10 matches found
EUVD-2026-17361
An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...
UBUNTU-CVE-2026-0396
An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...
CVE-2026-0396 HTML injection in the web dashboard
An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...
CVE-2026-0396
CVE-2026-0396 : The vulnerability affects a DNSdist instance with domain-based dynamic rules enabled (DynBlockRulesGroup:setSuffixMatchRule or setSuffixMatchRuleFFI). An attacker can inject HTML content into the internal web dashboard by sending crafted DNS queries. The reports do not specify aff...
CVE-2026-0396
An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...
CVE-2026-0396
An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...
CVE-2026-33393
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...
CorsMe - Cross Origin Resource Sharing MisConfiguration Scanner
A Misconfiguration Scanner cors misconfiguration scanner tool based on golang with speed and precision in mind ! Misconfiguration type thisscanner can check for Reflect Origin checks Prefix Match Suffix Match Not Esacped Dots Null ThirdParties Like = github.io, repl.it etc. Taken from Chenjj's...
Lighttpd < 1.4.23 Source Code Disclosure Vulnerability (BSD/Solaris bug)
No description provided by source. Severe vulnerability due to a bug in FreeBSD, OS X and Solaris 10 filesystems affecting Lighttpd 1.4.23 A bug was discovered in the way FreeBSD, OS X and Solaris prior version 10 handle symlinks appended with a slash /. Accessing a regular file through a symboli...
Lighttpd < 1.4.23 (BSD/Solaris) - Source Code Disclosure
Severe vulnerability due to a bug in FreeBSD, OS X and Solaris 10 filesystems affecting Lighttpd 1.4.23 A bug was discovered in the way FreeBSD, OS X and Solaris prior version 10 handle symlinks appended with a slash /. Accessing a regular file through a symbolic link with appended slash succeeds...