Lucene search
K

19 matches found

OSV
OSV
added 2026/02/19 10:50 p.m.9 views

CVE-2026-26953 Pi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions Table

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.0 and above have a Stored HTML Injection vulnerability in the active sessions table located on the API settings page, allowing an attacker with valid credentia...

5.4CVSS6.2AI score0.00294EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/19 10:43 p.m.5 views

CVE-2026-26952 Pi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag Attribute

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.4 and below are vulnerable to stored HTML injection through the local DNS records configuration page, which allows an authenticated administrator to inject cod...

5.4CVSS5.7AI score0.0024EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

Pi-hole Web Interface 安全漏洞

The Pi-hole Web Interface is an open-source dashboard web interface developed by Pi-hole. Versions of the Pi-hole Web Interface 6.0 and later contain security vulnerabilities. These vulnerabilities stem from a storage-type HTML injection vulnerability in the API settings page’s activity session...

5.4CVSS6AI score0.00294EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2025/11/06 12:0 a.m.6 views

Pi-hole Web Interface < 6.3 Multiple Vulnerabilities

The Pi-hole Web Interface previously AdminLTE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.2CVSS7AI score0.00564EPSS
Exploits4References5
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.3 views

Pi-hole Web Interface 跨站脚本漏洞

Pi-hole Web Interface is a dashboard web interface from Pi-hole open source. A cross-site scripting vulnerability exists in Pi-hole Web Interface 6.2.1 and prior versions, which stems from a 404 error page that is not properly cleaned up or escapes the URL path, and could lead to a reflective...

6.1CVSS5.8AI score0.00564EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.9 views

Pi-hole Web Interface 跨站脚本漏洞

Pi-hole Web Interface is a dashboard web interface from Pi-hole open source. A cross-site scripting vulnerability exists in Pi-hole Web Interface versions prior to 6.3, which stems from improper input cleanup in the Address field and could lead to a cross-site scripting attack...

5.4CVSS5.8AI score0.00228EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-28278

Malicious code in bioql PyPI...

7.3CVSS5.8AI score0.00871EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/07/29 12:0 a.m.9 views

Pi-Hole Web 4.3.2 < 4.3.3 RCE

The version of Pi-Hole Web running on the remote web server is 4.3.2 prior to 4.3.3. It is, therefore, affected by a remote code execution vulnerability by privileged dashboard users via a crafted DHCP static lease. Note that Nessus has not tested for this issue but has instead relied only on the...

9.1CVSS8.7AI score0.7819EPSS
Exploits13References3
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.10 views

CVE-2021-32706

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the validDomainWildcard pregmatch filter allows a malicious character through that can be used to execute code, list directories, and...

8.8CVSS6.8AI score0.60181EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2023/11/30 12:0 a.m.21 views

Pi-hole Web Interface <= 5.5.1 Multiple Vulnerabilities

The Pi-hole Web Interface previously AdminLTE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.9AI score0.01101EPSS
Exploits3References6
Cvelist
Cvelist
added 2023/01/26 10:15 a.m.41 views

CVE-2023-23614 Improper session handling of "Remember me for 7 days" functionality

Pi-hole®'s Web interface based off of AdminLTE provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as "Remember me for 7 days" cookie value makes it possible for an...

8.8CVSS8.8AI score0.0097EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/10/26 2:15 p.m.4 views

CVE-2021-41175

Pi-hole's Web interface based on AdminLTE provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Prior to version 5.8, cross-site scripting is possible when adding a client via the groups-clients management page. This issue was patched in version 5.8...

7.3CVSS5.9AI score0.00871EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2021/08/04 6:15 p.m.19 views

Cross site scripting

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the function to add domains to blocklists or allowlists is vulnerable to a stored cross-site-scripting vulnerability. User input added ...

3.5CVSS4.8AI score0.00791EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/08/04 5:50 p.m.44 views

CVE-2021-32706 (Authenticated) Remote Code Execution Possible in Web Interface 5.5

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the validDomainWildcard pregmatch filter allows a malicious character through that can be used to execute code, list directories, and...

7.6CVSS8.9AI score0.60181EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2020/06/26 12:0 a.m.40 views

Pi-hole Web Interface < 5.1 Multiple Vulnerabilities

The Pi-hole Web Interface previously AdminLTE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.8CVSS7.9AI score0.00587EPSS
Exploits1References4
OSV
OSV
added 2020/05/29 7:15 p.m.26 views

CVE-2020-8816

Pi-hole Web v4.3.2 aka AdminLTE allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease...

7.2CVSS7.2AI score0.7819EPSS
Exploits13References8
Vulnrichment
Vulnrichment
added 2020/05/29 6:57 p.m.6 views

CVE-2020-8816

Pi-hole Web v4.3.2 aka AdminLTE allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease...

9.1CVSS7.3AI score0.7819EPSS
Exploits13References7
ATTACKERKB
ATTACKERKB
added 2020/05/29 12:0 a.m.99 views

CVE-2020-8816

Pi-hole Web v4.3.2 aka AdminLTE allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.1CVSS7.4AI score0.7819EPSS
In wildExploits13References9
Positive Technologies
Positive Technologies
added 2020/03/28 12:0 a.m.6 views

PT-2020-6849

Name of the Vulnerable Software and Affected Versions Pi-hole Web version 4.3.2 Description The issue allows remote code execution by privileged dashboard users via a crafted DHCP static lease. This is due to the failure to neutralize special elements used in the operating system command...

9.1CVSS9.2AI score0.7819EPSS
Exploits13References27
Rows per page
Query Builder