Lucene search
+L

4949 matches found

EUVD
EUVD
added 13 hours ago3 views

EUVD-2026-45100

OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should hav...

7.1CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-44970

stoatchat before 0.14.0 contains a server-side request forgery SSRF vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the urlisblacklisted function, which inspects only the first resolved...

8.6CVSS6.1AI score
Exploits0References4
OSV
OSV
added 2 days ago3 views

CVE-2026-62948 OpenWrt odhcpd/LuCI: unauthenticated DHCPv6 client can inject lease-file lines via FQDN hostname → stored XSS in the LuCI admin UI

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefiles.c statefileswritestate6 and statefileswritestate4 without escaping, allowing newline injection of forged lease lin...

9.6CVSS6.1AI score0.00314EPSS
Exploits0References7
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-47703 AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by producing dnsid=0 or txid=0 and exposed a quoted-port ICMP source-port oracle, weakening DNS response...

6.3CVSS0.00135EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2 days ago7 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS6.9AI score0.00939EPSS
Exploits0References8
OSV
OSV
added 2 days ago13 views

ROOT-APP-MAVEN-CVE-2026-47691 CVE-2026-47691 in io.root.io.netty:netty-resolver-dns - Patched by Root

Root has patched CVE-2026-47691 in the io.root.io.netty:netty-resolver-dns package for Root:Maven. Multiple fixed versions available...

10CVSS5.3AI score0.00292EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2 days ago4 views

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS6.1AI score0.0034EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2 days ago3 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS6.1AI score0.00813EPSS
Exploits0References8
NVD
NVD
added 3 days ago4 views

CVE-2026-49169

Use after free in DNS Server allows an authorized attacker to execute code over a network...

8.8CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 3 days ago3 views

CVE-2026-15428

An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with...

8.5CVSS0.00885EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-50487 Windows DNS Client Elevation of Privilege Vulnerability

...

8.1CVSS0.00674EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-50495 DNS Client Tampering Vulnerability

...

6.1CVSS0.00279EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-50495

CVE-2026-50495 is a Windows DNS vulnerability described as improper access control that could allow an authorized local attacker to tamper DNS-related data. Multiple connected sources (NVD entry and MSRC update guidance) confirm this as a locally exploitable issue with a baseline CVSS v3.1 score ...

6.1CVSS6AI score0.00279EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-50495 DNS Client Tampering Vulnerability

...

6.1CVSS6.1AI score0.00279EPSS
Exploits0References1
CVE
CVE
added 3 days ago6 views

CVE-2026-50465

CVE-2026-50465 is a Windows DNS Client tampering vulnerability caused by improper access control that can be exploited locally by an authorized attacker. Connected sources confirm Windows DNS is affected (CVE-2026-50465 listed under Windows DNS with data manipulation; MSRC update guidance). The C...

7.1CVSS6AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-50426 Windows DNS Server Remote Code Execution Vulnerability

...

6.8CVSS0.00367EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago22 views

CVE-2026-50295 Windows Zero Trust DNS Security Feature Bypass Vulnerability

...

5.5CVSS0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-50295 Windows Zero Trust DNS Security Feature Bypass Vulnerability

...

5.5CVSS6.1AI score0.00222EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-49174

CVE-2026-49174 describes a vulnerability in Microsoft Windows DNS where missing authentication for a critical function could allow a locally authorized attacker to tamper with DNS behavior. The NVD entry notes a CVSS v3.1 base score of 6.1 (Medium) with a LOCAL attack vector, LOW attack complexit...

6.1CVSS6AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago2 views

CVE-2026-49174 DNS Client Tampering Vulnerability

...

6.1CVSS6.1AI score0.00202EPSS
Exploits0References1
Rows per page
Query Builder