|
121
|
8.1 |
HIGH
Adjacent
|
powerdns
|
dnsdist
|
A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. D…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-33599
|
2026-04-25 03:52 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
9.1 |
CRITICAL
Network
|
powerdns
|
dnsdist
|
A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-33598
|
2026-04-25 03:51 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
7.5 |
HIGH
Network
|
powerdns
|
dnsdist
|
PRSD detection denial of service
New
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-33597
|
2026-04-25 03:51 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
6.5 |
MEDIUM
Adjacent
|
powerdns
|
dnsdist
|
A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DN…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-33596
|
2026-04-25 03:50 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
7.5 |
HIGH
Network
|
powerdns
|
dnsdist
|
A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the conne…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33595
|
2026-04-25 03:49 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
7.5 |
HIGH
Network
|
powerdns
|
dnsdist
|
A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.
New
|
CWE-369
Divide By Zero
|
CVE-2026-33593
|
2026-04-25 03:49 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype…
New
|
CWE-915
CWE-1321
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42044
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
7.2 |
HIGH
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 r…
New
|
CWE-183
CWE-441
CWE-918
Permissive List of Allowed Inputs
Confused Deputy
Server-Side Request Forgery (SSRF)
|
CVE-2026-42043
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict …
New
|
CWE-183
CWE-201
Permissive List of Allowed Inputs
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-42042
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype…
New
|
CWE-287
CWE-1321
Improper Authentication
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42041
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
