{"url":"http://public2.vulnerablecode.io/api/packages/994395?format=json","purl":"pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1","type":"deb","namespace":"debian","name":"pdns-recursor","version":"4.8.8-1+deb12u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.2.9-0+deb13u1","latest_non_vulnerable_version":"5.4.1-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353735?format=json","vulnerability_id":"VCID-26wf-1bqp-sbff","summary":"If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33601","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00174","published_at":"2026-04-26T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00212","published_at":"2026-04-24T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00255","published_at":"2026-05-14T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00257","published_at":"2026-05-11T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00254","published_at":"2026-05-12T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00259","published_at":"2026-04-29T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.0026","published_at":"2026-05-05T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00261","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33601"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","reference_id":"powerdns-advisory-powerdns-2026-03.html","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:54Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1088975?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.9-0%2Bdeb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.9-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077808?format=json","purl":"pkg:deb/debian/pdns-recursor@5.4.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.1-1"}],"aliases":["CVE-2026-33601"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26wf-1bqp-sbff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96817?format=json","vulnerability_id":"VCID-2ugc-uygs-hqb8","summary":"Crafted delegations or IP fragments can poison cached delegations in Recursor.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59024","reference_id":"","reference_type":"","scores":[{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00077","published_at":"2026-05-07T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00072","published_at":"2026-04-21T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00074","published_at":"2026-05-11T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00076","published_at":"2026-04-29T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00078","published_at":"2026-05-05T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00075","published_at":"2026-05-14T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00236","published_at":"2026-04-18T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00205","published_at":"2026-04-16T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00202","published_at":"2026-04-09T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00203","published_at":"2026-04-13T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00204","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59024"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118751","reference_id":"1118751","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118751"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-06.html","reference_id":"powerdns-advisory-2025-06.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T16:11:42Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-06.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"}],"aliases":["CVE-2025-59024"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ugc-uygs-hqb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353748?format=json","vulnerability_id":"VCID-5afe-ws96-nqh9","summary":"By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33258","reference_id":"","reference_type":"","scores":[{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00128","published_at":"2026-05-14T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00129","published_at":"2026-05-09T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00127","published_at":"2026-05-12T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00114","published_at":"2026-04-24T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00082","published_at":"2026-04-26T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00131","published_at":"2026-04-29T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.0013","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33258"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33258","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33258"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","reference_id":"powerdns-advisory-powerdns-2026-03.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:49Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1088975?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.9-0%2Bdeb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.9-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077808?format=json","purl":"pkg:deb/debian/pdns-recursor@5.4.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.1-1"}],"aliases":["CVE-2026-33258"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5afe-ws96-nqh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353734?format=json","vulnerability_id":"VCID-anab-r9ty-1yh1","summary":"An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33600","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04891","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04927","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06622","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06595","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06606","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06375","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06393","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06509","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06584","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33600"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33600","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33600"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","reference_id":"powerdns-advisory-powerdns-2026-03.html","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:53Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1088975?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.9-0%2Bdeb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.9-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077808?format=json","purl":"pkg:deb/debian/pdns-recursor@5.4.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.1-1"}],"aliases":["CVE-2026-33600"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-anab-r9ty-1yh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96816?format=json","vulnerability_id":"VCID-cdzz-8tc8-jucu","summary":"Crafted delegations or IP fragments can poison cached delegations in Recursor.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59023","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00345","published_at":"2026-04-13T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00365","published_at":"2026-04-02T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0034","published_at":"2026-04-16T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00368","published_at":"2026-04-04T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00356","published_at":"2026-04-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00353","published_at":"2026-04-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0035","published_at":"2026-04-11T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00347","published_at":"2026-04-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00505","published_at":"2026-05-14T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00504","published_at":"2026-05-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00502","published_at":"2026-05-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00428","published_at":"2026-04-18T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00487","published_at":"2026-04-21T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00485","published_at":"2026-04-24T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00486","published_at":"2026-04-26T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00512","published_at":"2026-04-29T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00518","published_at":"2026-05-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00517","published_at":"2026-05-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00511","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59023"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118751","reference_id":"1118751","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118751"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-06.html","reference_id":"powerdns-advisory-2025-06.