Common Vulnerabilities and Exposures (CVE)

CVE-2026-33791

Apr 22, 2026 14:48:22 UTC

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, lead...

CVE-2026-34275

Apr 22, 2026 14:48:19 UTC

Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticat...

CVE-2025-70364

Apr 22, 2026 14:47:51 UTC

An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the ...

CVE-2026-34278

Apr 22, 2026 14:47:16 UTC

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multi...

CVE-2026-33602

Apr 22, 2026 14:47:07 UTC

A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.

CVE-2026-34281

Apr 22, 2026 14:46:26 UTC

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Orac...

CVE-2026-33596

Apr 22, 2026 14:43:54 UTC

A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.

CVE-2026-6356

Apr 22, 2026 14:42:10 UTC

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.

CVE-2026-33597

Apr 22, 2026 14:41:14 UTC

PRSD detection denial of service

CVE-2026-33595

Apr 22, 2026 14:40:28 UTC

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection.

CVE-2026-33594

Apr 22, 2026 14:36:48 UTC

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection.

CVE-2026-6386

Apr 22, 2026 14:32:53 UTC

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created us...

CVE-2026-33593

Apr 22, 2026 14:29:07 UTC

A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.

CVE-2026-33608

Apr 22, 2026 14:28:15 UTC

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restar...

CVE-2026-6862

Apr 22, 2026 14:28:14 UTC

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) devic...