PT-2026-20953

Name of the Vulnerable Software and Affected Versions Pi-hole versions 6.4 and below Description Pi-hole Admin Interface, a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application, is susceptible to stored HTML injection through the local DNS records...

CVE-2025-59151 Pi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injection

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed CRLF injection. When a request is made to a file ending with the .lp extension, t...

CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...