Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.33.2.SP1 security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

CVE-2026-30932 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...

CVE-2026-1425 pymumu SmartDNS SVBC Record dns.c _dns_decode_SVCB_HTTPS stack-based overflow

A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function dnsdecoderrhead/dnsdecodeSVCBHTTPS of the file src/dns.c of the component SVBC Record Parser. The manipulation results in stack-based buffer overflow. It is possible to launch the attack...

PowerDNS Recursor 安全漏洞

PowerDNS Recursor pdnsrecursor is a domain name resolution server from the Dutch company PowerDNS. A security vulnerability exists in PowerDNS Recursor that stems from a specially crafted DNS record that could lead to an assertion failure...

EUVD-2018-5831

Malware in sbrugna...

EUVD-2016-0787

Malware in sbrugna...

EUVD-2024-40257

Malicious code in bioql PyPI...

CVE-2024-43381

reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting XSS attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of...

CVE-2019-14726

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account...

Alibaba Cloud Linux 3 : 0258: systemd (ALINUX3-SA-2024:0258)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0258 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-7008: A vulnerability was found in...

URL Validation Bypass

Zitadel is vulnerable to URL Validation Bypass. The vulnerability is due to the flaw in the URL validation mechanism in Zitadel's actions. Specifically, the isHostBlocked check, which is intended to block requests to localhost 127.0.0.1, can be circumvented by creating a DNS record that resolves ...

Denied Host Validation Bypass in Zitadel Actions

Summary A flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests to localhost 127.0.0.1. The isHostBlocked check, designed to prevent such requests, can be circumvented by creating a DNS record that resolves to 127.0.0.1. This enables...

GHSA-6CF5-W9H3-4RQV Denied Host Validation Bypass in Zitadel Actions

Summary A flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests to localhost 127.0.0.1. The isHostBlocked check, designed to prevent such requests, can be circumvented by creating a DNS record that resolves to 127.0.0.1. This enables...

CVE-2024-49753 Denied Host Validation Bypass in Zitadel Actions

Zitadel is open-source identity infrastructure software. Versions prior to 2.64.1, 2.63.6, 2.62.8, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 have a flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests to localhost 127.0.0.1. The isHostBlocked...

CVE-2024-49753 Denied Host Validation Bypass in Zitadel Actions

Zitadel is open-source identity infrastructure software. Versions prior to 2.64.1, 2.63.6, 2.62.8, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 have a flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests to localhost 127.0.0.1. The isHostBlocked...

Microsoft Office NTLMv2 Disclosure

Exploit Title: Microsoft Office NTLMv2 Disclosure Vulnerability Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.office.com/ Software Link: https://www.office.com/ Details: https://github.com/passtheticket/CVE-2024-38200 Version: Microsoft Office 2019 MSO Build 1808...

DNS Record Scanner and Enumerator

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DNS Record Scanner and Enumerator', 'Description' = %q This module can be used to gather information about a domain from a given DNS server by...

CVE-2024-43381 reNgine vulnerable to Stored Cross-Site Scripting (XSS) via DNS Record Poisoning

reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting XSS attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of...

CVE-2024-43381 reNgine vulnerable to Stored Cross-Site Scripting (XSS) via DNS Record Poisoning

reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting XSS attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of...

CVE-2024-43381 reNgine vulnerable to Stored Cross-Site Scripting (XSS) via DNS Record Poisoning

reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting XSS attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of...