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T16:17:14Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-06.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"}],"aliases":["CVE-2025-59023"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cdzz-8tc8-jucu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353753?format=json","vulnerability_id":"VCID-chzq-qej6-rkdq","summary":"An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33257","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01593","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01614","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01581","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01586","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01588","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01592","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01597","published_at":"2026-05-05T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00992","published_at":"2026-04-26T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00988","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33257"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135373","reference_id":"1135373","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135373"},{"reference_url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html","reference_id":"powerdns-advisory-2026-05.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:48Z/"}],"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html"},{"reference_url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","reference_id":"powerdns-advisory-for-dnsdist-2026-04.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:48Z/"}],"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","reference_id":"powerdns-advisory-powerdns-2026-03.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:48Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1088975?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.9-0%2Bdeb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.9-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/pdns-recursor@5.4.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077808?format=json","purl":"pkg:deb/debian/pdns-recursor@5.4.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.1-1"}],"aliases":["CVE-2026-33257"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-chzq-qej6-rkdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/354131?format=json","vulnerability_id":"VCID-k3re-ss39-zugm","summary":"An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33262","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00196","published_at":"2026-04-26T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00247","published_at":"2026-04-24T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00271","published_at":"2026-05-14T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00275","published_at":"2026-05-11T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00272","published_at":"2026-05-12T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00276","published_at":"2026-05-05T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00278","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33262"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33262","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33262"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","reference_id":"powerdns-advisory-powerdns-2026-03.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:58Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1088975?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.9-0%2Bdeb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.9-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077808?format=json","purl":"pkg:deb/debian/pdns-recursor@5.4.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.1-1"}],"aliases":["CVE-2026-33262"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k3re-ss39-zugm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96980?format=json","vulnerability_id":"VCID-m445-c6a1-uugf","summary":"Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0398","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00208","published_at":"2026-04-02T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00209","published_at":"2026-04-16T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00206","published_at":"2026-04-13T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00205","published_at":"2026-04-09T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00207","published_at":"2026-04-11T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00244","published_at":"2026-04-18T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00282","published_at":"2026-04-24T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00281","published_at":"2026-04-26T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00698","published_at":"2026-05-11T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00704","published_at":"2026-05-09T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00692","published_at":"2026-05-12T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00697","published_at":"2026-05-14T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00708","published_at":"2026-05-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00714","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0398"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127490","reference_id":"1127490","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127490"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-01.html","reference_id":"powerdns-advisory-2026-01.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:36:48Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-01.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"}],"aliases":["CVE-2026-0398"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m445-c6a1-uugf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353747?format=json","vulnerability_id":"VCID-mzne-k7ry-pubm","summary":"Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33259","reference_id":"","reference_type":"","scores":[{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00042","published_at":"2026-05-14T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.0004","published_at":"2026-05-05T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00041","published_at":"2026-05-11T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00038","published_at":"2026-04-24T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00028","published_at":"2026-04-26T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00039","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33259"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","reference_id":"powerdns-advisory-powerdns-2026-03.html","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:55Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1088975?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.9-0%2Bdeb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.9-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077808?format=json","purl":"pkg:deb/debian/pdns-recursor@5.4.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.1-1"}],"aliases":["CVE-2026-33259"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mzne-k7ry-pubm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353751?format=json","vulnerability_id":"VCID-pfhu-1qdf-p7d5","summary":"An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33260","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01593","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01614","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01581","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01586","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01588","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01592","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01597","published_at":"2026-05-05T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00992","published_at":"2026-04-26T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00988","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33260"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33260","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33260"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135373","reference_id":"1135373","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135373"},{"reference_url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html","reference_id":"powerdns-advisory-2026-05.