24h | 7d | 30d

CVE-2026-43500

Overview

  • Linux
  • Linux
11 May 2026
Published
20 May 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.01%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true. An skb that is not cloned but still carries externally-owned paged fragments (e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via __ip_append_data, or a chained skb_has_frag_list()) falls through to the in-place decryption path, which binds the frag pages directly into the AEAD/skcipher SGL via skb_to_sgvec(). Extend the gate to also unshare when skb_has_frag_list() or skb_has_shared_frag() is true. This catches the splice-loopback vector and other externally-shared frag sources while preserving the zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC page_pool RX, GRO). The OOM/trace handling already in place is reused.

Statistics

  • 2 Posts
Last activity: 8 hours ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 Dirty Frag : deux vulnérabilités Linux (CVE-2026-43284 et CVE-2026-43500) permettent une élévation de privilège…📝 … https://cyberveille.ch/posts/2026-05-20-dirty-frag-deux-vulnerabilites-linux-cve-2026-43284-et-cve-2026-43500-permettent-une-elevation-de-privileges-root/ #CVE_2026_43284 #Cyberveil…
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Linux Kernel Security @linkersec.bsky.social
Dirty Frag (CVE-2026-43284 and CVE-2026-43500) Covers two independent vulnerabilities that do not require chaining. CVE-2026-43284 is alternatively titled Copy Fail 2. Original write-up: github.com/V4bel/dirtyf... Avoiding bruteforcing for CVE-2026-43500: www.linkedin.com/pulse/load-b...
  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-6192

Overview

  • uclouvain
  • openjpeg
13 Apr 2026
Published
14 Apr 2026
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
0.02%
KEV

Description

A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
📦 CVE-2026-6192 (OpenJPEG integer overflow). Patch quickly, but build a system. Read more -> tinyurl.com/ymyzb7d5 #Security
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-9065

Overview

  • brainstormforce
  • Surecart
20 May 2026
Published
20 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.03%
KEV

Description

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the REST API endpoint '/surecart/v1/integrations/{id}'. The root cause is a flawed escaping bypass in the query builder ('wp-query-builder'). Values passed to the 'where()' method are only sanitized via '$wpdb->prepare()' when they do **not** contain a dot ('.') or the WordPress table prefix ('wp_'). By including a dot anywhere in the payload, an attacker completely bypasses the escaping logic and injects arbitrary SQL into the 'WHERE' clause, allowing full UNION-based extraction of the database.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-42897

Overview

  • Microsoft
  • Microsoft Exchange Server 2016 Cumulative Update 23
14 May 2026
Published
20 May 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
10.03%
KEV

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.com
🛡️ CVE-2026-42897: #CISA advierte #hackeo masivo activo en #MicrosoftExchangeServer (OWA) (+MITIGACIÓN) www.newstecnicas.com/2026/05/cve-...
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-0264

Overview

  • Palo Alto Networks
  • Cloud NGFW
13 May 2026
Published
14 May 2026
Updated
CVSS v4.0
HIGH (7.2)
EPSS
0.10%
KEV

Description

A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only). Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
ripjyr.bsky.social @ripjyr.bsky.social
Paloaltoの脆弱性情報 「CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution (Severity: HIGH)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0264
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-5947

Overview

  • ISC
  • BIND 9
20 May 2026
Published
20 May 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected.

Statistics

  • 2 Posts
  • 18 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture fallback
ISC.org @iscdotorg

Our May 2026 maintenance releases of BIND 9 are available at isc.org/download : 9.18.49 and 9.20.23 (stable) and 9.21.22 (development). Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

- kb.isc.org/docs/cve-2026-3039
- kb.isc.org/docs/cve-2026-3592
- kb.isc.org/docs/cve-2026-3593
- kb.isc.org/docs/cve-2026-5946
- kb.isc.org/docs/cve-2026-5947
- kb.isc.org/docs/cve-2026-5950

  • 11
  • 7
  • 0
  • 9h ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
BIND9の脆弱性(High: CVE-2026-3039, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, Medium: CVE-206-3592, CVE-206-5950)と9.18.49, 9.20.23, 9.21.22公開 #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-3593

Overview

  • ISC
  • BIND 9
20 May 2026
Published
20 May 2026
Updated
CVSS v3.1
HIGH (7.4)
EPSS
Pending
KEV

Description

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected.

Statistics

  • 2 Posts
  • 18 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture fallback
ISC.org @iscdotorg

Our May 2026 maintenance releases of BIND 9 are available at isc.org/download : 9.18.49 and 9.20.23 (stable) and 9.21.22 (development). Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

- kb.isc.org/docs/cve-2026-3039
- kb.isc.org/docs/cve-2026-3592
- kb.isc.org/docs/cve-2026-3593
- kb.isc.org/docs/cve-2026-5946
- kb.isc.org/docs/cve-2026-5947
- kb.isc.org/docs/cve-2026-5950

  • 11
  • 7
  • 0
  • 9h ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
BIND9の脆弱性(High: CVE-2026-3039, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, Medium: CVE-206-3592, CVE-206-5950)と9.18.49, 9.20.23, 9.21.22公開 #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-3039

Overview

  • ISC
  • BIND 9
20 May 2026
Published
20 May 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments. This issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

Statistics

  • 2 Posts
  • 18 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture fallback
ISC.org @iscdotorg

Our May 2026 maintenance releases of BIND 9 are available at isc.org/download : 9.18.49 and 9.20.23 (stable) and 9.21.22 (development). Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

- kb.isc.org/docs/cve-2026-3039
- kb.isc.org/docs/cve-2026-3592
- kb.isc.org/docs/cve-2026-3593
- kb.isc.org/docs/cve-2026-5946
- kb.isc.org/docs/cve-2026-5947
- kb.isc.org/docs/cve-2026-5950

  • 11
  • 7
  • 0
  • 9h ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
BIND9の脆弱性(High: CVE-2026-3039, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, Medium: CVE-206-3592, CVE-206-5950)と9.18.49, 9.20.23, 9.21.22公開 #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-5946

Overview

  • ISC
  • BIND 9
20 May 2026
Published
20 May 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

Statistics

  • 2 Posts
  • 18 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture fallback
ISC.org @iscdotorg

Our May 2026 maintenance releases of BIND 9 are available at isc.org/download : 9.18.49 and 9.20.23 (stable) and 9.21.22 (development). Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

- kb.isc.org/docs/cve-2026-3039
- kb.isc.org/docs/cve-2026-3592
- kb.isc.org/docs/cve-2026-3593
- kb.isc.org/docs/cve-2026-5946
- kb.isc.org/docs/cve-2026-5947
- kb.isc.org/docs/cve-2026-5950

  • 11
  • 7
  • 0
  • 9h ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
BIND9の脆弱性(High: CVE-2026-3039, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, Medium: CVE-206-3592, CVE-206-5950)と9.18.49, 9.20.23, 9.21.22公開 #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 6h ago

CVE-2024-45411

Overview

  • twigphp
  • Twig
09 Sep 2024
Published
16 Sep 2024
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.14%
KEV

Description

Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Symfony @symfony

🔐 CVE-2026-46638: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
➡️ symfony.com/blog/cve-2026-4663

  • 1
  • 2
  • 1
  • 10h ago
Showing 71 to 80 of 106 CVEs