Lucene search
K

16 matches found

OSV
OSV
added 2026/05/13 5:17 p.m.54 views

DRUPAL-CONTRIB-2026-035

The GTranslate module provides a language switcher widget for Drupal sites. The module’s widget JavaScript did not sufficiently validate that document.currentScript referred to the executing script element. A user who can add HTML to a page could cause the generated language-switcher links to poi...

2.7CVSS5.8AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2025/10/07 1:42 p.m.4 views

GHSA-MM7P-FCC7-PG87 Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

The email parsing library incorrectly handles quoted local-parts containing @. This leads to misrouting of email recipients, where the parser extracts and routes to an unintended domain instead of the RFC-compliant target. Payload: "[email protected] x"@internal.domain Using the following code to...

6.9CVSS5.8AI score0.00509EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 1:42 p.m.6 views

EUVD-2025-32876

Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict...

6.4AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/10/07 1:42 p.m.26 views

Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

The email parsing library incorrectly handles quoted local-parts containing @. This leads to misrouting of email recipients, where the parser extracts and routes to an unintended domain instead of the RFC-compliant target. Payload: "[email protected] x"@internal.domain Using the following code to...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 9:50 p.m.16 views

CVE-2022-30258

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

9.8CVSS6.8AI score0.00671EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/08/03 12:0 a.m.13 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : MaraDNS vulnerabilities (USN-6271-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6271-1 advisory. Xiang Li discovered that MaraDNS incorrectly handled certain inputs. If a user or an automated system were...

7.5CVSS7.3AI score0.01143EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/06/19 12:0 a.m.21 views

Debian dla-3457 : duende - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3457 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3457-1 [email protected]...

7.5CVSS7.3AI score0.01143EPSS
Exploits0References6
Prion
Prion
added 2022/11/21 10:15 p.m.20 views

Design/Logic Flaw

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

7.5CVSS9.2AI score0.00671EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/11/21 12:0 a.m.75 views

CVE-2022-30257

The CVE-2022-30257 entry affects Technitium DNS Server (versions through 8.0.2). Concrete details from connected sources show a flaw where variant V1 allows unintended domain name resolution: a revoked domain name can remain resolvable for an extended period, including expired or taken-down domai...

9.8CVSS9.2AI score0.00671EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/21 12:0 a.m.11 views

CVE-2022-30258

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

6.8AI score0.00671EPSS
Exploits0References1
Prion
Prion
added 2022/11/19 12:15 a.m.27 views

Design/Logic Flaw

An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

5CVSS7.2AI score0.0089EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2022/11/18 12:0 a.m.32 views

CVE-2022-30256

An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

7.5CVSS7.4AI score0.0089EPSS
Exploits0
CVE
CVE
added 2022/11/18 12:0 a.m.86 views

CVE-2022-30256

CVE-2022-30256 affects MaraDNS Deadwood up to version 3.5.0021, enabling variant V1 of unintended domain name resolution where a revoked domain can remain resolvable for long periods, including expired or taken-down domains. Impact is described as widespread and highly impactful and aligns with d...

7.5CVSS7.2AI score0.0089EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2022/11/18 12:0 a.m.51 views

CVE-2022-30256

An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

7.5AI score0.0089EPSS
Exploits0References6
Veracode
Veracode
added 2021/02/03 4:2 a.m.32 views

Open Redirection

github.com/oauth2-proxy/oauth2-proxy is vulnerable to open redirection. A user who enables whitelisting for subdomain checking is redirected to unintended domain. For example, if a whitelist domain includes “.example.com” to allow subdomains of example.com, “example.com” and “badexample.com” coul...

6.1CVSS2.1AI score0.01353EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2010/08/11 6:47 p.m.23 views

CVE-2010-1258

Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."...

4.3CVSS6.8AI score0.16995EPSS
Exploits0References3
Rows per page
Query Builder