Lucene search
K

10 matches found

EUVD
EUVD
added 2026/03/31 12:31 p.m.5 views

EUVD-2026-17361

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

3.1CVSS5.9AI score0.00136EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 12:16 p.m.4 views

UBUNTU-CVE-2026-0396

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

4.3CVSS5.8AI score0.00136EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/31 11:50 a.m.23 views

CVE-2026-0396 HTML injection in the web dashboard

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

3.1CVSS0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 11:50 a.m.22 views

CVE-2026-0396

CVE-2026-0396 affects dnsdist, a DNS load balancer. The issue arises when domain-based dynamic rules are enabled (DynBlockRulesGroup:setSuffixMatchRule / setSuffixMatchRuleFFI), allowing crafted DNS queries to cause HTML content injection into the internal web dashboard. Associated advisories con...

4.3CVSS5.9AI score0.00136EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/03/31 11:50 a.m.4 views

CVE-2026-0396

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

4.3CVSS5.3AI score0.00136EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/03/31 11:50 a.m.5 views

CVE-2026-0396

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

4.3CVSS5.8AI score0.00136EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:4 p.m.3 views

CVE-2026-33393

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References5Affected Software1
Kitploit
Kitploit
added 2020/06/25 1:0 p.m.43 views

CorsMe - Cross Origin Resource Sharing MisConfiguration Scanner

A Misconfiguration Scanner cors misconfiguration scanner tool based on golang with speed and precision in mind ! Misconfiguration type thisscanner can check for Reflect Origin checks Prefix Match Suffix Match Not Esacped Dots Null ThirdParties Like = github.io, repl.it etc. Taken from Chenjj's...

7.2AI score
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

Lighttpd < 1.4.23 Source Code Disclosure Vulnerability (BSD/Solaris bug)

No description provided by source. Severe vulnerability due to a bug in FreeBSD, OS X and Solaris 10 filesystems affecting Lighttpd 1.4.23 A bug was discovered in the way FreeBSD, OS X and Solaris prior version 10 handle symlinks appended with a slash /. Accessing a regular file through a symboli...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/05/26 12:0 a.m.35 views

Lighttpd &lt; 1.4.23 (BSD/Solaris) - Source Code Disclosure

Severe vulnerability due to a bug in FreeBSD, OS X and Solaris 10 filesystems affecting Lighttpd 1.4.23 A bug was discovered in the way FreeBSD, OS X and Solaris prior version 10 handle symlinks appended with a slash /. Accessing a regular file through a symbolic link with appended slash succeeds...

7.4AI score
Exploits0
Rows per page
Query Builder