CVE-2026-0398

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor...

CVE-2025-14831

A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...

CVE-2025-14831 Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification

A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...

CVE-2026-0398

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor...

CVE-2026-0398

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor...

CVE-2026-0398

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor...

CVE-2026-0398 Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor...

CVE-2026-0398 Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor...

CVE-2026-0398

PowerDNS Recursor is affected by CVE-2026-0398. The issue involves crafted DNS zones that can cause increased resource usage and crafted CNAME chains that can lead to cache poisoning in the Recursor. The available documents do not specify affected versions, exact root cause in code paths, or offi...

The Myth of “Known APIs”: Why Inventory-First Security Models Are Already Obsolete

You probably think the security mantra “you can’t protect what you don’t know about” is an inarguable truth. But you would be wrong. It doesn’t hold water in today’s threat landscape. Of course, it sounds reasonable. Before you secure APIs, you must first discover, inventory, and document them...

cpython: Excessive read buffering DoS in http.client

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

PowerDNS Recursor（pdns_recursor） 安全漏洞

PowerDNS Recursor pdnsrecursor is a domain name resolution server developed by the Dutch company PowerDNS. PowerDNS Recursor has security vulnerabilities; these vulnerabilities stem from custom zones, which may lead to increased resource usage, and custom CNAME chains, which may cause cache...

CVE-2026-25857

Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality formSetWanDiag. The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without...

CVE-2026-25844

Not used...

CVE-2026-25647

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...

OESA-2026-1286 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming A...

CVE-2026-25547

A flaw was found in the brace-expansion component. This denial of service DoS vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory...

Malicious Package

Overview web3-chain-sinon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @rsgweb/modules-core-www-page is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @rsgweb/rockstar-account is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...