|
161
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand (…
New
|
CWE-284
Improper Access Control
|
CVE-2026-34390
|
2026-05-20 23:06 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This is…
New
|
CWE-284
Improper Access Control
|
CVE-2026-34754
|
2026-05-20 23:06 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. Th…
New
|
CWE-200
Information Exposure
|
CVE-2026-34970
|
2026-05-20 23:06 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
7.5 |
HIGH
Network
|
-
|
-
|
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typ…
New
|
CWE-771
Missing Reference to Active Allocated Resource
|
CVE-2026-3039
|
2026-05-20 23:04 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
5.3 |
MEDIUM
Network
|
-
|
-
|
BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resou…
New
|
CWE-408
Incorrect Behavior Order: Early Amplification
|
CVE-2026-3592
|
2026-05-20 23:04 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
7.4 |
HIGH
Network
|
-
|
-
|
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BI…
New
|
CWE-416
Use After Free
|
CVE-2026-3593
|
2026-05-20 23:04 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
7.5 |
HIGH
Network
|
-
|
-
|
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes…
New
|
CWE-20
CWE-125
CWE-617
CWE-754
CWE-843
Improper Input Validation
Out-of-bounds Read
Reachable Assertion
Improper Check for Unusual or Exceptional Conditions
Type Confusion
|
CVE-2026-5946
|
2026-05-20 23:04 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sendin…
New
|
CWE-606
Unchecked Input for Loop Condition
|
CVE-2026-5950
|
2026-05-20 23:04 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
7.5 |
HIGH
Network
|
-
|
-
|
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. …
New
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2026-5947
|
2026-05-20 23:04 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
- |
|
-
|
-
|
Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memo…
New
|
CWE-124
Buffer Underflow
|
CVE-2024-36343
|
2026-05-20 23:04 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
