2863 matches found
CVE-2025-71390
SurrealDB prior to 2.2.6, 2.3.6, 2.1.8 and 3.0.0-alpha.7 and earlier fails to validate DNS-resolved hostnames against --deny-net network restrictions in http::* functions. An authenticated user can call http::() using a hostname that resolves to a denied IP, causing the server to perform the requ...
CVE-2026-48487 Zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, readcharacterstring and readstring in src/zeroconf/protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checking it against self.datalen, allowing unauthenticated hosts on th...
CVE-2026-47184 Zeroconf: Unbounded DNS record cache allows LAN-local memory exhaustion via multicast flood
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 224.0.0.251 / ff02::f...
CVE-2026-47184 Zeroconf: Unbounded DNS record cache allows LAN-local memory exhaustion via multicast flood
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 224.0.0.251 / ff02::f...
CVE-2026-47180
CVE-2026-47180 affects the Zeroconf Python library. The vulnerability stems from DNSIncoming._decode_labels_at_offset recursing for each DNS-name compression pointer; a crafted mDNS packet with ~1500 chained pointers can cause unbounded recursion, escaping DNSIncoming.init and triggering sustaine...
CVE-2026-62212
OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should hav...
EUVD-2026-45100
OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should hav...
CVE-2026-62212 OpenClaw < 2026.5.28 Authentication Bypass via safeFetch
OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should hav...
CVE-2026-62299
CoreDNS is a DNS server written in Go. Prior to 1.14.5, the CoreDNS rewrite plugin supports edns0 rewrite rules with an optional revert flag, and two response rules, edns0SetResponseRule and edns0ReplaceResponseRuleT in plugin/rewrite/edns0.go, call res.IsEdns0 and immediately dereference the...
CVE-2026-62290 cert-manager: Direct ACME Challenge resources can bypass Issuer DNS01 solver policy and use ClusterIssuer DNS credentials
cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. From 1.18.0 until 1.19.6 and 1.20.3, Challenge resources under acme.cert-manager.io can be created directly by namespace...
CVE-2026-62290 cert-manager: Direct ACME Challenge resources can bypass Issuer DNS01 solver policy and use ClusterIssuer DNS credentials
cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. From 1.18.0 until 1.19.6 and 1.20.3, Challenge resources under acme.cert-manager.io can be created directly by namespace...
EUVD-2026-44970
stoatchat before 0.14.0 contains a server-side request forgery SSRF vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the urlisblacklisted function, which inspects only the first resolved...
CVE-2026-63088 stoatchat < 0.14.0 SSRF via DNS-based IP Blocklist Bypass
stoatchat before 0.14.0 contains a server-side request forgery SSRF vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the urlisblacklisted function, which inspects only the first resolved...
CVE-2026-47703 AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by producing dnsid=0 or txid=0 and exposed a quoted-port ICMP source-port oracle, weakening DNS response...
crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries
A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...
ROOT-APP-MAVEN-CVE-2026-47691 CVE-2026-47691 in io.root.io.netty:netty-resolver-dns - Patched by Root
Root has patched CVE-2026-47691 in the io.root.io.netty:netty-resolver-dns package for Root:Maven. Multiple fixed versions available...
crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application
A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...
DNS Rebinding
9Router is vulnerable to DNS Rebinding. The vulnerability is due to inconsistent DNS validation during image fetching, where the image URL is validated and fetched using separate DNS resolutions, allowing attackers to exploit DNS rebinding to access internal HTTP services...
CVE-2026-49169
Use after free in DNS Server allows an authorized attacker to execute code over a network...
CVE-2026-50487 Windows DNS Client Elevation of Privilege Vulnerability
...