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:50Z/"}],"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html"},{"reference_url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","reference_id":"powerdns-advisory-for-dnsdist-2026-04.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:50Z/"}],"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","reference_id":"powerdns-advisory-powerdns-2026-03.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:50Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1088975?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.9-0%2Bdeb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.9-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/pdns-recursor@5.4.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1"}],"aliases":["CVE-2026-33260"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pfhu-1qdf-p7d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97020?format=json","vulnerability_id":"VCID-pjbp-1jgm-s3cg","summary":"Crafted zones can lead to increased incoming network traffic.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24027","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01098","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01108","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01103","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01111","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01115","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01117","published_at":"2026-05-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00324","published_at":"2026-04-12T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00323","published_at":"2026-04-13T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00339","published_at":"2026-04-02T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00402","published_at":"2026-04-18T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00318","published_at":"2026-04-16T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00337","published_at":"2026-04-04T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00329","published_at":"2026-04-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00326","published_at":"2026-04-08T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00327","published_at":"2026-04-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00325","published_at":"2026-04-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00527","published_at":"2026-04-26T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00525","published_at":"2026-04-24T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0053","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24027"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24027","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24027"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127490","reference_id":"1127490","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127490"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-01.html","reference_id":"powerdns-advisory-2026-01.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T16:19:10Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-01.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"}],"aliases":["CVE-2026-24027"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjbp-1jgm-s3cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96818?format=json","vulnerability_id":"VCID-umcq-ztbz-qfb2","summary":"An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59030","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17494","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19454","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19424","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19416","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19561","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19513","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20306","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20341","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20346","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2047","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23608","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23556","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23508","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23524","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24128","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2459","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24706","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24659","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24816","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24777","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59030"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59030","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59030"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122197","reference_id":"1122197","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122197"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-08.html","reference_id":"powerdns-advisory-2025-08.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T14:30:11Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-08.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"}],"aliases":["CVE-2025-59030"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umcq-ztbz-qfb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353737?format=json","vulnerability_id":"VCID-v9yz-hcqv-83gu","summary":"A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33261","reference_id":"","reference_type":"","scores":[{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00049","published_at":"2026-04-26T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00076","published_at":"2026-05-14T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00075","published_at":"2026-05-12T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00074","published_at":"2026-05-11T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00078","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33261"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33261","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33261"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","reference_id":"powerdns-advisory-powerdns-2026-03.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:52:56Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1088975?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.9-0%2Bdeb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.9-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077808?format=json","purl":"pkg:deb/debian/pdns-recursor@5.4.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.1-1"}],"aliases":["CVE-2026-33261"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9yz-hcqv-83gu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96620?format=json","vulnerability_id":"VCID-wywf-pmyt-zud4","summary":"An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries.  The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers.  