CVE-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

PT-2026-38383

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.32.0 Description A DNS rebinding issue exists in the FilterOutboundURL function. The software resolves a hostname to check it against a private-address deny-list but discards the resolved addresses. Because Chromi...

PT-2026-37255

Name of the Vulnerable Software and Affected Versions Open-WebSearch versions prior to 2.1.7 Description An issue exists in the isPublicHttpUrl and assertPublicHttpUrl functions within src/utils/urlSafety.ts that allows non-blind Server-Side Request Forgery SSRF, where the response body is return...

CVE-2026-6874

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

EUVD-2026-13519

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with...

CVE-2025-36754

Technical details (affected product/versions, root cause, exploit specifics) are not publicly provided in the connected documents. Monitor for updates.

EUVD-2022-35461

Malicious code in bioql PyPI...

CVE-2025-8283

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be us...

CVE-2023-5978

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the capnet libcasper3 service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other...

CVE-2022-30258

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

Crawlector - Threat Hunting Framework Designed For Scanning Websites For Malicious Objects

Crawlector the name Crawlector is a combination of Crawl er & Detector is a threat hunting framework designed for scanning websites for malicious objects. Note-1 : The framework was first presented at the No Hat conference in Bergamo, Italy on October 22nd, 2022 Slides, YouTube Recording. Also, i...

Authorization Bypass

maradns is vulnerable to Authorization Bypasses. When the application allows variant V1 of unintended domain name resolution, a revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains...

Debian dla-3457 : duende - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3457 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3457-1 [email protected]...

CVE-2022-30257

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

Design/Logic Flaw

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

Design/Logic Flaw

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

Technitium DNS Server 安全漏洞

Technitium DNS Server is an open source authoritative and recursive DNS server from the Technitium team. It can be used to self-host DNS servers for privacy and security. A security vulnerability exists in Technitium DNS Server version 8.0.2, which stems from variant V2 that allows accidental...

CVE-2022-30258

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

CVE-2022-30257

The CVE-2022-30257 entry affects Technitium DNS Server (versions through 8.0.2). Concrete details from connected sources show a flaw where variant V1 allows unintended domain name resolution: a revoked domain name can remain resolvable for an extended period, including expired or taken-down domai...

Design/Logic Flaw

An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...