MindsDB -DNS Rebinding SSRF Protection Bypass

Detects DNS rebinding vulnerability that allows bypass of SSRF protection. The vulnerability exists in the URL validation mechanism where DNS resolution is performed without considering DNS rebinding attacks. id: CVE-2024-24759 info: name: MindsDB -DNS Rebinding SSRF Protection Bypass author: Lee...

Rudder Server < 1.3.0-rc.1 - SQL Injection

Rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field. id: CVE-2018-19914 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

Netmaker - Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. id: CVE-2023-32077 info: name: Netmaker - Hardcoded DNS Secret Key author: iamnoooob,rootxharsh,pdresearch...

CVE-2026-54353

Budibase prior to version 3.39.9 is vulnerable to a non‑blind SSRF due to a DNS rebinding bypass in the outbound fetch validation flow. Authenticated users with automation permissions can bypass the SSRF blacklist: the hostname is validated against the blacklist, but the socket connection later p...

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: kots, opentelemetry-collector, gitea, nemo, flux-image-automation-controller, spire-server, helm, knative-serving-fips, kubescape-server-fips, cloudbeat, cilium, skaffold, kubescape, cilium-cli, k9s-fips, argocd-image-updater-fips, kubernetes, coder,...

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: flux-notification-controller, docker-cli-buildx, fulcio, cilium-cli, cloud-provider-aws, ko, sops, kaf, pulumi-language-dotnet, cluster-api-azure-controller, k8sgpt, age, zarf, openbao, terraform-provider-tls, gitea, gitlab-kas, ksops,...

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: helm, kine, knative-serving, snyk-cli, rancher, rancher-agent, mattermost, cilium-cli, cloud-provider-aws, flux, prometheus-operator, trivy, kaf, kubescape, fscrypt, loki, prometheus, aactl, k3s, kyverno, nerdctl, cert-manager, osv-scanner, zarf, zot, gitea,...

GHSA-JPPX-RXG9-JMRX vulnerabilities

Vulnerabilities for packages: helm, kine, knative-serving, snyk-cli, docker-cli-buildx, rancher, podman, rancher-agent, mattermost, cilium-cli, cloud-provider-aws, flux, prometheus-operator, buildah, kaf, loki, fscrypt, prometheus, teleport, aactl, k3s, kyverno, nerdctl, cert-manager, zot,...

D-Link DNS-320 - Remote Code Execution

The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. id: CVE-2019-16057 info: name: D-Link DNS-320 - Remote Code Execution author: DhiyaneshDk severity: critical description: | The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerabl...

EUVD-2026-39821

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...

Server-Side Request Forgery

jackson-databind is vulnerable to server-side request forgery SSRF. The vulnerability is due to eager DNS resolution during InetSocketAddress deserialization, where untrusted hostnames are resolved before application-level validation, allowing attackers to trigger arbitrary DNS requests by...

CVE-2026-46611

A vulnerability in the Glances XML-RPC server fails to properly validate HTTP Host headers, enabling DNS rebinding attacks. If a user is tricked into visiting a malicious website, a remote attacker can exploit this flaw to exfiltrate sensitive system monitoring data. Mitigation The XML-RPC server...

CVE-2026-36478

CVE-2026-36478 affects Technitium DNS Server

CVE-2026-6731

CVE-2026-6731 describes an X.509 name constraint bypass where the Subject CN is treated as a DNS-type name, allowing a certificate to pass DNS constraints if the CN violates them. Public sources (NVD and related feeds) reference this bypass and provide CVSS metrics (v3.1: 7.5, Network, High impac...

CVE-2026-6731

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...

CVE-2026-6731

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...

CVE-2026-46611

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

CVE-2026-46611 Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...