|
1611
|
5.3 |
MEDIUM
Network
|
isc
|
bind
|
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sendin…
|
CWE-606
Unchecked Input for Loop Condition
|
CVE-2026-5950
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1612
|
5.9 |
MEDIUM
Network
|
isc
|
bind
|
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. …
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2026-5947
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1613
|
9.8 |
CRITICAL
Network
|
isc
|
bind
|
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BI…
|
CWE-416
Use After Free
|
CVE-2026-3593
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1614
|
7.5 |
HIGH
Network
|
isc
|
bind
|
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes…
|
CWE-20
CWE-125
CWE-617
CWE-754
CWE-843
Improper Input Validation
Out-of-bounds Read
Reachable Assertion
Improper Check for Unusual or Exceptional Conditions
Type Confusion
|
CVE-2026-5946
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1615
|
7.5 |
HIGH
Network
|
isc
|
bind
|
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typ…
|
CWE-771
Missing Reference to Active Allocated Resource
|
CVE-2026-3039
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1616
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.…
|
CWE-22
Path Traversal
|
CVE-2026-39352
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1617
|
- |
|
-
|
-
|
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package t…
|
CWE-22
Path Traversal
|
CVE-2026-39405
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1618
|
7.4 |
HIGH
Network
|
-
|
-
|
Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile() that leads to Local File Inclusion. The function calls ext…
|
CWE-20
CWE-98
Improper Input Validation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-39850
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1619
|
8.6 |
HIGH
Network
|
-
|
-
|
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3…
|
CWE-284
CWE-306
Improper Access Control
Missing Authentication for Critical Function
|
CVE-2026-39310
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1620
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of S…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-39311
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