The most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30192","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09691","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09742","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13327","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1341","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1346","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13399","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13434","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13352","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14882","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14876","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14936","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14975","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14977","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14919","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14794","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16403","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16368","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16474","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16402","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16297","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30192"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30192","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30192"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109808","reference_id":"1109808","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109808"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-04.html","reference_id":"powerdns-advisory-2025-04.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-21T13:05:23Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-04.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"}],"aliases":["CVE-2025-30192"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wywf-pmyt-zud4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353738?format=json","vulnerability_id":"VCID-xasd-r2rc-2ufq","summary":"An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33256","reference_id":"","reference_type":"","scores":[{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00128","published_at":"2026-05-14T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00131","published_at":"2026-05-07T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.0013","published_at":"2026-05-09T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00114","published_at":"2026-04-24T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00083","published_at":"2026-04-26T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00132","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33256"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","reference_id":"powerdns-advisory-powerdns-2026-03.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:46Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055203?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1088975?format=json","purl":"pkg:deb/debian/pdns-recursor@5.2.9-0%2Bdeb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.9-0%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077808?format=json","purl":"pkg:deb/debian/pdns-recursor@5.4.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.1-1"}],"aliases":["CVE-2026-33256"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xasd-r2rc-2ufq"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61411?format=json","vulnerability_id":"VCID-66sa-bc5p-jqde","summary":"Multiple vulnerabilities have been discovered in Dnsmasq, the worst of which could lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50387.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50387.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50387","reference_id":"","reference_type":"","scores":[{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97939","published_at":"2026-05-14T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97928","published_at":"2026-05-07T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97931","published_at":"2026-05-11T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97926","published_at":"2026-04-29T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.9792","published_at":"2026-04-24T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97921","published_at":"2026-04-26T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97896","published_at":"2026-04-02T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97922","published_at":"2026-04-18T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97914","published_at":"2026-04-13T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97913","published_at":"2026-04-12T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97912","published_at":"2026-04-11T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97909","published_at":"2026-04-09T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97906","published_at":"2026-04-08T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97901","published_at":"2026-04-07T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97898","published_at":"2026-04-04T12:55:00Z"},{"value":"0.51989","scoring_system":"epss","scoring_elements":"0.97935","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html","reference_id":"017430.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845","reference_id":"1063845","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063852","reference_id":"1063852","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063852"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077750","reference_id":"1077750","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077750"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/16/2","reference_id":"2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/16/2"},{"reference_url":"https://www.isc.org/blogs/2024-bind-security-release/","reference_id":"2024-bind-security-release","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://www.isc.org/blogs/2024-bind-security-release/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263914","reference_id":"2263914","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263914"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/16/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/16/3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/","reference_id":"6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/","reference_id":"BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/"},{"reference_url":"https://kb.isc.org/docs/cve-2023-50387","reference_id":"cve-2023-50387","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://kb.isc.org/docs/cve-2023-50387"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-50387","reference_id":"CVE-2023-50387","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-50387"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387","reference_id":"CVE-2023-50387","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387"},{"reference_url":"https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/","reference_id":"dnssec_vulnerability_internet","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/"},{"reference_url":"https://security.gentoo.org/glsa/202412-10","reference_id":"GLSA-202412-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-10"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/","reference_id":"HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/","reference_id":"IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/"},{"reference_url":"https://news.ycombinator.com/item?id=39367411","reference_id":"item?id=39367411","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://news.ycombinator.com/item?id=39367411"},{"reference_url":"https://news.ycombinator.com/item?id=39372384","reference_id":"item?id=39372384","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://news.ycombinator.com/item?id=39372384"},{"reference_url":"https://www.athene-center.de/aktuelles/key-trap","reference_id":"key-trap","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://www.athene-center.de/aktuelles/key-trap"},{"reference_url":"https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/","reference_id":"keytrap-dns-attack-could-disable-large-parts-of-internet-researchers","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html","reference_id":"msg00006.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html","reference_id":"msg00011.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240307-0007/","reference_id":"ntap-20240307-0007","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240307-0007/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/","reference_id":"PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html","reference_id":"powerdns-advisory-2024-01.