|
111
|
4.7 |
MEDIUM
Local
|
uutils
|
coreutils
|
The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions (e.g., 0644) before being restrict…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35357
|
2026-04-25 04:02 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
112
|
4.7 |
MEDIUM
Local
|
uutils
|
coreutils
|
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link …
New
|
CWE-59
CWE-367
Link Following
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35359
|
2026-04-25 04:02 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
6.3 |
MEDIUM
Local
|
uutils
|
coreutils
|
The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. When the utility identifies a missing path, it later attempts creat…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35360
|
2026-04-25 04:02 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
5.6 |
MEDIUM
Local
|
uutils
|
coreutils
|
A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fa…
New
|
CWE-22
Path Traversal
|
CVE-2026-35363
|
2026-04-25 04:02 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
115
|
4.3 |
MEDIUM
Adjacent
|
openbsd
|
openbsd
|
In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_o…
New
|
CWE-1284
CWE-835
Improper Validation of Specified Quantity in Input
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-41285
|
2026-04-25 03:59 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
5.5 |
MEDIUM
Local
|
uutils
|
coreutils
|
The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and ut…
New
|
CWE-248
Uncaught Exception
|
CVE-2026-35348
|
2026-04-25 03:57 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
7.5 |
HIGH
Network
|
powerdns
|
authoritative
|
A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-33610
|
2026-04-25 03:53 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
6.5 |
MEDIUM
Network
|
powerdns
|
authoritative
|
Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.
New
|
CWE-90
LDAP Injection
|
CVE-2026-33609
|
2026-04-25 03:52 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
9.8 |
CRITICAL
Network
|
powerdns
|
authoritative
|
An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend…
New
|
CWE-94
Code Injection
|
CVE-2026-33608
|
2026-04-25 03:52 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
8.2 |
HIGH
Network
|
powerdns
|
dnsdist
|
A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-33602
|
2026-04-25 03:52 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
