Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7636 matches found

NVD
NVDadded 2026/05/05 8:16 p.m.4 views

CVE-2026-32936

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS0.00043EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/05/05 7:7 p.m.2 views

CVE-2026-32936

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS5.7AI score0.00043EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2026/05/05 7:7 p.m.4 views

EUVD-2026-27442

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS5.7AI score0.00043EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/05/05 7:7 p.m.28 views

CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS0.00043EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/05/05 7:7 p.m.1 views

CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS5.7AI score0.00043EPSS
Exploits1References2
AlpineLinux
AlpineLinuxadded 2026/05/05 7:7 p.m.5 views

CVE-2026-32936

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS5.7AI score0.00043EPSS
Exploits1References2
CVE
CVEadded 2026/05/05 7:2 p.m.12 views

CVE-2026-33190

CoreDNS TSIG authentication bypass vulnerability (CVE-2026-33190) affects versions prior to 1.14.3 on non-plain-DNS transports. The tsig plugin trusts the transport writer’s TsigStatus() instead of verifying TSIG itself, causing unauthenticated remote access over DoT, DoH, DoH3, DoQ, and gRPC. Do...

8.7CVSS5.8AI score0.00085EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/05/05 5:51 p.m.2 views

GHSA-64CV-VXPR-J6VC edx-enterprise has SSRF via SAML metadata URL in sync_provider_data endpoint

Summary The syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin role can set this field to an arbitrary URL via the SAMLProviderConfigViewSet PATCH endpoint, then trigger...

8.5CVSS6.1AI score0.00012EPSS
Exploits1References4
Circl
Circladded 2026/05/05 11:19 a.m.2 views

CVE-2026-6180

creationtimestamp| type| source ---|---|--- 2026-05-05 11:19:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml42vmaprd2v 2026-05-05 14:35:15+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3ml4fubobns2c...

8.1CVSS5.8AI score0.00121EPSS
Exploits0References2
Packet Storm
Packet Stormadded 2026/05/05 12:0 a.m.37 views

📄 OpenWrt 23.05 Remote Code Execution

OpenWrt version 23.05 suffers from an authenticated remote code execution vulnerability. Exploit Title: OpenWrt 23.05 - Authenticated Remote Code Execution RCE Date: 2026-01-17 Exploit Author: Ahmet Mersin Vendor Homepage: https://github.com/stangri/luci-app-https-dns-proxy Software Link:...

6.4AI score
Exploits0
OSV
OSVadded 2026/05/04 1:12 p.m.4 views

JLSEC-2026-419 When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's...

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

5.9CVSS6.8AI score0.00745EPSS
Exploits1References16
Circl
Circladded 2026/05/04 12:35 a.m.4 views

CVE-2026-7706

creationtimestamp| type| source ---|---|--- 2026-05-04 00:35:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkyghutsvc2n...

5.3CVSS5.8AI score0.0005EPSS
Exploits0References1
NVD
NVDadded 2026/05/01 11:16 a.m.0 views

CVE-2026-42404

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

7.2CVSS0.00045EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/01 9:46 a.m.3 views

CVE-2026-42404

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

6.5CVSS5.9AI score0.00045EPSS
Exploits0References2
Exploit DB
Exploit DBadded 2026/04/29 12:0 a.m.76 views

OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)

Exploit Title: OpenWrt 23.05 - Authenticated Remote Code Execution RCE Date: 2026-01-17 Exploit Author: Ahmet Mersin Vendor Homepage: https://github.com/stangri/luci-app-https-dns-proxy Software Link: https://github.com/stangri/luci-app-https-dns-proxy Version: All versions prior to 2026-01-17...

5.3AI score
Exploits0
Snyk
Snykadded 2026/04/28 10:54 p.m.1 views

Missing Critical Step in Authentication

Overview github.com/coredns/coredns/core/dnsserver is a package that implements all the interfaces from Caddy, so that CoreDNS can be a servertype plugin. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the TSIG authentication process for gRPC, QUIC,...

9.8CVSS5.8AI score0.00076EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/04/28 10:54 p.m.4 views

CoreDNS has TSIG authentication bypass on gRPC and QUIC transports

Summary The gRPC, QUIC, DoH, and DoH3 transports in CoreDNS incorrectly handle TSIG authentication. For gRPC and QUIC, CoreDNS checks whether the TSIG key name exists in the config, but does not actually verify the TSIG HMAC. If the key name matches, tsigStatus remains nil and the tsig plugin...

9.8CVSS5.8AI score0.00076EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2026/04/28 10:46 p.m.2 views

GHSA-QHMP-Q7XH-99RH CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC

Summary CoreDNS' tsig plugin can be bypassed on non-plain-DNS transports because it trusts the transport writer's TsigStatus instead of performing verification itself. In the attached PoC, plain DNS/TCP correctly rejects an invalid TSIG NOTAUTH, while the same invalid-TSIG request is accepted ove...

8.7CVSS5.8AI score0.00085EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2026/04/28 10:46 p.m.5 views

CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC

Summary CoreDNS' tsig plugin can be bypassed on non-plain-DNS transports because it trusts the transport writer's TsigStatus instead of performing verification itself. In the attached PoC, plain DNS/TCP correctly rejects an invalid TSIG NOTAUTH, while the same invalid-TSIG request is accepted ove...

8.7CVSS5.5AI score0.00085EPSS
Exploits1References4Affected Software1
Snyk
Snykadded 2026/04/28 10:43 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the requestToMsgGet process. An attacker can exhaust CPU and memory resources by sending oversized DNS-over-HTTPS GET requests with large dns query parameters, causing the...

8.7CVSS5.8AI score0.00043EPSS
Exploits1References2
Rows per page
Query Builder