CVE-2025-14279

The CVE details a DNS rebinding vulnerability in MLflow up to version 3.4.0 caused by lack of Origin header validation in the MLflow REST server. The issue allows an attacker to bypass Same-Origin Policy and issue unauthorized requests to REST endpoints, enabling querying, updating, and deleting ...

CVE-2020-24375

A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3...

CVE-2020-24376

A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3...

EUVD-2020-17106

Malware in sbrugna...

EUVD-2020-17108

Malware in sbrugna...

EUVD-2020-17109

Malware in sbrugna...

EUVD-2019-9115

Malware in sbrugna...

EUVD-2020-17107

Malware in sbrugna...

EUVD-2024-51930

Malicious code in bioql PyPI...

EUVD-2022-15567

Malicious code in bioql PyPI...

EUVD-2024-39573

Malicious code in bioql PyPI...

EUVD-2022-1226

Malicious code in bioql PyPI...

CVE-2025-49004

Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website load...

CVE-2024-42364

Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...

CVE-2024-53275

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is set up without TLS and user authentication by default, leaving it vulnerable to DNS rebinding. I...

CVE-2020-24374

A DNS rebinding vulnerability in Freebox v5 before 1.5.29...

DNS Rebinding

MindsDB is vulnerable to DNS Rebinding. The vulnerability is due to the manipulation of domain name resolution, where initial and subsequent DNS queries resolve to different addresses, allowing an attacker to bypass server-side request forgery protection and potentially cause a denial of service...

RHEL 6 : python-django (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-django: DNS rebinding vulnerability when 'DEBUG=True' CVE-2016-9014 - Django 1.10 before 1.10.7, 1...

Debian: Security Advisory (DLA-706-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[Security Nation] Chris John Riley on Minimum Viable Secure Product (MVSP)

!\Security Nation\ Chris John Riley on Minimum Viable Secure Product \MVSP\https://blog.rapid7.com/content/images/2021/11/securitynationlogo--1--2.jpg In the final installment of Season 4 of Security Nation, Jen and Tod sit down with Chris John Riley, senior security engineer at Google and co-hos...