CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/19 9:18 a.m.•4 views

EUVD-2026-30855

6.5CVSS5.7AI score0.00192EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-41844

5.7AI score0.00192EPSS

Exploits0References2

Cvelist•added 2026/05/11 8:21 p.m.•32 views

CVE-2026-41489 Pi-hole: Local privilege escalation via config-controlled path in root-executed service hooks

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

8.8CVSS0.00013EPSS

Positive Technologies•added 2026/05/11 12:0 a.m.•8 views

PT-2026-39836

8.8CVSS5.9AI score0.00013EPSS

Vulnrichment•added 2026/05/05 8:50 p.m.•5 views

CVE-2026-39849 Pi-hole FTL remote code execution via newline injection in dns.interface configuration

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the dns.interface configuration field in Pi-hole FTL accepted newline characters without validation, allowing an attacker to inject arbitrary directives into the generated...

8.7CVSS6.1AI score0.00087EPSS

Exploits1References3

EUVD•added 2026/05/05 8:50 p.m.•2 views

EUVD-2026-27498

8.7CVSS6.1AI score0.00087EPSS

Exploits1References3

Cvelist•added 2026/05/05 8:50 p.m.•18 views

CVE-2026-39849 Pi-hole FTL remote code execution via newline injection in dns.interface configuration

8.7CVSS0.00087EPSS

Exploits1References3

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mtd: Fixed NULL pointer dereferencing caused by the ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereferencing when trying to access ‘gluebi-desc’ in gluebiread. The issue arises...

5.5CVSS6.2AI score0.0002EPSS

Exploits0References2

RedhatCVE•added 2026/04/09 7:23 p.m.•0 views

CVE-2026-35520

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DHCP lease time configuration parameter dhcp.leaseTime. This vulnerability allows an...

NVD•added 2026/04/07 4:16 p.m.•1 views

CVE-2026-35521

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DHCP hosts configuration parameter dhcp.hosts. This vulnerability allows an authenticat...

NVD•added 2026/04/07 4:16 p.m.•0 views

CVE-2026-35518

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...

NVD•added 2026/04/07 4:16 p.m.•0 views

CVE-2026-35520

NVD•added 2026/04/07 4:16 p.m.•0 views

CVE-2026-35491

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...

6.1CVSS0.00016EPSS

ATTACKERKB•added 2026/04/07 3:20 p.m.•0 views

CVE-2026-35521

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DHCP hosts configuration parameter dhcp.hosts. This vulnerability allows an authenticat...

Exploits1References2Affected Software1

EUVD•added 2026/04/07 3:20 p.m.•1 views

EUVD-2026-19715

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DHCP hosts configuration parameter dhcp.hosts. This vulnerability allows an authenticat...

Cvelist•added 2026/04/07 3:20 p.m.•18 views

CVE-2026-35521 Pi-hole FTL affected by Remote Code Execution (RCE) via dhcp.hosts Newline Injection

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DHCP hosts configuration parameter dhcp.hosts. This vulnerability allows an authenticat...

CVE•added 2026/04/07 3:20 p.m.•6 views

CVE-2026-35521

CVE-2026-35521 impact (Pi-hole FTL/FTLDNS). From 6.0 up to but not including 6.6, Pi-hole’s FTL engine contained a Remote Code Execution (RCE) vulnerability in the DHCP hosts configuration parameter (dhcp.hosts). An authenticated attacker could inject arbitrary dnsmasq configuration directives by...

Exploits1References1Affected Software1

Cvelist•added 2026/04/07 3:19 p.m.•14 views

CVE-2026-35520 Pi-hole FTL affected by Remote Code Execution (RCE) via dhcp.leaseTime Newline Injection