Lucene search
K

13 matches found

Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.21 views

PT-2026-48561

Name of the Vulnerable Software and Affected Versions Pi-hole FTL versions prior to 6.6.1 Description A race condition exists in the HTTP session management subsystem of the embedded CivetWeb-based web server. This issue was introduced during the v6.0 rewrite of the server engine. Recommendations...

8.8CVSS5.2AI score0.0023EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

FTL 竞争条件问题漏洞

FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL prior to 6.6.1 contained a race condition vulnerability, which stems from race conditions in the HTTP session management subsystem. This vulnerability could allow attackers to perform...

8.8CVSS5.3AI score0.0023EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 8:21 p.m.12 views

EUVD-2026-29295

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

8.8CVSS5.9AI score0.00132EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2025-14505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979...

5.6CVSS6AI score0.00161EPSS
Exploits0References4
OSV
OSV
added 2025/12/24 11:15 a.m.6 views

AZL-73066 CVE-2025-68345 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41hdareadacpi The acpigetfirstphysicalnode function can return NULL, in which case the getdevice function also returns NULL, but this value is then dereferenced without...

5.6AI score0.00206EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2025/11/14 10:3 p.m.5 views

CVE-2025-39841 affecting package kernel for versions less than 6.6.112.1-1

CVE-2025-39841 affecting package kernel for versions less than 6.6.112.1-1. A patched version of the package is available...

7.8CVSS6.8AI score0.00167EPSS
Exploits0
OSV
OSV
added 2025/06/30 8:15 a.m.12 views

AZL-64395 CVE-2025-38087 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in tapriodevnotifier Since taprio’s tapriodevnotifier isn’t protected by an RCU read-side critical section, a race with advancesched can lead to a use-after-free. Adding rcureadlock inside...

7.8CVSS6.3AI score0.00144EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 12:15 p.m.13 views

AZL-51023 CVE-2024-47698 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error Ensure index in rtl2832pidfilter does not exceed 31 to prevent out-of-bounds access. dev-filters is a 32-bit value, so setbit and clearbit functions should...

7.8CVSS6.7AI score0.00267EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:15 a.m.2 views

SUSE CVE-2019-7608

Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting XSS vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...

6.1CVSS7.8AI score0.01338EPSS
Exploits0References3
CNVD
CNVD
added 2020/06/04 12:0 a.m.3 views

Micro Focus ArcSight Logger Cross-Site Scripting Vulnerability (CNVD-2020-36749)

Micro Focus ArcSight Logger is a suite of log management software from Micro Focus UK. The software collects and integrates data from any log generation source for log management, searching, indexing, reporting, analysis and retention. A cross-site scripting vulnerability exists in Micro Focus...

6.1CVSS6.3AI score0.00641EPSS
Exploits0References1
OSV
OSV
added 2019/09/25 6:15 p.m.5 views

CVE-2019-6653

There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles...

5.4CVSS6AI score0.00631EPSS
Exploits0References2
CNVD
CNVD
added 2019/03/26 12:0 a.m.4 views

Kibana Command Injection Vulnerability

Elasticsearch Kibana is a suite of open source, browser-based analytics and search Elasticsearch dashboard tools from Elasticsearch Netherlands. A security vulnerability exists in the Security Audit Meters in Kibana versions prior to 5.6.15 and prior to 6.6.1. A remote attacker can exploit the...

9.3CVSS7.8AI score0.03908EPSS
Exploits0References1
OSV
OSV
added 2018/02/02 2:29 p.m.6 views

CVE-2017-18085

The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the key parameter...

6.1CVSS5.4AI score0.00825EPSS
Exploits0References2
Rows per page
Query Builder