Lucene search
K

35 matches found

Hacker One
Hacker One
added 2026/06/03 9:19 p.m.21 views

curl: DNS domain search list followed for extant domain missing A or AAAA records

Summary: Curl calls getaddrinfo to resolve a domain's addresses, however glibc will continue though the domain search list to find data even if it gets a NODATA response. When using AFUNSPEC in the aihints, this search will stop at the first domain with either an A or AAAA record, however when...

5.5AI score
Exploits0
EUVD
EUVD
added 2026/03/09 12:31 p.m.5 views

EUVD-2025-208404

The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input...

7.2CVSS6AI score0.06272EPSS
Exploits7References2
EUVD
EUVD
added 2026/03/09 12:31 p.m.4 views

EUVD-2025-208403

The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input...

7.2CVSS6AI score0.06272EPSS
Exploits7References2
NVD
NVD
added 2026/03/09 12:16 p.m.4 views

CVE-2025-14558

The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input...

7.2CVSS0.06272EPSS
Exploits7References2
ATTACKERKB
ATTACKERKB
added 2026/03/09 11:27 a.m.3 views

CVE-2025-14558

The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input...

7.2CVSS5.8AI score0.06272EPSS
Exploits7References2
Cvelist
Cvelist
added 2026/03/09 11:27 a.m.29 views

CVE-2025-14558 Remote code execution via ND6 Router Advertisements

The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input...

0.06272EPSS
Exploits7References1
CVE
CVE
added 2026/03/09 11:27 a.m.50 views

CVE-2025-14558

CVE-2025-14558 affects FreeBSD rtsol(8) and rtsold(8). The issue arises because the domain search list in IPv6 Router Advertisement DNSSL options is not validated; the option body is passed to resolvconf(8) unmodified, and resolvconf(8) is a shell script that does not validate input, allowing she...

7.2CVSS6AI score0.06272EPSS
Exploits7References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/09 11:27 a.m.3 views

CVE-2025-14558 Remote code execution via ND6 Router Advertisements

The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input...

5.8AI score0.06272EPSS
Exploits7References1
Metasploit
Metasploit
added 2026/02/13 6:59 p.m.482 views

FreeBSD rtsold/rtsol DNSSL Command Injection

This module exploits a command injection vulnerability CVE-2025-14558 in FreeBSD's rtsol8 and rtsold8 programs. These programs do not validate the domain search list options provided in IPv6 Router Advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell...

7.2CVSS5.5AI score0.06272EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/01/28 12:0 a.m.146 views

📄 FreeBSD 15.x rtsold DNSSL Command Injection

This Metasploit module targets a command injection vulnerability in the FreeBSD rtsold daemon related to the handling of DNSSL DNS Search List options in IPv6 Router Advertisements. Due to improper validation of domain names, attacker-controlled DNSSL values can inject shell commands via $...

6.1AI score0.06272EPSS
Exploits7
Packet Storm News
Packet Storm News
added 2025/12/16 12:0 a.m.8 views

FreeBSD Security Advisory - FreeBSD-SA-25:12.rtsold

FreeBSD Security Advisory - The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that...

7AI score0.06272EPSS
Exploits7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-30952

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00218EPSS
Exploits0References2
NVD
NVD
added 2025/09/24 9:15 a.m.4 views

CVE-2025-9031

Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing. This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15...

4.3CVSS0.00218EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/24 8:25 a.m.12 views

CVE-2025-9031 Timing-Based Username Enumeration in DivvyDrive Information Technologies' DivvyDrive Web

Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing. This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15...

4.3CVSS0.00218EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/24 8:25 a.m.3 views

CVE-2025-9031 Timing-Based Username Enumeration in DivvyDrive Information Technologies' DivvyDrive Web

Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing. This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15...

4.3CVSS5.4AI score0.00218EPSS
Exploits0References2
OSV
OSV
added 2025/02/28 9:15 a.m.3 views

CVE-2024-9193

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS8AI score0.03111EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/11 12:0 a.m.2 views

WordPress plugin Dominion 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.6AI score0.00306EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/11 12:0 a.m.7 views

PT-2025-1881 · WordPress · The Dominion – Domain Checker

Name of the Vulnerable Software and Affected Versions: The Dominion – Domain Checker for WPBakery plugin for WordPress versions up to, and including, 2.2.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS6.2AI score0.00306EPSS
Exploits0References6
Krebs on Security
Krebs on Security
added 2020/04/20 8:19 p.m.73 views

Who’s Behind the “Reopen” Domain Surge?

The past few weeks have seen a large number of new domain registrations beginning with the word "reopen" and ending with U.S. city or state names. The largest number of them were created just hours after President Trump sent a series of all-caps tweets urging citizens to "liberate" themselves fro...

6.8AI score
Exploits0
Kitploit
Kitploit
added 2019/07/31 9:37 p.m.125 views

Buster - Find Emails Of A Person And Return Info Associated With Them

Buster is a simple OSINT tool used to: Get social accounts from various sourcesgravatar,about.me,myspace,skype,github,linkedin,avast Get links to where the email was found using google,twitter,darksearch and paste sites Get domains registered with an email reverse whois Generate possible emails a...

7.1AI score
Exploits0References2
Rows per page
Query Builder