OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)

Exploit Title: OpenWrt 23.05 - Authenticated Remote Code Execution RCE Date: 2026-01-17 Exploit Author: Ahmet Mersin Vendor Homepage: https://github.com/stangri/luci-app-https-dns-proxy Software Link: https://github.com/stangri/luci-app-https-dns-proxy Version: All versions prior to 2026-01-17...

Missing Critical Step in Authentication

Overview github.com/coredns/coredns/core/dnsserver is a package that implements all the interfaces from Caddy, so that CoreDNS can be a servertype plugin. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the TSIG authentication process for gRPC, QUIC,...

CoreDNS has TSIG authentication bypass on gRPC and QUIC transports

Summary The gRPC, QUIC, DoH, and DoH3 transports in CoreDNS incorrectly handle TSIG authentication. For gRPC and QUIC, CoreDNS checks whether the TSIG key name exists in the config, but does not actually verify the TSIG HMAC. If the key name matches, tsigStatus remains nil and the tsig plugin...

GHSA-QHMP-Q7XH-99RH CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC

Summary CoreDNS' tsig plugin can be bypassed on non-plain-DNS transports because it trusts the transport writer's TsigStatus instead of performing verification itself. In the attached PoC, plain DNS/TCP correctly rejects an invalid TSIG NOTAUTH, while the same invalid-TSIG request is accepted ove...

CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC

Summary CoreDNS' tsig plugin can be bypassed on non-plain-DNS transports because it trusts the transport writer's TsigStatus instead of performing verification itself. In the attached PoC, plain DNS/TCP correctly rejects an invalid TSIG NOTAUTH, while the same invalid-TSIG request is accepted ove...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the requestToMsgGet process. An attacker can exhaust CPU and memory resources by sending oversized DNS-over-HTTPS GET requests with large dns query parameters, causing the...

PT-2026-35932

Name of the Vulnerable Software and Affected Versions CoreDNS versions prior to 1.14.3 Description CoreDNS transport implementations for gRPC, QUIC, DoH, and DoH3 incorrectly handle TSIG Transaction Signature authentication, which is a mechanism used to authenticate DNS messages. In gRPC and QUIC...

PT-2026-37095

Name of the Vulnerable Software and Affected Versions CoreDNS versions prior to 1.14.3 Description CoreDNS is a DNS server that chains plugins. A denial-of-service issue exists in the DNS-over-HTTPS DoH GET path because it lacks early size validation for requests. A remote, unauthenticated attack...

CVE-2026-3868

CVE-2026-3868 (Moxa Secure Router) involves improper handling of length parameters in the HTTPS management interface. An unauthenticated remote attacker can send crafted requests to trigger a buffer overflow, causing the web service to become unresponsive and potentially requiring a device reboot...

CVE-2026-3868

An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buff...

CVE-2026-3868

An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buff...

OESA-2026-2028 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. When establishing HTTPS tunnels through a configur...

OESA-2026-2026 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. When establishing HTTPS tunnels through a configur...

OESA-2026-2027 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. When establishing HTTPS tunnels through a configur...

SUSE SLED15 / SLES15 Security Update : dnsdist (SUSE-SU-2026:1618-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1618-1 advisory. Update to version 1.9.12. - https://www.dnsdist.org/changelog.htmlchange-1.9.12 Security issues fixed: -...

SUSE-SU-2026:1618-1 Security update for dnsdist

This update for dnsdist fixes the following issues: Update to version 1.9.12. - https://www.dnsdist.org/changelog.htmlchange-1.9.12 Security issues fixed: - CVE-2026-0396: crafted DNS queries triggering domain-based dynamic rules can lead to HTML injection in the web dashboard bsc1261236. -...

CLSA-2026-1777035524 libsoup: Fix of CVE-2026-5119

CVE-2026-5119: do not send cookies to a HTTP proxy for a HTTPS request...

SUSE CVE-2026-33254

An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default...

SUSE CVE-2026-33594

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection...

EUVD-2026-24927

An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default...