13 matches found
CVE-2026-33257 Insufficient input validation of internal webserver
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
SUSE CVE-2026-0397
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397
A flaw was found in the internal webserver of dnsdist and PowerDNS. When the internal webserver is enabled, a remote attacker can exploit a misconfiguration in the Cross-Origin Resource Sharing CORS policy. By tricking an administrator logged into the dashboard into visiting a malicious website,...
EUVD-2026-17363
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
UBUNTU-CVE-2026-0397
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397 Information disclosure via CORS misconfiguration
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397 Information disclosure via CORS misconfiguration
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397
Summary: CVE-2026-0397 involves information disclosure via a CORS misconfiguration when the internal webserver is enabled. The root cause is a misconfigured Cross-Origin Resource Sharing policy that can allow an administrator, while logged into the dashboard, to be tricked into visiting a malicio...
PT-2026-29242
Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description A misconfiguration of the Cross-Origin Resource Sharing CORS policy exists when the internal webserver is enabled. An attacker may be able to trick an administrator logged into the dashboard...