Lucene search
K

4928 matches found

Cvelist
Cvelist
added yesterday8 views

CVE-2026-47703 AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by producing dnsid=0 or txid=0 and exposed a quoted-port ICMP source-port oracle, weakening DNS response...

6.3CVSS0.00047EPSS
Exploits0References1
OSV
OSV
added yesterday13 views

ROOT-APP-MAVEN-CVE-2026-47691 CVE-2026-47691 in io.root.io.netty:netty-resolver-dns - Patched by Root

Root has patched CVE-2026-47691 in the io.root.io.netty:netty-resolver-dns package for Root:Maven. Multiple fixed versions available...

10CVSS5.3AI score0.00292EPSS
Exploits0
RedHat Linux
RedHat Linux
added yesterday1 views

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS6.1AI score0.0034EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added yesterday2 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS6.1AI score0.00813EPSS
Exploits0References8
NVD
NVD
added 2 days ago4 views

CVE-2026-49169

Use after free in DNS Server allows an authorized attacker to execute code over a network...

8CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-15428

An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with...

8.5CVSS0.00885EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-50487 Windows DNS Client Elevation of Privilege Vulnerability

...

8.1CVSS0.00674EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-50495 DNS Client Tampering Vulnerability

...

6.1CVSS0.00279EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-50495

CVE-2026-50495 is a Windows DNS vulnerability described as improper access control that could allow an authorized local attacker to tamper DNS-related data. Multiple connected sources (NVD entry and MSRC update guidance) confirm this as a locally exploitable issue with a baseline CVSS v3.1 score ...

6.1CVSS6AI score0.00279EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-50465

CVE-2026-50465 is a Windows DNS Client tampering vulnerability caused by improper access control that can be exploited locally by an authorized attacker. Connected sources confirm Windows DNS is affected (CVE-2026-50465 listed under Windows DNS with data manipulation; MSRC update guidance). The C...

7.1CVSS6AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago22 views

CVE-2026-50426 Windows DNS Server Remote Code Execution Vulnerability

...

6.8CVSS0.00367EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago19 views

CVE-2026-50295 Windows Zero Trust DNS Security Feature Bypass Vulnerability

...

5.5CVSS0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-50295 Windows Zero Trust DNS Security Feature Bypass Vulnerability

...

5.5CVSS6.1AI score0.00222EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-49174

CVE-2026-49174 describes a vulnerability in Microsoft Windows DNS where missing authentication for a critical function could allow a locally authorized attacker to tamper with DNS behavior. The NVD entry notes a CVSS v3.1 base score of 6.1 (Medium) with a LOCAL attack vector, LOW attack complexit...

6.1CVSS6AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago2 views

CVE-2026-49174 DNS Client Tampering Vulnerability

...

6.1CVSS6.1AI score0.00202EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-49175

CVE-2026-49175 is a Windows DNS Client vulnerability described as a heap-based buffer overflow that allows an authorized attacker to achieve local privilege escalation. The issue affects the Windows DNS client and is characterized by a LOCAL attack vector with low attack complexity and the need f...

7.8CVSS6.1AI score0.00245EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-49169

CVE-2026-49169 affects Windows DNS Server. The vulnerability is a use-after-free in the DNS Server that enables remote code execution when exploited over a network by an authenticated attacker. Exploitation details are not provided in the supplied documents beyond the CVSS 3.1 score (8.0, HIGH) w...

8CVSS6.2AI score0.00496EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-49169 Windows DNS Server Remote Code Execution Vulnerability

...

8CVSS6.1AI score0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago22 views

CVE-2026-15428 OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v

An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with...

8.5CVSS0.00885EPSS
Exploits0References2
CVE
CVE
added 2 days ago5 views

CVE-2026-15428

The CVE-2026-15428 entry concerns Archer VX800v (v1) and related CXE/ CWMP management exposure. The underlying issue is insufficient input sanitization of the domain name parameter in the HTTP interface, enabling an adjacent attacker to inject shell metacharacters and achieve arbitrary code execu...

8.5CVSS6.6AI score0.00885EPSS
Exploits0References2
Rows per page
Query Builder