PULSE
EN VIVO22señales / 24h
FEED
ransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Servicesransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Services
← Todos los CVEs
CVE Watch9 jul 2026

CVE-2026-23556

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reu

CVSS

Sin CVSS

EPSS

0.1%

p3

KEV

Exploit Today

1

0-100

Publicado: 9 jul 2026 · Última mod.: 9 jul 2026 · CWE-281

EPSS · 30d
0.1%EPSS · 30 días0.1%
2026-07-102026-07-16
Descripción técnica

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota.

Referencias oficiales
CVEs relacionados
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2024-463109.1 CRÍ
82.4%
25Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint13d
CVE-2025-551309.1 CRÍ
73.6%
22A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25.3d
CVE-2022-385778.8 ALT
70.4%
21ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.9d
CVE-2024-548799.1 CRÍ
55.9%
17SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.13d
CVE-2023-346728.8 ALT
50.2%
15Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases.9d
CVE-2026-398329.1 CRÍ
41.0%
12When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.1d