CVE-2026-47107 Windmill < 1.703.2 Incorrect Default Permissions in nsjail Configuration

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

PT-2026-41986

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.703.2 Description Incorrect default permissions in nsjail sandbox configuration files allow the /etc directory to be bind-mounted without read-write restrictions. This enables authenticated users to write arbitrary...

EUVD-2020-25718

Malware in sbrugna...

EUVD-2022-5611

Malicious code in bioql PyPI...

EUVD-2022-5031

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-3900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows...

CVE-2022-45707

IP-COM M50 V15.11.0.3310768 was discovered to contain a buffer overflow via the rules parameter in the formAddDnsHijack function...

CVE-2022-45707

IP-COM M50 V15.11.0.3310768 was discovered to contain a buffer overflow via the rules parameter in the formAddDnsHijack function...

IP-COM M50 安全漏洞

The IP-COM M50 is a wireless router from IP-COM USA. A security vulnerability exists in IP-COM M50 version V15.11.0.3310768, which stems from the discovery of a contained buffer overflow vulnerability via the rules parameter in the formAddDnsHijack function...

PT-2022-27621 · Ip Com · Ip-Com M50

Name of the Vulnerable Software and Affected Versions: IP-COM M50 version 15.11.0.3310768 Description: A buffer overflow issue was discovered via the rules parameter in the formAddDnsHijack function. Recommendations: For IP-COM M50 version 15.11.0.3310768, consider restricting access to the...

GSD-2022-1004953 DNS hijack in Smart contract version website serving smartcontract on 2022-08-09

The curve.finance web site was DNS hijacked on 2022-08-09 and a new smart contract that drains victims wallets if accepted is being served. Previously the DNS was registered through GoDaddy. The attack was partially mitigated through a white hat hacker that executed a SYN flooding attack against...

QNAP Poisoned XML Command Injection (Silently Patched)

Background CVE-2020-2509 was added to CISA’s Known Exploited Vulnerabilities Catalog in April 2022, and it was listed as one of the “Additional Routinely Exploited Vulnerabilities in 2021” in CISA’s 2021 Top Routinely Exploited Vulnerabilities alert. However, CVE-2020-2509 has no public exploit,...

GHSA-QV62-XFJ6-32XM RubyGems Improper Input Validation vulnerability

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.3.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original...

RubyGems Improper Input Validation vulnerability

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.3.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original...

RubyGems vulnerable to DNS hijack attack

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."...

GHSA-WP3J-RVFP-624H RubyGems vulnerable to DNS hijack attack

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."...

CVE-2022-24164

Tenda routers G1 and G3 v15.11.0.179502CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service DoS via the DnsHijackRule parameter...

Tenda G1 and G3 缓冲区错误漏洞

Tenda G1 and G3 is a router from Tenda, China. Tenda G1 and G3 v15.11.0.179502CN is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a denial of service DoS via the DnsHijackRule parameter...

CVE-2021-34203

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 dir-2640-us, when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify...

Default credentials

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 dir-2640-us, when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify...