Posts of last 24 hours

CVE-2026-42387 | PowerDNS Recursor up to 5.2.10/5.3.7/5.4.2 Zone ZoneToCache denial of service (Nessus ID 323540)
A vulnerability classified as problematic was found in PowerDNS Recursor up to 5.2.10/5.3.7/5.4.2. Affected is the function ZoneToCache of the component Zone Handler. Such manipulation leads to denial of service. This vulnerability is documented as CVE-2026-42387. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.
https://vuldb.com/vuln/373857
CVE-2026-52945 | Linux Kernel up to 6.12.73 wg_cpumask_choose_online rx_queue infinite loop (Nessus ID 323541 / WID-SEC-2026-2077)
A vulnerability described as critical has been identified in Linux Kernel up to 6.12.73. This impacts the function wg_cpumask_choose_online. Executing a manipulation of the argument rx_queue can lead to infinite loop. The identification of this vulnerability is CVE-2026-52945. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.
https://vuldb.com/vuln/373295
Colombian Poultry Company Avícola El Madroño Allegedly Breached, 860MB of Data Leaked
A threat actor using the alias Saturne has posted what they describe as an 860MB data leak from Avícola El Madroño S.A. (avicolaelmadrono.com), a Colombian poultry and prepared-foods company based in Bucaramanga, and is sharing it for free.
https://darkwebinformer.com/colombian-poultry-company-avicola-el-madrono-allegedly-breached-860mb-of-data-leaked/
CVE-2026-53313 | Linux Kernel up to 7.0.9 drm /amd/display dc_dmub_srv_log_diagnostic_data dmub null pointer dereference (Nessus ID 323542)
A vulnerability, which was classified as critical, was found in Linux Kernel up to 7.0.9. Impacted is the function dc_dmub_srv_log_diagnostic_data of the file /amd/display of the component drm. Such manipulation of the argument dmub leads to null pointer dereference. This vulnerability is referenced as CVE-2026-53313. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.
https://vuldb.com/vuln/374391
CVE-2026-13502 | antlr ANTLR4 up to 4.13.2 Maven Plugin GrammarDependencies.java ObjectInputStream.readObject toctou (EUVD-2026-40000 / Nessus ID 323602)
A vulnerability marked as problematic has been reported in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. This vulnerability is tracked as CVE-2026-13502. The attack is restricted to local execution. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
https://vuldb.com/vuln/374498
CVE-2026-13501 | antlr ANTLR4 up to 4.13.2 gofmt GoTarget.java GoTarget command injection (EUVD-2026-39999 / Nessus ID 323601)
A vulnerability identified as critical has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerability is the function GoTarget of the file tool/src/org/antlr/v4/codegen/target/GoTarget.java of the component gofmt. The manipulation leads to command injection. This vulnerability is referenced as CVE-2026-13501. The attack can only be performed from a local environment. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
https://vuldb.com/vuln/374496
CVE-2026-56123 | socat up to 1.8.1.1 DOMAINNAME Reply Parser heap-based overflow (Nessus ID 323603)
A vulnerability categorized as critical has been discovered in socat up to 1.8.1.1. The affected element is an unknown function of the component DOMAINNAME Reply Parser. The manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2026-56123. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.
https://vuldb.com/vuln/373963
CVE-2026-13503 | antlr ANTLR4 up to 4.13.2 tokenVocab Grammar Option TokenVocabParser.java getImportedVocabFile path traversal (EUVD-2026-40001 / Nessus ID 323605)
A vulnerability labeled as critical has been found in antlr ANTLR4 up to 4.13.2. Affected by this issue is the function getImportedVocabFile of the file tool/src/org/antlr/v4/parse/TokenVocabParser.java of the component tokenVocab Grammar Option Handler. The manipulation results in path traversal. This vulnerability is identified as CVE-2026-13503. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
https://vuldb.com/vuln/374497
CVE-2026-13500 | antlr ANTLR4 up to 4.13.2 Grammar Action Block OutputFile.java code injection (EUVD-2026-39998 / Nessus ID 323604)
A vulnerability categorized as critical has been discovered in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The identification of this vulnerability is CVE-2026-13500. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
https://vuldb.com/vuln/374495
CVE-2026-22879 | vtk vtk-DICOM 9.5.2 NewDataElement array index (TALOS-2026-2366 / EUVD-2026-39582)
A vulnerability, which was classified as problematic, was found in vtk vtk-DICOM 9.5.2. This affects the function vtkDICOMItem::NewDataElement. Executing a manipulation can lead to improper validation of array index. This vulnerability appears as CVE-2026-22879. The attack may be performed from remote. There is no available exploit.
https://vuldb.com/vuln/374069

Managed ad