170 matches found
CVE-2026-35517
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the upstream DNS servers configuration parameter dns.upstreams. This vulnerability allows a...
CVE-2026-35517 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.upstreams Newline Injection
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the upstream DNS servers configuration parameter dns.upstreams. This vulnerability allows a...
CVE-2026-35517
Pi-hole FTL (FTLDNS) contains a Remote Code Execution flaw from 6.0 up to before 6.6 in the upstream DNS servers configuration (dns.upstreams). An authenticated attacker can inject arbitrary dnsmasq directives via newline characters, leading to command execution on the host. The issue is fixed in...
CVE-2026-35491 Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
CVE-2026-35491 Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
CVE-2026-35491 Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
CVE-2026-35491
Pi-hole FTL (FTLDNS) from 6.0 to before 6.6 exposes a vulnerability where CLI API sessions (webserver.api.cli_pw) could import Teleporter archives via the /api/teleporter endpoint and overwrite configuration, despite /api/config blocking CLI sessions. This creates an authorization bypass that let...
FTL 安全漏洞
FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL from 6.0 to 6.6 had security vulnerabilities. These vulnerabilities stemmed from the /api/teleporter function, which allowed CLI sessions to perform Teleporter imports. This could allo...
FTL 注入漏洞
FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL from 6.0 to 6.6 had a injection vulnerability. This vulnerability stemmed from the DHCP lease time configuration parameters, allowing authenticated attackers to inject arbitrary dnsmas...
PT-2026-30884
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS host record configuration parameter dns.hostRecord. This vulnerability allows an...
PT-2026-30885
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DHCP lease time configuration parameter dhcp.leaseTime. This vulnerability allows an...
FTL 注入漏洞
FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTLDNS from 6.0 to 6.6 had a injection vulnerability. This vulnerability stemmed from configuration parameters of DHCP hosts, allowing authenticated attackers to inject arbitrary dnsmasq...
PT-2026-30863
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.cli pw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
CVE-2026-33404 Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....
EUVD-2026-19281
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....
PT-2026-30627
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....
Pi-hole Ad-Blocker Detection Consolidation
Consolidation of Pi-hole Ad-Blocker detections. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EUVD-2019-2910
Malware in sbrugna...
EUVD-2021-15476
Malware in sbrugna...
EUVD-2018-4386
Malware in sbrugna...