CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

67 matches found

EUVD-2026-38491

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...

6CVSS5.9AI score0.00175EPSS

Exploits0References2

Tenable Nessus•added 2026/04/27 12:0 a.m.•4 views

Juniper Junos OS Vulnerability (JSA75730)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75730 advisory. - An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon jdhcpd of Juniper Networks Junos OS allows an adjacent, unauthenticated attack...

6.5CVSS6.7AI score0.00293EPSS

Exploits0References2

RedhatCVE•added 2026/04/13 7:23 p.m.•2 views

CVE-2026-33782

A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon jdhcpd of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service DoS. In a DHCPv6 over PPPoE, or DHCP...

8.7CVSS5.7AI score0.00288EPSS

Exploits0References1

Tenable Nessus•added 2026/04/08 12:0 a.m.•2 views

Juniper Junos OS Vulnerability (JSA107820)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA107820 advisory. - A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon jdhcpd of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticate...

8.7CVSS5.9AI score0.00288EPSS

Exploits0References2

CVE•added 2026/03/16 1:2 a.m.•20 views

CVE-2026-4203

Summary (CVE-2026-4203): A command-injection vulnerability affects multiple D-Link DNS-series devices (e.g., DNS-120, DNS-320, DNS-1550-04, etc.) via /cgi-bin/network_mgr.cgi in functions including cgi_portforwarding_add/del/modify/add_scan, cgi_dhcpd_lease, cgi_ddns, cgi_ip, and cgi_dhcpd. The i...

9.8CVSS6.4AI score0.03831EPSS

Exploits1References13Affected Software1

NVD•added 2026/01/15 9:16 p.m.•6 views

CVE-2025-59961

An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon jdhcpd of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the...

6.8CVSS0.00117EPSS

Exploits0References2

Positive Technologies•added 2026/01/15 12:0 a.m.•6 views

PT-2026-3109

6.8CVSS6.9AI score0.00117EPSS

Exploits0References3

RedhatCVE•added 2026/01/10 5:41 a.m.•5 views

CVE-2025-69542

A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP...

9.8CVSS7.7AI score0.0843EPSS

Exploits1References1

Positive Technologies•added 2026/01/09 12:0 a.m.•4 views

PT-2026-1954

Name of the Vulnerable Software and Affected Versions D-Link DIR895LA1 version 102b07 Description A command injection issue exists in the DHCP daemon service. The problem is in how lease renewals are handled, specifically where the DHCP hostname parameter is used in system commands without...

9.8CVSS7.5AI score0.0843EPSS

Exploits1References7

CVE•added 2026/01/09 12:0 a.m.•15 views

CVE-2025-69542

The CVE-2025-69542 entry affects D-Link DIR895LA1, specifically the DHCP daemon (DIR895LA1 v102b07). The issue is in lease renewal handling where the DHCP hostname is concatenated into a system command without sanitization, allowing arbitrary commands to run with root privileges. Public reference...

9.8CVSS7.4AI score0.0843EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2025/12/15 11:33 a.m.•15 views

CVE-2025-14659

A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be...

9CVSS8.7AI score0.03447EPSS

Exploits1References1

Cvelist•added 2025/12/14 11:32 a.m.•19 views

CVE-2025-14659 D-Link DIR-860LB1/DIR-868LB1 DHCP command injection

9CVSS0.03447EPSS

Exploits1References7

CVE•added 2025/12/14 11:32 a.m.•18 views

CVE-2025-14659

CVE-2025-14659 affects D-Link DIR-860LB1 and DIR-868LB1 (firmware 203b01/203b03). Affected is the DHCP Daemon’s hostname argument; manipulation leads to remote command injection. Exploitation is publicly available. The provided documents do not specify a patch version or mitigation; no fix inform...

9.8CVSS6.8AI score0.03447EPSS

Exploits1References7Affected Software1

Positive Technologies•added 2025/12/14 12:0 a.m.•5 views

PT-2025-51161

Name of the Vulnerable Software and Affected Versions D-Link DIR-860LB1 version 203b01 D-Link DIR-868LB1 version 203b01 D-Link DIR-860LB1 version 203b03 D-Link DIR-868LB1 version 203b03 Description A flaw exists in the DHCP Daemon component of the routers. Manipulation of the Hostname argument ca...

9.8CVSS7.3AI score0.03447EPSS

Exploits1References15

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-15749

Malware in sbrugna...

9CVSS8.7AI score0.02612EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-18269

Malware in sbrugna...

7.8CVSS7.6AI score0.00236EPSS

Exploits0References2