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/","reference_id":"RGS7JN6FZXUSTC2XKQHH27574XOULYYJ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0965","reference_id":"RHSA-2024:0965","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0965"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0977","reference_id":"RHSA-2024:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0981","reference_id":"RHSA-2024:0981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0982","reference_id":"RHSA-2024:0982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11003","reference_id":"RHSA-2024:11003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1334","reference_id":"RHSA-2024:1334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1334"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1335","reference_id":"RHSA-2024:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1522","reference_id":"RHSA-2024:1522","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1522"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1543","reference_id":"RHSA-2024:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1544","reference_id":"RHSA-2024:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1545","reference_id":"RHSA-2024:1545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1647","reference_id":"RHSA-2024:1647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1648","reference_id":"RHSA-2024:1648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1781","reference_id":"RHSA-2024:1781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1782","reference_id":"RHSA-2024:1782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1789","reference_id":"RHSA-2024:1789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1800","reference_id":"RHSA-2024:1800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1801","reference_id":"RHSA-2024:1801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1803","reference_id":"RHSA-2024:1803","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1803"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1804","reference_id":"RHSA-2024:1804","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1804"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2551","reference_id":"RHSA-2024:2551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2587","reference_id":"RHSA-2024:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2696","reference_id":"RHSA-2024:2696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2720","reference_id":"RHSA-2024:2720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2721","reference_id":"RHSA-2024:2721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2821","reference_id":"RHSA-2024:2821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2890","reference_id":"RHSA-2024:2890","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3271","reference_id":"RHSA-2024:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3741","reference_id":"RHSA-2024:3741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3877","reference_id":"RHSA-2024:3877","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3929","reference_id":"RHSA-2024:3929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0039","reference_id":"RHSA-2025:0039","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0039"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1219823","reference_id":"show_bug.cgi?id=1219823","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1219823"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/","reference_id":"SVYA42BLXUCIDLD35YIJPJSHDIADNYMP","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/"},{"reference_url":"https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf","reference_id":"Technical_Report_KeyTrap.pdf","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/","reference_id":"TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/"},{"reference_url":"https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/","reference_id":"unbound-1.19.1-released","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/","reference_id":"UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/"},{"reference_url":"https://usn.ubuntu.com/6633-1/","reference_id":"USN-6633-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6633-1/"},{"reference_url":"https://usn.ubuntu.com/6642-1/","reference_id":"USN-6642-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6642-1/"},{"reference_url":"https://usn.ubuntu.com/6657-1/","reference_id":"USN-6657-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6657-1/"},{"reference_url":"https://usn.ubuntu.com/6657-2/","reference_id":"USN-6657-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6657-2/"},{"reference_url":"https://usn.ubuntu.com/6665-1/","reference_id":"USN-6665-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6665-1/"},{"reference_url":"https://usn.ubuntu.com/6723-1/","reference_id":"USN-6723-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6723-1/"},{"reference_url":"https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1","reference_id":"v5.7.1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/","reference_id":"ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994395?format=json","purl":"pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-2ugc-uygs-hqb8"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-cdzz-8tc8-jucu"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-m445-c6a1-uugf"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-pjbp-1jgm-s3cg"},{"vulnerability":"VCID-umcq-ztbz-qfb2"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-wywf-pmyt-zud4"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1"}],"aliases":["CVE-2023-50387"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66sa-bc5p-jqde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95119?format=json","vulnerability_id":"VCID-7dc3-qdk8-k7b2","summary":"In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27227","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07689","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07652","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07627","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07648","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07406","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07449","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0743","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07487","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0751","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07496","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07484","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07393","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07522","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07482","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07471","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07439","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07437","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07584","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27227"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-2655","reference_id":"AVG-2655","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2655"},{"reference_url":"https://security.archlinux.org/AVG-2656","reference_id":"AVG-2656","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2656"},{"reference_url":"https://usn.ubuntu.com/7203-1/","reference_id":"USN-7203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7203-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994395?format=json","purl":"pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-2ugc-uygs-hqb8"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-cdzz-8tc8-jucu"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-m445-c6a1-uugf"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-pjbp-1jgm-s3cg"},{"vulnerability":"VCID-umcq-ztbz-qfb2"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-wywf-pmyt-zud4"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1"}],"aliases":["CVE-2022-27227"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7dc3-qdk8-k7b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95232?format=json","vulnerability_id":"VCID-8tar-s444-zfac","summary":"PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37428","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16749","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16879","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16935","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16718","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16803","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16858","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16836","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16791","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16732","