Lucene search
+L

170 matches found

attackerkb
attackerkb
added 2026/04/07 3:16 p.m.1 views

CVE-2026-35517

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the upstream DNS servers configuration parameter dns.upstreams. This vulnerability allows a...

8.8CVSS6.2AI score0.00859EPSS
Exploits2References2Affected Software1
vulnrichment
vulnrichment
added 2026/04/07 3:16 p.m.7 views

CVE-2026-35517 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.upstreams Newline Injection

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the upstream DNS servers configuration parameter dns.upstreams. This vulnerability allows a...

8.8CVSS6.2AI score0.00859EPSS
Exploits2References1
cve
cve
added 2026/04/07 3:16 p.m.38 views

CVE-2026-35517

Pi-hole FTL (FTLDNS) contains a Remote Code Execution flaw from 6.0 up to before 6.6 in the upstream DNS servers configuration (dns.upstreams). An authenticated attacker can inject arbitrary dnsmasq directives via newline characters, leading to command execution on the host. The issue is fixed in...

8.8CVSS6.2AI score0.00859EPSS
Exploits2References1Affected Software1
vulnrichment
vulnrichment
added 2026/04/07 3:0 p.m.1 views

CVE-2026-35491 Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...

6.1CVSS5.9AI score0.00156EPSS
Exploits1References1
cvelist
cvelist
added 2026/04/07 3:0 p.m.18 views

CVE-2026-35491 Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...

6.1CVSS0.00156EPSS
Exploits1References1
osv
osv
added 2026/04/07 3:0 p.m.2 views

CVE-2026-35491 Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...

6.1CVSS5.9AI score0.00156EPSS
Exploits1References3
cve
cve
added 2026/04/07 3:0 p.m.11 views

CVE-2026-35491

Pi-hole FTL (FTLDNS) from 6.0 to before 6.6 exposes a vulnerability where CLI API sessions (webserver.api.cli_pw) could import Teleporter archives via the /api/teleporter endpoint and overwrite configuration, despite /api/config blocking CLI sessions. This creates an authorization bypass that let...

6.1CVSS5.9AI score0.00156EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2026/04/07 12:0 a.m.6 views

FTL 安全漏洞

FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL from 6.0 to 6.6 had security vulnerabilities. These vulnerabilities stemmed from the /api/teleporter function, which allowed CLI sessions to perform Teleporter imports. This could allo...

6.1CVSS5.8AI score0.00156EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/04/07 12:0 a.m.9 views

FTL 注入漏洞

FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL from 6.0 to 6.6 had a injection vulnerability. This vulnerability stemmed from the DHCP lease time configuration parameters, allowing authenticated attackers to inject arbitrary dnsmas...

8.8CVSS6AI score0.00701EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/04/07 12:0 a.m.5 views

PT-2026-30884

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS host record configuration parameter dns.hostRecord. This vulnerability allows an...

8.8CVSS6.2AI score0.00537EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/07 12:0 a.m.11 views

PT-2026-30885

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DHCP lease time configuration parameter dhcp.leaseTime. This vulnerability allows an...

8.8CVSS6.2AI score0.00701EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/04/07 12:0 a.m.10 views

FTL 注入漏洞

FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTLDNS from 6.0 to 6.6 had a injection vulnerability. This vulnerability stemmed from configuration parameters of DHCP hosts, allowing authenticated attackers to inject arbitrary dnsmasq...

8.8CVSS6AI score0.00686EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/04/07 12:0 a.m.4 views

PT-2026-30863

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.cli pw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...

6.1CVSS5.9AI score0.00156EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/04/06 2:48 p.m.5 views

CVE-2026-33404 Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....

3.4CVSS5.9AI score0.00145EPSS
Exploits0References1
euvd
euvd
added 2026/04/06 2:48 p.m.4 views

EUVD-2026-19281

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....

3.4CVSS5.9AI score0.00145EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/06 12:0 a.m.6 views

PT-2026-30627

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....

3.4CVSS5.9AI score0.00145EPSS
Exploits0References2
openvas
openvas
added 2025/11/05 12:0 a.m.3 views

Pi-hole Ad-Blocker Detection Consolidation

Consolidation of Pi-hole Ad-Blocker detections. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.2AI score
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-2910

Malware in sbrugna...

8.8CVSS8.8AI score0.01372EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-15476

Malware in sbrugna...

8.8CVSS7.7AI score0.00251EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.11 views

EUVD-2018-4386

Malware in sbrugna...

8.8CVSS8.3AI score0.00879EPSS
Exploits0References4
Rows per page
Query Builder