|
961
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with …
Update
|
CWE-78
OS Command
|
CVE-2026-40517
|
2026-04-28 02:04 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
962
|
7.5 |
HIGH
Network
|
powerdns
|
recursor
|
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33256
|
2026-04-28 02:04 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
963
|
7.5 |
HIGH
Network
|
powerdns
|
authoritative
dnsdist
recursor
|
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33257
|
2026-04-28 02:03 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
964
|
7.5 |
HIGH
Network
|
powerdns
|
recursor
|
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33258
|
2026-04-28 02:03 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
965
|
5.0 |
MEDIUM
Network
|
powerdns
|
recursor
|
Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur wi…
Update
|
CWE-416
Use After Free
|
CVE-2026-33259
|
2026-04-28 02:03 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
966
|
7.5 |
HIGH
Network
|
powerdns
|
authoritative
dnsdist
recursor
|
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33260
|
2026-04-28 02:03 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
967
|
5.9 |
MEDIUM
Network
|
powerdns
|
recursor
|
A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.
Update
|
CWE-353
Missing Support for Integrity Check
|
CVE-2026-33261
|
2026-04-28 02:03 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
968
|
5.9 |
MEDIUM
Network
|
powerdns
|
recursor
|
An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-33262
|
2026-04-28 02:02 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
969
|
5.0 |
MEDIUM
Network
|
froxlor
|
froxlor
|
Froxlor is open source server administration software. Prior to version 2.3.6, in `EmailSender::add()`, the domain ownership validation for full email sender aliases uses the wrong array index when s…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-41232
|
2026-04-28 02:02 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
970
|
7.5 |
HIGH
Network
|
froxlor
|
froxlor
|
Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` constructs the export destination path from user-supplied input without passing the `$fixed_homedir` pa…
Update
|
CWE-59
Link Following
|
CVE-2026-41231
|
2026-04-28 02:01 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
