Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.8 HIGH

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit …

display_and_peripheral_manager | Misconfiguration
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
7.8 HIGH
CVE-2026-46733 — Dell Display and Peripheral Manager Improper Access Control Vulnerability

Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this…

Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
7.0 HIGH
CVE-2026-46732 — Dell Display and Peripheral Manager Local Privilege Escalation via Race Condition

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privi…

Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
5.3 MEDIUM
CVE-2026-42390 — ZONEMD validation can be bypassed

An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation.

recursor | Remote | Misconfiguration
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
5.3 MEDIUM
CVE-2026-42389 — Reject more queries with invalid header values

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers.

recursor | Remote
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
5.9 MEDIUM
CVE-2026-42388 — Missing input validation for catalog zones

Incomplete validation of the SOA record present in a catalog zone might lead to a crash.

recursor | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
5.9 MEDIUM
CVE-2026-42387 — Insufficient input validation in ZoneToCache

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation.

recursor | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
9.8 CRITICAL
CVE-2026-41120 — Dell Wyse Management Suite: Acceptance of Extraneous Untrusted Data With Trusted Data lea…

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could poten…

wyse_management_suite | Remote | Misconfiguration
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2026-40012 — Information about ECS zero scoped answers might leak to clients that use a specific ECS

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;

recursor | Remote | Misconfiguration
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
8.4 HIGH
CVE-2026-2815 — Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable …

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys

| Cryptography
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-27366 — WordPress MainWP Child plugin <= 6.1.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.

mainwp_child | Remote | Authorization
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
2.7 LOW
CVE-2026-12755 — Devolutions Server PAM AD Discovery Server-Side Request Forgery

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side…

devolutions_server | Remote | Authentication
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
3.7 LOW
CVE-2026-42004 — EDNS options smuggling

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend …

dnsdist | Remote | Misconfiguration
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
5.3 MEDIUM
CVE-2026-40211 — Denial of service via crafted DoH3 queries

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on…

dnsdist | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
4.8 MEDIUM
CVE-2026-40210 — Out-of-bounds read in SetMacAddrAction

An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.

dnsdist | Remote | Memory Corruption
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
5.3 MEDIUM
CVE-2026-40209 — Denial of service via IXFR queries

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a…

dnsdist | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
3.7 LOW
CVE-2026-40208 — Denial of service via DoH3 queries

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.

dnsdist | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
3.7 LOW
CVE-2026-40011 — Prometheus denial of service via crafted DNS queries

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The pr…

dnsdist | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-33612 — ZoneToCache can poison the cache

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning.

recursor | Remote | Misconfiguration
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
4.3 MEDIUM
CVE-2026-42005 — Insufficient input validation of internal web server

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

authoritative | Remote | Denial of Service
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Showing 20 of 8022 Results