Lucene search
+L

2863 matches found

CVE
CVE
added yesterday10 views

CVE-2025-71390

SurrealDB prior to 2.2.6, 2.3.6, 2.1.8 and 3.0.0-alpha.7 and earlier fails to validate DNS-resolved hostnames against --deny-net network restrictions in http::* functions. An authenticated user can call http::() using a hostname that resolves to a denied IP, causing the server to perform the requ...

5.8CVSS5.3AI score
Exploits0References2
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-48487 Zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, readcharacterstring and readstring in src/zeroconf/protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checking it against self.datalen, allowing unauthenticated hosts on th...

5.3CVSS0.00318EPSS
Exploits0References5
OSV
OSV
added 2 days ago5 views

CVE-2026-47184 Zeroconf: Unbounded DNS record cache allows LAN-local memory exhaustion via multicast flood

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 224.0.0.251 / ff02::f...

6.5CVSS5.2AI score0.00241EPSS
Exploits0References7
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-47184 Zeroconf: Unbounded DNS record cache allows LAN-local memory exhaustion via multicast flood

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 224.0.0.251 / ff02::f...

6.5CVSS0.00241EPSS
Exploits0References5
CVE
CVE
added 2 days ago32 views

CVE-2026-47180

CVE-2026-47180 affects the Zeroconf Python library. The vulnerability stems from DNSIncoming._decode_labels_at_offset recursing for each DNS-name compression pointer; a crafted mDNS packet with ~1500 chained pointers can cause unbounded recursion, escaping DNSIncoming.init and triggering sustaine...

6.5CVSS5.2AI score0.0023EPSS
Exploits0References4
NVD
NVD
added 2 days ago9 views

CVE-2026-62212

OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should hav...

7.1CVSS0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-45100

OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should hav...

7.1CVSS6.1AI score0.00168EPSS
Exploits0References2
OSV
OSV
added 2 days ago4 views

CVE-2026-62212 OpenClaw < 2026.5.28 Authentication Bypass via safeFetch

OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should hav...

5.1CVSS5.4AI score0.00168EPSS
Exploits0References5
NVD
NVD
added 3 days ago7 views

CVE-2026-62299

CoreDNS is a DNS server written in Go. Prior to 1.14.5, the CoreDNS rewrite plugin supports edns0 rewrite rules with an optional revert flag, and two response rules, edns0SetResponseRule and edns0ReplaceResponseRuleT in plugin/rewrite/edns0.go, call res.IsEdns0 and immediately dereference the...

5.3CVSS0.00301EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-62290 cert-manager: Direct ACME Challenge resources can bypass Issuer DNS01 solver policy and use ClusterIssuer DNS credentials

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. From 1.18.0 until 1.19.6 and 1.20.3, Challenge resources under acme.cert-manager.io can be created directly by namespace...

7.3CVSS0.00078EPSS
Exploits0References7
OSV
OSV
added 3 days ago3 views

CVE-2026-62290 cert-manager: Direct ACME Challenge resources can bypass Issuer DNS01 solver policy and use ClusterIssuer DNS credentials

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. From 1.18.0 until 1.19.6 and 1.20.3, Challenge resources under acme.cert-manager.io can be created directly by namespace...

7.3CVSS5.3AI score0.00078EPSS
Exploits0References9
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-44970

stoatchat before 0.14.0 contains a server-side request forgery SSRF vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the urlisblacklisted function, which inspects only the first resolved...

8.6CVSS6.1AI score0.00371EPSS
Exploits0References4
OSV
OSV
added 3 days ago5 views

CVE-2026-63088 stoatchat < 0.14.0 SSRF via DNS-based IP Blocklist Bypass

stoatchat before 0.14.0 contains a server-side request forgery SSRF vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the urlisblacklisted function, which inspects only the first resolved...

7.7CVSS6.1AI score0.00371EPSS
Exploits0References7
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-47703 AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by producing dnsid=0 or txid=0 and exposed a quoted-port ICMP source-port oracle, weakening DNS response...

6.3CVSS0.00135EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 4 days ago8 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS6.9AI score0.00939EPSS
Exploits0References8
OSV
OSV
added 4 days ago14 views

ROOT-APP-MAVEN-CVE-2026-47691 CVE-2026-47691 in io.root.io.netty:netty-resolver-dns - Patched by Root

Root has patched CVE-2026-47691 in the io.root.io.netty:netty-resolver-dns package for Root:Maven. Multiple fixed versions available...

10CVSS5.3AI score0.00292EPSS
Exploits0
RedHat Linux
RedHat Linux
added 4 days ago5 views

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS6.1AI score0.0034EPSS
Exploits0References8
Veracode
Veracode
added 4 days ago8 views

DNS Rebinding

9Router is vulnerable to DNS Rebinding. The vulnerability is due to inconsistent DNS validation during image fetching, where the image URL is validated and fetched using separate DNS resolutions, allowing attackers to exploit DNS rebinding to access internal HTTP services...

7.4CVSS6.1AI score0.00154EPSS
Exploits0References3Affected Software1
NVD
NVD
added 5 days ago5 views

CVE-2026-49169

Use after free in DNS Server allows an authorized attacker to execute code over a network...

8.8CVSS0.00509EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-50487 Windows DNS Client Elevation of Privilege Vulnerability

...

8.1CVSS0.00674EPSS
Exploits0References1
Rows per page
Query Builder