21 matches found
CVE-2026-35491
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
CVE-2026-35491
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
CVE-2026-35491 Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
CVE-2026-35491
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
CVE-2026-35491 Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
EUVD-2026-19676
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
CVE-2026-35491
Pi-hole FTL (FTLDNS) from 6.0 to before 6.6 exposes a vulnerability where CLI API sessions (webserver.api.cli_pw) could import Teleporter archives via the /api/teleporter endpoint and overwrite configuration, despite /api/config blocking CLI sessions. This creates an authorization bypass that let...
PT-2026-30863
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.cli pw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...
FTL 安全漏洞
FTL is an open-source network advertising interception and statistics tool developed by Pi-hole. Versions of FTL from 6.0 to 6.6 had security vulnerabilities. These vulnerabilities stemmed from the /api/teleporter function, which allowed CLI sessions to perform Teleporter imports. This could allo...
CVE-2026-33406
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoint are placed directly into HTML value="" attributes without escaping in settings-advanced.js,...
EUVD-2026-19285
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoint are placed directly into HTML value="" attributes without escaping in settings-advanced.js,...
CVE-2026-33406 Pi-hole has a Stored HTML attribute injection
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoint are placed directly into HTML value="" attributes without escaping in settings-advanced.js,...
PT-2026-30628
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoint are placed directly into HTML value="" attributes without escaping in settings-advanced.js,...
CVE-2026-3034 OoohBoi Steroids for Elementor <= 2.1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the obspaceratlink, obbbadlink, and obteleporterlink URL parameters in all versions up to, and including, 2.1.24. This makes it possible for authenticated attackers, with Contributor-level...
EUVD-2020-7101
Malware in sbrugna...
Oracle VirtualBox Teleporter Improper Error Handling Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Oracle VirtualBox. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Teleporter service. The issue results from the lack of proper error handling when...
CVE-2020-14971
Pi-hole through 5.0 allows code injection in piholedhcp the Static DHCP Leases section by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.g...
CVE-2020-14971
Pi-hole through 5.0 allows code injection in piholedhcp the Static DHCP Leases section by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.g...
Code injection
Pi-hole through 5.0 allows code injection in piholedhcp the Static DHCP Leases section by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.g...
CVE-2020-14971
CVE-2020-14971 affects Pi-hole up to version 5.0, enabling code injection in the piholedhcp component (Static DHCP Leases) by tampering Teleporter backup archives. An attacker can request a limited backup via teleporter.php, receive a .tar.gz, modify the host parameter in dnsmasq.d files inside t...