|
4411
|
- |
|
-
|
-
|
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the re…
|
CWE-197
CWE-787
Numeric Truncation Error
Out-of-bounds Write
|
CVE-2026-42944
|
2026-05-20 23:02 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4412
|
- |
|
-
|
-
|
NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs …
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2026-42959
|
2026-05-20 23:02 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4413
|
- |
|
-
|
-
|
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority sec…
|
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
|
CVE-2026-42960
|
2026-05-20 23:02 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4414
|
- |
|
-
|
-
|
NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-44390
|
2026-05-20 23:02 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4415
|
- |
|
-
|
-
|
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'…
|
CWE-413
Improper Resource Locking
|
CVE-2026-44608
|
2026-05-20 23:02 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4416
|
7.5 |
HIGH
Network
|
-
|
-
|
E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
|
CWE-89
SQL Injection
|
CVE-2026-9003
|
2026-05-20 23:01 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4417
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks
|
-
|
CVE-2026-5776
|
2026-05-20 23:01 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4418
|
- |
|
-
|
-
|
NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'.
The roo…
|
CWE-89
SQL Injection
|
CVE-2026-9059
|
2026-05-20 23:01 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4419
|
- |
|
-
|
-
|
SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the REST API endpoint '/surecart/v1/i…
|
CWE-89
SQL Injection
|
CVE-2026-9065
|
2026-05-20 23:01 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4420
|
7.8 |
HIGH
Local
|
-
|
-
|
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, …
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-44933
|
2026-05-20 23:01 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
