux 9 : unbound (ELSA-2026-24369)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-24369 advisory. - Fix CVE-2026-33278 RHEL-177822 Fix CVE-2026-42944 RHEL-177936 Fix CVE-2026-42959 RHEL-177797 Tenable has extracted the preceding description block...

10CVSS6AI score0.01272EPSS
Exploits0References4
nessus
nessus
added 2026/06/23 12:0 a.m.4 views

Oracle Linux 9 : unbound (ELSA-2026-18931)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-18931 advisory. 1.24.2-2 - Switch TLS configuration to follow TLS sockets by crypto-policy again RHEL-147860 - Change the default of tls-use-system-policy-versions at...

7.5CVSS7AI score0.01743EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/18 11:37 p.m.9 views

CVE-2026-12050

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

5.3CVSS5.4AI score0.00245EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/06/18 2:32 p.m.3 views

SUSE-SU-2026:22160-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.5AI score0.01272EPSS
Exploits0References23
osv
osv
added 2026/06/18 2:32 p.m.3 views

SUSE-SU-2026:22213-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.5AI score0.01272EPSS
Exploits0References23
osv
osv
added 2026/06/18 2:31 p.m.3 views

OPENSUSE-SU-2026:21083-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.4AI score0.01272EPSS
Exploits0References22
nessus
nessus
added 2026/06/16 12:0 a.m.10 views

Alibaba Cloud Linux 3 : 0156: unbound (ALINUX3-SA-2026:0156)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0156 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-42944: NLnet Labs Unbound 1.14.0 ...

8.7CVSS5.7AI score0.00842EPSS
Exploits0References3
nessus
nessus
added 2026/06/14 12:0 a.m.11 views

SUSE SLES15 Security Update : unbound (SUSE-SU-2026:2369-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2369-1 advisory. This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278:...

10CVSS6.7AI score0.01272EPSS
Exploits0References34
suse
suse
added 2026/06/11 12:22 p.m.7 views

Security update for unbound

This update for unbound fixes the following issues CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. CVE-2026-40622: "Ghost domain name" variant bsc1265581. CVE-2026-41292: Parsing a long list of incoming...

8.6CVSS6.2AI score0.01272EPSS
Exploits0References44
rocky
rocky
added 2026/06/11 12:3 p.m.26 views

unbound security update

An update is available for unbound. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The unbound packages provide a validating, recursive, and caching DNS or DNSS...

10CVSS5.7AI score0.01272EPSS
Exploits0
osv
osv
added 2026/06/11 12:3 p.m.8 views

RLSA-2026:24369 Important: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service via Incorrect Write Offset Counter in...

8.1CVSS5.6AI score0.01272EPSS
Exploits0References4
rocky
rocky
added 2026/06/11 6:0 a.m.13 views

unbound security update

An update is available for unbound. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The unbound packages provide a validating, recursive, and caching DNS or DNSS...

8.7CVSS5.5AI score0.00842EPSS
Exploits0
osv
osv
added 2026/06/11 6:0 a.m.11 views

RLSA-2026:24365 Important: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service via Incorrect Write Offset Counter in...

7.5CVSS5.4AI score0.00842EPSS
Exploits0References3
nessus
nessus
added 2026/06/11 12:0 a.m.11 views

RockyLinux 8 : unbound (RLSA-2026:24365)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24365 advisory. unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service via...

8.7CVSS5.6AI score0.00842EPSS
Exploits0References5
nessus
nessus
added 2026/06/11 12:0 a.m.8 views

FreeBSD : FreeBSD -- Multiple vulnerabilities in unbound (b604d3e1-6474-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b604d3e1-6474-11f1-958d-bc241121aa0a advisory. Multiple vulnerabilities have been reported in Unbound. Instead of listing detailed writeups f...

10CVSS6.4AI score0.01272EPSS
Exploits0References12
Rows per page
Query Builder