|
1911
|
- |
|
softbizscripts
|
resource_repository_script
|
Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res…
|
NVD-CWE-Other
|
CVE-2005-3879
|
2026-04-25 03:56 |
2005-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1912
|
7.5 |
HIGH
Network
|
powerdns
|
authoritative
|
A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-33610
|
2026-04-25 03:53 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1913
|
6.5 |
MEDIUM
Network
|
powerdns
|
authoritative
|
Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.
|
CWE-90
LDAP Injection
|
CVE-2026-33609
|
2026-04-25 03:52 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1914
|
9.8 |
CRITICAL
Network
|
powerdns
|
authoritative
|
An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend…
|
CWE-94
Code Injection
|
CVE-2026-33608
|
2026-04-25 03:52 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1915
|
8.2 |
HIGH
Network
|
powerdns
|
dnsdist
|
A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-33602
|
2026-04-25 03:52 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1916
|
8.1 |
HIGH
Adjacent
|
powerdns
|
dnsdist
|
A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. D…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-33599
|
2026-04-25 03:52 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1917
|
9.1 |
CRITICAL
Network
|
powerdns
|
dnsdist
|
A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.
|
CWE-125
Out-of-bounds Read
|
CVE-2026-33598
|
2026-04-25 03:51 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1918
|
7.5 |
HIGH
Network
|
powerdns
|
dnsdist
|
PRSD detection denial of service
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-33597
|
2026-04-25 03:51 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1919
|
6.5 |
MEDIUM
Adjacent
|
powerdns
|
dnsdist
|
A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DN…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-33596
|
2026-04-25 03:50 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1920
|
7.5 |
HIGH
Network
|
powerdns
|
dnsdist
|
A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the conne…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33595
|
2026-04-25 03:49 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
