Lucene search
K

48 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-56843

Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This result...

9.9CVSS0.00336EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42144

Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This result...

9.9CVSS6AI score0.00336EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:47 p.m.7 views

CVE-2026-57587 SQL Injection in Nessus via Reverse DNS Lookup

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

6.3CVSS5.9AI score0.00339EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:47 p.m.11 views

CVE-2026-57587

The CVE-2026-57587 entry describes a SQL injection in Nessus affecting the scan results database. An unauthenticated remote attacker who controls reverse DNS records for a scanned host can inject malicious SQL, potentially exfiltrating scan-result data. The connected documents specify Nessus as t...

6.3CVSS5.9AI score0.00339EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 2:52 p.m.8 views

Malicious code in atlassian-forge-skills (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ca0f4b99cda621977551550ed678ad77ee82827714acb9d08534f53b0642e3c Package impersonates an internal Atlassian Forge dependency unscoped name atlassian-forge-skills, description 'Internal package', generic author...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:22 a.m.12 views

Malicious code in @monitoring-lib/error-tracking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 491603ad44ed812c3d248696b00f7d4801a4c1dc23e4f23a3bb86f2ef499616d On npm install, the preinstall lifecycle hook in package.json runs a Node one-liner that reads the installer's hostname os.hostname and username...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/09 5:44 p.m.13 views

MAL-2026-5445 Malicious code in grateful-payments (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a7a07a0a09ed8037058353b9b9b067e25e3cbe783eaab8d54276d490f823471 On npm install, the package's postinstall script src/canary.js performs a DNS lookup and HTTPS GET to the hardcoded host...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/22 1:6 p.m.12 views

CVE-2026-43617

A flaw was found in rsync. When an rsync daemon is configured with "daemon chroot = /X" and uses hostname-based access control lists ACLs, and the chrooted directory /X lacks necessary DNS resolution files, a remote attacker can bypass hostname-based deny rules. This occurs because the daemon...

6.3CVSS5.8AI score0.00282EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/09 12:42 a.m.9 views

Command Injection

Overview @profullstack/mcp-server is an A generic, modular server for implementing the Model Context Protocol MCP Affected versions of this package are vulnerable to Command Injection via the domainlookup process. An attacker can execute arbitrary operating system commands with the privileges of...

9.8CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/05/09 12:42 a.m.2 views

GHSA-V6WJ-C83F-V46X @profullstack/mcp-server vulnerable to OS Command Injection in domain_lookup Module

Security Advisory: OS Command Injection in profullstack/mcp-server domainlookup Module Field | Value -- | -- Project | profullstack/mcp-server Repository | https://github.com/profullstack/mcp-server Affected Commit | 2e8ea913573610667ad54e31dba2e8198ebf7cf9 Affected Module | mcpmodules/domainlook...

9.8CVSS6.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/09 12:42 a.m.10 views

@profullstack/mcp-server vulnerable to OS Command Injection in domain_lookup Module

Security Advisory: OS Command Injection in profullstack/mcp-server domainlookup Module Field | Value -- | -- Project | profullstack/mcp-server Repository | https://github.com/profullstack/mcp-server Affected Commit | 2e8ea913573610667ad54e31dba2e8198ebf7cf9 Affected Module | mcpmodules/domainlook...

6.7AI score
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 7:41 p.m.7 views

CVE-2026-44331

In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltabfetchclientscb in contrib/modwrap2sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When "UseReverseDNS on" is enabled, the...

8.1CVSS6AI score0.00455EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/05 7:41 p.m.7 views

CVE-2026-44331

In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltabfetchclientscb in contrib/modwrap2sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When "UseReverseDNS on" is enabled, the...

8.1CVSS6AI score0.00455EPSS
Exploits0
CVE
CVE
added 2026/03/26 1:24 p.m.15 views

CVE-2018-25213

CVE-2018-25213 affects Nsauditor 3.0.28.0. The vulnerability is a structured exception handling (SEH) buffer overflow in the DNS Lookup tool that enables local attackers to achieve code execution with the application’s privileges by supplying specially crafted input to the DNS Query field. The de...

8.6CVSS6.8AI score0.00247EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/04 9:18 p.m.25 views

CVE-2026-25518

Summary: CVE-2026-25518 affects cert-manager-controller in Kubernetes clusters. In versions 1.18.0–1.18.4 and 1.19.0–1.19.2, the controller performs DNS lookups during ACME DNS-01 processing using unencrypted DNS, allowing an attacker able to intercept DNS traffic from the cert-manager pod to ins...

5.9CVSS5.4AI score0.00349EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : libuv-1.42.0-2.el9_4 (AXSA:2024-8597:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8597:02 advisory. libuv: Improper Domain Lookup that potentially leads to SSRF attacks CVE-2024-24806 Tenable has extracted the preceding description block directly from the...

7.3CVSS7.8AI score0.02003EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-8293

Malware in sbrugna...

6.1CVSS6.3AI score0.00675EPSS
Exploits1References2
Gitee
Gitee
added 2025/08/03 4:19 a.m.119 views

Dracnmap

Dracnmap is an open-source program designed to exploit networks and gather information using the help of Nmap. It is intended to simplify the process of network scanning by utilizing the script engine of Nmap and performing various automatic scanning techniques with advanced commands. Dracnmap is...

6.6AI score
Exploits0
OSV
OSV
added 2025/05/07 7:13 p.m.3 views

RLSA-2024:4756 Moderate: libuv security update

libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fixes: libuv: Improper Domain Lookup that potentially leads to SSRF attacks CVE-2024-24806 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.3CVSS7.7AI score0.02003EPSS
Exploits1References2
OSV
OSV
added 2025/05/07 7:11 p.m.3 views

RLSA-2024:4247 Moderate: libuv security update

libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fixes: libuv: Improper Domain Lookup that potentially leads to SSRF attacks CVE-2024-24806 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.3CVSS7.7AI score0.02003EPSS
Exploits1References2
Rows per page
Query Builder