Apache ZooKeeper: Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing

A flaw was found in Apache ZooKeeper. The ZKTrustManager component's hostname verification process can fall back to reverse DNS PTR lookup when IP Subject Alternative Name SAN validation fails. This vulnerability allows an attacker who can control or spoof PTR records to impersonate ZooKeeper...

Apache ZooKeeper: Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing

A flaw was found in Apache ZooKeeper. The ZKTrustManager component's hostname verification process can fall back to reverse DNS PTR lookup when IP Subject Alternative Name SAN validation fails. This vulnerability allows an attacker who can control or spoof PTR records to impersonate ZooKeeper...

OpenClaw: macOS Tailnet DNS Spoofing & Credential Exfiltration

Summary macOS Wide-Area Discovery Accepts Arbitrary Tailnet Peer as DNS Authority and Exfiltrates Operator Credentials Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped macOS discovery steering bug, but exploitation needs same-tailnet position, a...

GHSA-Q9W8-CF67-R238 OpenClaw: macOS Tailnet DNS Spoofing & Credential Exfiltration

Summary macOS Wide-Area Discovery Accepts Arbitrary Tailnet Peer as DNS Authority and Exfiltrates Operator Credentials Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped macOS discovery steering bug, but exploitation needs same-tailnet position, a...

EulerOS Virtualization 2.12.0 : avahi (EulerOS-SA-2026-1473)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where...

EulerOS Virtualization 2.10.0 : avahi (EulerOS-SA-2026-1549)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them...

CVE-2026-1490

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

EUVD-2026-5835

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

CVE-2026-1490 Spam protection, Honeypot, Anti-Spam by CleanTalk <= 6.71 - Authorization Bypass via Reverse DNS (PTR record) Spoofing to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.161-3.b14.AXS4 (AXSA:2018-2515:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2515:01 advisory. Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.161-0.b14.el7 (AXSA:2018-2516:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2516:01 advisory. Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass...

EulerOS 2.0 SP12 : avahi (EulerOS-SA-2026-1081)

According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS...

openSUSE 16 Security Update : avahi (openSUSE-SU-2026:20013-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20013-1 advisory. - CVE-2024-52615: Fixed DNS spoofing bsc1233421 Tenable has extracted the preceding description block directly from the SUSE security advisory. Note tha...

MiracleLinux 3 : dnsmasq-2.45-1AXS3.1.1 (AXSA:2008-462:03)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2008-462:03 advisory. Dnsmasq consists of both lightweight and easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small...

MiracleLinux 3 : bind-9.3.4-10.P1.1AXS3 (AXSA:2009-94:02)

"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-94:02 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves hos...

Security update for avahi (moderate)

openSUSE security update: security update for avahi ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20013-1 Rating: moderate References: bsc1233421 Cross-References: CVE-2024-52615 CVSS scores: CVE-2024-52615 SUSE : 5.3...

SUSE-SU-2026:20027-1 Security update for avahi

This update for avahi fixes the following issues: - CVE-2024-52615: Fixed DNS spoofing bsc1233421...

OPENSUSE-SU-2026:20013-1 Security update for avahi

This update for avahi fixes the following issues: - CVE-2024-52615: Fixed DNS spoofing bsc1233421...

CVE-2010-0362

Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses...

EulerOS Virtualization 2.13.0 : avahi (EulerOS-SA-2025-2605)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where...