Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21 matches found

RedhatCVE
RedhatCVEadded 4 days ago4 views

CVE-2026-41234

Froxlor is open source server administration software. Prior to version 2.3.7, the DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record...

7.6CVSS5.5AI score0.00041EPSS
Exploits0References1
NVD
NVDadded 5 days ago6 views

CVE-2026-41234

Froxlor is open source server administration software. Prior to version 2.3.7, the DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record...

7.6CVSS0.00041EPSS
Exploits0References3
CVE
CVEadded 5 days ago15 views

CVE-2026-41234

CVE-2026-41234 affects Froxlor prior to 2.3.7, where the DomainZones.add API does not sanitize newline characters in TXT records. An authenticated user with DNS editing enabled can inject newlines into TXT content, causing the TXT value to break out of the line in the generated BIND zone file. Th...

7.6CVSS5.9AI score0.00041EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 5 days ago4 views

CVE-2026-41234

Froxlor is open source server administration software. Prior to version 2.3.7, the DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record...

8.8CVSS5.9AI score0.00041EPSS
Exploits1References4Affected Software1
EUVD
EUVDadded 5 days ago6 views

EUVD-2026-34313

Froxlor is open source server administration software. Prior to version 2.3.7, the DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record...

8.8CVSS5.9AI score0.00041EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 6 days ago8 views

Froxlor: BIND Zone File Injection via TXT Record Content

Summary The DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record line in the generated BIND zone file. This enables injection of arbitra...

8.8CVSS6AI score0.00041EPSS
Exploits1References5Affected Software1
NVD
NVDadded 2026/04/23 4:16 a.m.0 views

CVE-2026-41230

Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g.,...

8.5CVSS0.00057EPSS
Exploits1References3
CVE
CVEadded 2026/04/23 3:47 a.m.10 views

CVE-2026-41230

CVE-2026-41230 affects Froxlor prior to 2.3.6 through DomainZones::add(), where arbitrary DNS record types and newline-containing content are not sanitized. This allows an authenticated user to inject DNS records and BIND directives (e.g., $INCLUDE, $ORIGIN, $GENERATE) into zone files by submitti...

8.5CVSS5.8AI score0.00057EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/23 3:47 a.m.0 views

CVE-2026-41230 Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()

Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g.,...

8.5CVSS5.8AI score0.00057EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/04/23 3:47 a.m.2 views

CVE-2026-41230

Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g.,...

8.5CVSS5.8AI score0.00057EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2026/04/23 3:47 a.m.37 views

CVE-2026-41230 Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()

Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g.,...

8.5CVSS0.00057EPSS
Exploits1References3
OSV
OSVadded 2026/04/16 12:47 a.m.2 views

GHSA-47HF-23PW-3M8C Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()

Summary DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g., NAPTR, PTR, HINFO, content validation is entirely bypassed. Embedded...

8.5CVSS5.9AI score0.00057EPSS
Exploits1References5
Snyk
Snykadded 2026/04/16 12:47 a.m.4 views

CRLF Injection

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to CRLF Injection via the DomainZones::add process. An attacker can inject arbitrary DNS records and BIND directives into zone files by submitting crafted DNS record types and content...

8.5CVSS5.8AI score0.00057EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/03/26 3:3 p.m.0 views

CVE-2026-30932

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...

8.8CVSS5.7AI score0.00025EPSS
Exploits1References1
CVE
CVEadded 2026/03/24 6:46 p.m.18 views

CVE-2026-30932

Froxlor is vulnerable to BIND zone file injection via unsanitized content in DomainZones.add for LOC, RP, SSHFP, and TLSA records. The API does not validate content, allowing injection of BIND directives like $INCLUDE which get written into the zone file and processed by BIND, exposing server fil...

8.8CVSS5.8AI score0.00025EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2026/03/24 4:49 p.m.1 views

EUVD-2026-14964

Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API...

8.6CVSS5.8AI score0.00025EPSS
Exploits1References3
Snyk
Snykadded 2026/03/24 4:49 p.m.2 views

Arbitrary Code Injection

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsanitized input in the content field of the DomainZones API. An attacker can inject arbitrary BIND zone file directives, such as $INCLUDE, by submitting...

8.8CVSS5.8AI score0.00025EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/03/24 4:49 p.m.5 views

Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Summary The DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file directives e.g. $INCLUDE into the zone file that gets written to disk when th...

8.8CVSS5.9AI score0.00025EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2026/03/24 4:49 p.m.1 views

GHSA-X6W6-2XWP-3JH6 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Summary The DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file directives e.g. $INCLUDE into the zone file that gets written to disk when th...

8.8CVSS5.9AI score0.00025EPSS
Exploits1References5
CNNVD
CNNVDadded 2026/03/24 12:0 a.m.3 views

Froxlor 注入漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor prior to 2.3.5 had an injection vulnerability. This vulnerability stemmed from the lack of validation of the content fields of the DomainZones.add API endpoint, which could allow for the...

8.8CVSS5.8AI score0.00025EPSS
Exploits1References3
Rows per page
Query Builder