|
261
|
- |
|
-
|
-
|
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports (DoT, DoH, DoH3, DoQ, and gRPC) because it trusts the transport w…
New
|
CWE-303
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-33190
|
2026-05-8 00:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
- |
|
-
|
-
|
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC (DoQ) server can be driven into unbounded goroutine and memory growth by a remote client that opens many QU…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-32934
|
2026-05-8 00:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
- |
|
-
|
-
|
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server check…
New
|
CWE-287
Improper Authentication
|
CVE-2026-35579
|
2026-05-8 00:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264
|
- |
|
-
|
-
|
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runt…
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-40934
|
2026-05-8 00:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
7.5 |
HIGH
Network
|
-
|
-
|
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil poin…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-41642
|
2026-05-8 00:06 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266
|
7.5 |
HIGH
Network
|
-
|
-
|
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42285
|
2026-05-8 00:06 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267
|
8.1 |
HIGH
Network
|
-
|
-
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionalit…
Update
|
CWE-620
Unverified Password Change
|
CVE-2026-42084
|
2026-05-8 00:05 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
4.3 |
MEDIUM
Network
|
-
|
-
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in…
Update
|
CWE-23
Relative Path Traversal
|
CVE-2026-42085
|
2026-05-8 00:05 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269
|
4.6 |
MEDIUM
Network
|
-
|
-
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval() function on…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-42086
|
2026-05-8 00:05 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
9.6 |
CRITICAL
Network
|
-
|
-
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability e…
Update
|
CWE-89
SQL Injection
|
CVE-2026-42087
|
2026-05-8 00:05 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
