|
4071
|
9.8 |
CRITICAL
Network
|
isc
|
bind
|
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BI…
|
CWE-416
Use After Free
|
CVE-2026-3593
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4072
|
7.5 |
HIGH
Network
|
isc
|
bind
|
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes…
|
CWE-20
CWE-125
CWE-617
CWE-754
CWE-843
Improper Input Validation
Out-of-bounds Read
Reachable Assertion
Improper Check for Unusual or Exceptional Conditions
Type Confusion
|
CVE-2026-5946
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4073
|
7.5 |
HIGH
Network
|
isc
|
bind
|
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typ…
|
CWE-771
Missing Reference to Active Allocated Resource
|
CVE-2026-3039
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4074
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.…
|
CWE-22
Path Traversal
|
CVE-2026-39352
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4075
|
- |
|
-
|
-
|
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package t…
|
CWE-22
Path Traversal
|
CVE-2026-39405
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4076
|
7.4 |
HIGH
Network
|
-
|
-
|
Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile() that leads to Local File Inclusion. The function calls ext…
|
CWE-20
CWE-98
Improper Input Validation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-39850
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4077
|
8.6 |
HIGH
Network
|
-
|
-
|
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3…
|
CWE-284
CWE-306
Improper Access Control
Missing Authentication for Critical Function
|
CVE-2026-39310
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4078
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of S…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-39311
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4079
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-9102
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4080
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesys…
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2026-9129
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
