4928 matches found
CVE-2026-47703 AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by producing dnsid=0 or txid=0 and exposed a quoted-port ICMP source-port oracle, weakening DNS response...
ROOT-APP-MAVEN-CVE-2026-47691 CVE-2026-47691 in io.root.io.netty:netty-resolver-dns - Patched by Root
Root has patched CVE-2026-47691 in the io.root.io.netty:netty-resolver-dns package for Root:Maven. Multiple fixed versions available...
crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application
A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...
net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
CVE-2026-49169
Use after free in DNS Server allows an authorized attacker to execute code over a network...
CVE-2026-15428
An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with...
CVE-2026-50487 Windows DNS Client Elevation of Privilege Vulnerability
...
CVE-2026-50495 DNS Client Tampering Vulnerability
...
CVE-2026-50495
CVE-2026-50495 is a Windows DNS vulnerability described as improper access control that could allow an authorized local attacker to tamper DNS-related data. Multiple connected sources (NVD entry and MSRC update guidance) confirm this as a locally exploitable issue with a baseline CVSS v3.1 score ...
CVE-2026-50465
CVE-2026-50465 is a Windows DNS Client tampering vulnerability caused by improper access control that can be exploited locally by an authorized attacker. Connected sources confirm Windows DNS is affected (CVE-2026-50465 listed under Windows DNS with data manipulation; MSRC update guidance). The C...
CVE-2026-50426 Windows DNS Server Remote Code Execution Vulnerability
...
CVE-2026-50295 Windows Zero Trust DNS Security Feature Bypass Vulnerability
...
CVE-2026-50295 Windows Zero Trust DNS Security Feature Bypass Vulnerability
...
CVE-2026-49174
CVE-2026-49174 describes a vulnerability in Microsoft Windows DNS where missing authentication for a critical function could allow a locally authorized attacker to tamper with DNS behavior. The NVD entry notes a CVSS v3.1 base score of 6.1 (Medium) with a LOCAL attack vector, LOW attack complexit...
CVE-2026-49174 DNS Client Tampering Vulnerability
...
CVE-2026-49175
CVE-2026-49175 is a Windows DNS Client vulnerability described as a heap-based buffer overflow that allows an authorized attacker to achieve local privilege escalation. The issue affects the Windows DNS client and is characterized by a LOCAL attack vector with low attack complexity and the need f...
CVE-2026-49169
CVE-2026-49169 affects Windows DNS Server. The vulnerability is a use-after-free in the DNS Server that enables remote code execution when exploited over a network by an authenticated attacker. Exploitation details are not provided in the supplied documents beyond the CVSS 3.1 score (8.0, HIGH) w...
CVE-2026-49169 Windows DNS Server Remote Code Execution Vulnerability
...
CVE-2026-15428 OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v
An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with...
CVE-2026-15428
The CVE-2026-15428 entry concerns Archer VX800v (v1) and related CXE/ CWMP management exposure. The underlying issue is insufficient input sanitization of the domain name parameter in the HTTP interface, enabling an adjacent attacker to inject shell metacharacters and achieve arbitrary code execu...