Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

151 matches found

Tenable Nessus
Tenable Nessusadded 2 days ago3 views

Fedora 43 : bind9-next (2026-ec095a4675)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ec095a4675 advisory. Update to 9.21.22 rhbz2480122 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...

9.8CVSS5.5AI score0.01644EPSS
Exploits1References7
RedhatCVE
RedhatCVEadded 2026/06/01 11:10 a.m.8 views

CVE-2026-42396

A flaw was found in pdns. Insufficient validation of member zone data can allow a privileged attacker to cause a catalog zone transfer to fail. This can lead to a denial of service DoS for affected DNS services, preventing legitimate users from resolving domain names...

6.5CVSS5.7AI score0.00474EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2026/05/30 2:5 a.m.10 views

SUSE CVE-2026-44608

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

5.9CVSS5.7AI score0.00265EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 2026/05/29 12:16 p.m.8 views

CVE-2026-33489

A flaw was found in CoreDNS. An unauthorized remote client can exploit a vulnerability in the transfer plugin's Access Control List ACL stanza selection. This occurs when both a parent zone and a more-specific subzone are configured, and the longestMatch function incorrectly uses a lexicographic...

8.2CVSS5.8AI score0.00388EPSS
Exploits1References5
Tenable Nessus
Tenable Nessusadded 2026/05/26 12:0 a.m.11 views

Fedora 43 : bind / bind-dyndb-ldap (2026-b626e83a45)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-b626e83a45 advisory. Update to 9.18.49 rhbz2480121 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...

7.5CVSS5.8AI score0.00558EPSS
Exploits1References5
Tenable Nessus
Tenable Nessusadded 2026/05/25 12:0 a.m.11 views

Fedora 44 : bind / bind-dyndb-ldap (2026-411248c8d9)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-411248c8d9 advisory. Update to 9.18.49 rhbz2480121 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...

7.5CVSS5.9AI score0.00558EPSS
Exploits1References5
NVD
NVDadded 2026/05/21 10:16 a.m.9 views

CVE-2026-42000

Insufficient Validation of Names During AXFR...

8.6CVSS0.00324EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/21 9:25 a.m.33 views

CVE-2026-42000 Insufficient Validation of Names During AXFR

Insufficient Validation of Names During AXFR...

6.8CVSS0.00324EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/21 9:25 a.m.6 views

CVE-2026-42000 Insufficient Validation of Names During AXFR

Insufficient Validation of Names During AXFR...

6.8CVSS5.8AI score0.00324EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/21 12:0 a.m.8 views

PowerDNS Authoritative 代码注入漏洞

PowerDNS Authoritative is a DNS server software developed by PowerDNS Corporation. PowerDNS Authoritative has a code injection vulnerability, which stems from insufficient validation of member zone data, potentially leading to failed zone transfer operations...

6.5CVSS5.9AI score0.00474EPSS
Exploits0References1
OSV
OSVadded 2026/05/20 10:16 a.m.2 views

ALPINE-CVE-2026-44608

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

5.9CVSS5.5AI score0.00265EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/20 12:0 a.m.8 views

PT-2026-42135

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.14.0 through 1.25.0 Description A locking inconsistency occurs when specific conditions are met: the system is multi-threaded, an RPZ Response Policy Zone XFR Zone Transfer reload is performed, and an RPZ zone...

10CVSS5.7AI score0.00512EPSS
Exploits0References52
RedhatCVE
RedhatCVEadded 2026/05/14 10:2 a.m.13 views

CVE-2026-35579

A flaw was found in CoreDNS. An unauthenticated network attacker can exploit incorrect handling of TSIG Transaction Signature authentication in the gRPC, QUIC, DoH DNS over HTTPS, and DoH3 transport implementations. This vulnerability allows an attacker to bypass TSIG protection, leading to...

9.8CVSS5.8AI score0.00445EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/05/05 8:29 p.m.5 views

CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...

8.2CVSS5.8AI score0.00445EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/05 8:29 p.m.1 views

CVE-2026-35579

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...

8.2CVSS5.8AI score0.00445EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2026/05/05 8:16 p.m.3 views

CVE-2026-33489

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch function in plugin/transfer/transfer.go uses a lexicographic string comparison instead...

8.2CVSS0.00388EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/05/05 12:0 a.m.7 views

CoreDNS 安全漏洞

CoreDNS is a DNS server within the CoreDNS community. Versions of CoreDNS prior to 1.14.3 contained a security vulnerability. This vulnerability stemmed from an error in the selection of ACL rules in the transfer plugin, which could allow unauthorized remote clients to execute AXFR/IXFR and...

8.2CVSS5.9AI score0.00388EPSS
Exploits1References1
Snyk
Snykadded 2026/04/28 10:44 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to improper access control in the transfer process. An attacker can retrieve unauthorized zone contents by exploiting the incorrect selection of access control list stanzas when both parent and subzone rules ar...

8.7CVSS5.8AI score0.00388EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/01/07 9:40 a.m.5 views

CVE-1999-0532

A DNS server allows zone transfers...

6.8AI score0.68535EPSS
Exploits7References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2019-16025

Malware in sbrugna...

5.3CVSS6.3AI score0.04577EPSS
Exploits0References9
Rows per page
Query Builder