4949 matches found
EUVD-2026-45100
OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should hav...
EUVD-2026-44970
stoatchat before 0.14.0 contains a server-side request forgery SSRF vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the urlisblacklisted function, which inspects only the first resolved...
CVE-2026-62948 OpenWrt odhcpd/LuCI: unauthenticated DHCPv6 client can inject lease-file lines via FQDN hostname → stored XSS in the LuCI admin UI
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefiles.c statefileswritestate6 and statefileswritestate4 without escaping, allowing newline injection of forged lease lin...
CVE-2026-47703 AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by producing dnsid=0 or txid=0 and exposed a quoted-port ICMP source-port oracle, weakening DNS response...
crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries
A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...
ROOT-APP-MAVEN-CVE-2026-47691 CVE-2026-47691 in io.root.io.netty:netty-resolver-dns - Patched by Root
Root has patched CVE-2026-47691 in the io.root.io.netty:netty-resolver-dns package for Root:Maven. Multiple fixed versions available...
crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application
A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...
net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
CVE-2026-49169
Use after free in DNS Server allows an authorized attacker to execute code over a network...
CVE-2026-15428
An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with...
CVE-2026-50487 Windows DNS Client Elevation of Privilege Vulnerability
...
CVE-2026-50495 DNS Client Tampering Vulnerability
...
CVE-2026-50495
CVE-2026-50495 is a Windows DNS vulnerability described as improper access control that could allow an authorized local attacker to tamper DNS-related data. Multiple connected sources (NVD entry and MSRC update guidance) confirm this as a locally exploitable issue with a baseline CVSS v3.1 score ...
CVE-2026-50495 DNS Client Tampering Vulnerability
...
CVE-2026-50465
CVE-2026-50465 is a Windows DNS Client tampering vulnerability caused by improper access control that can be exploited locally by an authorized attacker. Connected sources confirm Windows DNS is affected (CVE-2026-50465 listed under Windows DNS with data manipulation; MSRC update guidance). The C...
CVE-2026-50426 Windows DNS Server Remote Code Execution Vulnerability
...
CVE-2026-50295 Windows Zero Trust DNS Security Feature Bypass Vulnerability
...
CVE-2026-50295 Windows Zero Trust DNS Security Feature Bypass Vulnerability
...
CVE-2026-49174
CVE-2026-49174 describes a vulnerability in Microsoft Windows DNS where missing authentication for a critical function could allow a locally authorized attacker to tamper with DNS behavior. The NVD entry notes a CVSS v3.1 base score of 6.1 (Medium) with a LOCAL attack vector, LOW attack complexit...
CVE-2026-49174 DNS Client Tampering Vulnerability
...