|
831
|
7.7 |
HIGH
Network
|
-
|
-
|
OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, c…
New
|
CWE-78
OS Command
|
CVE-2026-8666
|
2026-06-26 01:04 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
832
|
6.0 |
MEDIUM
Network
|
-
|
-
|
OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insuffi…
New
|
CWE-78
OS Command
|
CVE-2026-8658
|
2026-06-26 01:04 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
833
|
3.3 |
LOW
Network
|
-
|
-
|
Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename …
New
|
CWE-22
Path Traversal
|
CVE-2026-8662
|
2026-06-26 01:04 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
834
|
7.5 |
HIGH
Network
|
-
|
-
|
shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a resu…
New
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-13311
|
2026-06-26 01:01 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
835
|
4.3 |
MEDIUM
Network
|
-
|
-
|
An attacker can send a web request that causes unlimited memory
allocation in the internal web server, leading to a denial of service.
The internal web server is disabled by default.
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-42005
|
2026-06-26 01:00 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
836
|
7.5 |
HIGH
Network
|
-
|
-
|
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning.
New
|
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
|
CVE-2026-33612
|
2026-06-26 01:00 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
837
|
3.7 |
LOW
Network
|
-
|
-
|
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The pr…
New
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-40011
|
2026-06-26 01:00 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
838
|
3.7 |
LOW
Network
|
-
|
-
|
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.
New
|
CWE-705
Incorrect Control Flow Scoping
|
CVE-2026-40208
|
2026-06-26 00:59 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
839
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a…
New
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2026-40209
|
2026-06-26 00:59 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
840
|
4.8 |
MEDIUM
Network
|
-
|
-
|
An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.
New
|
CWE-126
Buffer Over-read
|
CVE-2026-40210
|
2026-06-26 00:59 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