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16668","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16676","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16714","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16619","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16609","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16574","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1644","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1656","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16664","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1663","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16665","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37428"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37428","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37428"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994395?format=json","purl":"pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-2ugc-uygs-hqb8"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-cdzz-8tc8-jucu"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-m445-c6a1-uugf"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-pjbp-1jgm-s3cg"},{"vulnerability":"VCID-umcq-ztbz-qfb2"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-wywf-pmyt-zud4"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1"}],"aliases":["CVE-2022-37428"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8tar-s444-zfac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95460?format=json","vulnerability_id":"VCID-mkcs-362g-t7aq","summary":"Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26437","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.0116","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01155","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01163","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01348","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01341","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0134","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01351","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01357","published_at":"2026-05-05T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0087","published_at":"2026-04-21T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00824","published_at":"2026-04-18T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00833","published_at":"2026-04-04T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00835","published_at":"2026-04-07T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00839","published_at":"2026-04-08T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00836","published_at":"2026-04-09T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00834","published_at":"2026-04-02T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00819","published_at":"2026-04-12T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0082","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26437"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033941","reference_id":"1033941","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033941"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN7VMRYKZHG2UDUAK326LXD3JY7NO3LR/","reference_id":"CN7VMRYKZHG2UDUAK326LXD3JY7NO3LR","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-13T16:31:03Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN7VMRYKZHG2UDUAK326LXD3JY7NO3LR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHPD6SIQOG7245GXFQHPUEI4AZ6Y3KD6/","reference_id":"IHPD6SIQOG7245GXFQHPUEI4AZ6Y3KD6","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-13T16:31:03Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHPD6SIQOG7245GXFQHPUEI4AZ6Y3KD6/"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html","reference_id":"powerdns-advisory-2023-02.html","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-13T16:31:03Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994395?format=json","purl":"pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-2ugc-uygs-hqb8"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-cdzz-8tc8-jucu"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-m445-c6a1-uugf"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-pjbp-1jgm-s3cg"},{"vulnerability":"VCID-umcq-ztbz-qfb2"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-wywf-pmyt-zud4"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1"}],"aliases":["CVE-2023-26437"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkcs-362g-t7aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61412?format=json","vulnerability_id":"VCID-vprj-j7u6-zbe7","summary":"Multiple vulnerabilities have been discovered in Dnsmasq, the worst of which could lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50868.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50868.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50868","reference_id":"","reference_type":"","scores":[{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93778","published_at":"2026-05-12T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93774","published_at":"2026-05-11T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.9377","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.9373","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93684","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93791","published_at":"2026-05-14T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93741","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93742","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93745","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.9374","published_at":"2026-04-21T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93694","published_at":"2026-04-04T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93696","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93706","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93708","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93712","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93713","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93737","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.93761","published_at":"2026-05-07T12:55:00Z"},{"value":"0.11802","scoring_system":"epss","scoring_elements":"0.9375","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html","reference_id":"017430.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845","reference_id":"1063845","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063852","reference_id":"1063852","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063852"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077751","reference_id":"1077751","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077751"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/16/2","reference_id":"2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/16/2"},{"reference_url":"https://www.isc.org/blogs/2024-bind-security-release/","reference_id":"2024-bind-security-release","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://www.isc.org/blogs/2024-bind-security-release/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263917","reference_id":"2263917","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263917"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/16/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/16/3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/","reference_id":"6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/","reference_id":"BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/"},{"reference_url":"https://kb.isc.org/docs/cve-2023-50868","reference_id":"cve-2023-50868","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://kb.isc.org/docs/cve-2023-50868"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-50868","reference_id":"CVE-2023-50868","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-50868"},{"reference_url":"https://security.gentoo.org/glsa/202412-10","reference_id":"GLSA-202412-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-10"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/","reference_id":"HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/","reference_id":"IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html","reference_id":"msg00006.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html","reference_id":"msg00011.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240307-0008/","reference_id":"ntap-20240307-0008","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240307-0008/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/","reference_id":"PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html","reference_id":"powerdns-advisory-2024-01.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc5155","reference_id":"rfc5155","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc5155"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/","reference_id":"RGS7JN6FZXUSTC2XKQHH27574XOULYYJ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0965","reference_id":"RHSA-2024:0965","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0965"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0977","reference_id":"RHSA-2024:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0981","reference_id":"RHSA-2024:0981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0982","reference_id":"RHSA-2024:0982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11003","reference_id":"RHSA-2024:11003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1334","reference_id":"RHSA-2024:1334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1334"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1335","reference_id":"RHSA-2024:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1522","reference_id":"RHSA-2024:1522","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1522"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1543","reference_id":"RHSA-2024:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1544","reference_id":"RHSA-2024:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1545","reference_id":"RHSA-2024:1545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1647","reference_id":"RHSA-2024:1647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1648","reference_id":"RHSA-2024:1648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1781","reference_id":"RHSA-2024:1781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1782","reference_id":"RHSA-2024:1782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1789","reference_id":"RHSA-2024:1789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1800","reference_id":"RHSA-2024:1800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1801","reference_id":"RHSA-2024:1801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1803","reference_id":"RHSA-2024:1803","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1803"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1804","reference_id":"RHSA-2024:1804","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1804"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2551","reference_id":"RHSA-2024:2551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2587","reference_id":"RHSA-2024:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2696","reference_id":"RHSA-2024:2696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2720","reference_id":"RHSA-2024:2720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2721","reference_id":"RHSA-2024:2721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2821","reference_id":"RHSA-2024:2821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2890","reference_id":"RHSA-2024:2890","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3271","reference_id":"RHSA-2024:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3741","reference_id":"RHSA-2024:3741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3877","reference_id":"RHSA-2024:3877","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3929","reference_id":"RHSA-2024:3929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0039","reference_id":"RHSA-2025:0039","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0039"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1219826","reference_id":"show_bug.cgi?id=1219826","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1219826"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/","reference_id":"SVYA42BLXUCIDLD35YIJPJSHDIADNYMP","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/","reference_id":"TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/"},{"reference_url":"https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/","reference_id":"unbound-1.19.1-released","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/","reference_id":"UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/"},{"reference_url":"https://usn.ubuntu.com/6633-1/","reference_id":"USN-6633-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6633-1/"},{"reference_url":"https://usn.ubuntu.com/6642-1/","reference_id":"USN-6642-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6642-1/"},{"reference_url":"https://usn.ubuntu.com/6657-1/","reference_id":"USN-6657-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6657-1/"},{"reference_url":"https://usn.ubuntu.com/6657-2/","reference_id":"USN-6657-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6657-2/"},{"reference_url":"https://usn.ubuntu.com/6665-1/","reference_id":"USN-6665-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6665-1/"},{"reference_url":"https://usn.ubuntu.com/6723-1/","reference_id":"USN-6723-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6723-1/"},{"reference_url":"https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1","reference_id":"v5.7.1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/","reference_id":"ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994395?format=json","purl":"pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-2ugc-uygs-hqb8"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-cdzz-8tc8-jucu"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-m445-c6a1-uugf"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-pjbp-1jgm-s3cg"},{"vulnerability":"VCID-umcq-ztbz-qfb2"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-wywf-pmyt-zud4"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1"}],"aliases":["CVE-2023-50868"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vprj-j7u6-zbe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95999?format=json","vulnerability_id":"VCID-wmgd-z2j3-h7d9","summary":"An attacker can publish a zone containing specific Resource Record Sets.   Repeatedly processing and caching results for these sets can lead to a   denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25590","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31377","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31446","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31353","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32036","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32076","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.319","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31952","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31981","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31984","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31944","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31911","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31923","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31895","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31728","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31601","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31517","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31367","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31437","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25590"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083285","reference_id":"1083285","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083285"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-04.html","reference_id":"powerdns-advisory-2024-04.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:34:21Z/"}],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-04.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994395?format=json","purl":"pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-2ugc-uygs-hqb8"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-cdzz-8tc8-jucu"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-m445-c6a1-uugf"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-pjbp-1jgm-s3cg"},{"vulnerability":"VCID-umcq-ztbz-qfb2"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-wywf-pmyt-zud4"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1"}],"aliases":["CVE-2024-25590"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wmgd-z2j3-h7d9"}],"risk_score":"2.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1"}