Lucene search
K
GithubRecent

33225 matches found

Github Security Blog
Github Security Blog
added 2026/04/16 9:9 p.m.7 views

ChilliCream GraphQL Platform: Utf8GraphQLParser Stack Overflow via Deeply Nested GraphQL Documents

Impact Hot Chocolate's Utf8GraphQLParser is a recursive descent parser with no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types can trigger a StackOverflowException on payloads as small as 40 KB. Because...

9.1CVSS5.7AI score0.00902EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 9:9 p.m.6 views

zrok: Broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records

Summary The unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the condition short-circuits to false and allows the deletion to proceed without any ownership...

5.3CVSS5.8AI score0.00286EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/16 9:9 p.m.11 views

zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

Summary endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger...

7.5CVSS5.7AI score0.00453EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/16 9:8 p.m.5 views

zrok: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering

Summary The proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the attacker-controlled refreshInterval query parameter verbatim into an error message when...

6.1CVSS5.9AI score0.00209EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/16 9:8 p.m.8 views

Weblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix Collision

Impact Weblate repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses startswith against the repository root path. This is not path-segment aware and can be bypassed when the external path shares the same string prefix as t...

5CVSS5.8AI score0.00324EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 9:8 p.m.6 views

sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements

Summary Commit 49d0bb7 introduced a regression in sanitize-html that bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option. Entity-encoded HTML inside these elements passes through the sanitizer as decoded, unescaped HTML, allowing injection of arbitrary...

6.1CVSS6.1AI score0.00235EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 9:8 p.m.9 views

Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints

Summary An unauthenticated debug endpoint in Dgraph Alpha exposes the full process command line, including the configured admin token from --security "token=...". This does not break token validation logic directly; instead, it discloses the credential and enables unauthorized admin-level access ...

9.4CVSS5.9AI score0.00509EPSS
Exploits1References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/16 8:45 p.m.10 views

ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions

Summary The choices and counts query parameters in the Apostrophe CMS REST API allow unauthenticated users to extract distinct field values for any schema field that has a registered query builder, completely bypassing publicApiProjection restrictions that are intended to limit which fields are...

5.3CVSS5.9AI score0.00435EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:45 p.m.10 views

Weblate: SSRF via the webhook add-on using unprotected fetch_url()

Impact The webhook add-on did not utilize existing SSRF protection. Patches https://github.com/WeblateOrg/weblate/pull/18815 Workarounds Disabling the add-on would avoid misusing this. References Thanks to @Lihfdgjr for reporting this via GitHub...

4.1CVSS5.8AI score0.00275EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:44 p.m.10 views

Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots

Impact The serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly interpret dots . as a regular expression matcher. Because . is a valid character in a service account name, an AuthorizationPolicy ALLOW rule targeting SA e.g. cert-manager.io also matches cert-manager-io,...

5.4CVSS5.8AI score0.00209EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:44 p.m.10 views

MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

Summary The readRequestBody function in src/transports/http/server.ts concatenates HTTP request body chunks into a string with no size limit, allowing a remote unauthenticated attacker to crash the server via memory exhaustion with a single large HTTP POST request. Details File:...

8.7CVSS5.9AI score0.00495EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:44 p.m.17 views

Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS

Summary A stored cross-site scripting XSS vulnerability exists in SEO-related fields SEO Title and Meta Description in ApostropheCMS. Improper neutralization of user-controlled input in SEO-related fields allows injection of arbitrary JavaScript into HTML contexts, resulting in stored cross-site...

8.7CVSS5.3AI score0.00298EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:44 p.m.8 views

SpdyStream: DOS on CRI

The SPDY/3 frame parser in spdystream does not validate attacker-controlled counts and lengths before allocating memory. A remote peer that can send SPDY frames to a service using spdystream can cause the process to allocate gigabytes of memory with a small number of malformed control frames,...

8.7CVSS5.9AI score0.00656EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:43 p.m.8 views

Weblate: Privilege escalation in the user API endpoint

Impact The user patching API endpoint didn't properly limit the scope of edits. Patches https://github.com/WeblateOrg/weblate/pull/18687 References Thanks to @tikket1 and @DavidCarliez for reporting this via GitHub. We received two individual reports for this...

8.8CVSS5.8AI score0.00391EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:43 p.m.9 views

Weblate: SSRF via Project-Level Machinery Configuration

Impact A user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate makes an HTTP request to the attacker-controlled URL and reflec...

5CVSS5.8AI score0.0024EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:43 p.m.7 views

Weblate: Arbitrary File Read via Symlink

Impact The ZIP download feature didn't verify downloaded file and it could follow symlinks outside the repository. Patches https://github.com/WeblateOrg/weblate/pull/18683 References Thanks to @DavidCarliez for reporting this vulnerability via GitHub...

7.7CVSS5.8AI score0.00465EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:42 p.m.7 views

Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService

Summary The InboxHandlingService logs the full content of every incoming inbox message at INFO level logger.info"Received message: ", message. Inbox messages are wrappers around outbox message data, which can contain highly sensitive information such as personal data PII, citizen identifiers BSN,...

4.9CVSS5.8AI score0.00366EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:42 p.m.8 views

ApostropheCMS: Stored XSS via CSS Custom Property Injection in @apostrophecms/color-field Escaping Style Tag Context

Summary The @apostrophecms/color-field module bypasses color validation for values prefixed with -- intended for CSS custom properties, but performs no HTML sanitization on these values. When styles containing attacker-controlled color values are rendered into tags — both in the global stylesheet...

5.4CVSS6.1AI score0.0021EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:42 p.m.8 views

ApostropheCMS: publicApiProjection Bypass via project Query Builder in Piece-Type REST API

Summary The getRestQuery method in the @apostrophecms/piece-type module checks whether a MongoDB projection has already been set before applying the admin-configured publicApiProjection. An unauthenticated attacker can supply a project query parameter in the REST API request to pre-populate the...

5.3CVSS5.6AI score0.00512EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:42 p.m.7 views

ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint

Summary The password reset endpoint /api/v1/@apostrophecms/login/reset-request exhibits a measurable timing side channel that allows unauthenticated attackers to enumerate valid usernames and email addresses. When a user is not found, the handler returns after a fixed 2-second artificial delay, b...

3.7CVSS5.8AI score0.00365EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:41 p.m.8 views

Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads

Impact The ALLOWEDASSETDOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. Patches https://github.com/WeblateOrg/weblate/pull/18550 References This issue was reported by @spbavarva via GitHub...

5CVSS5.8AI score0.0024EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:41 p.m.7 views

Weblate: Remote code execution during backup restoration

Impact The project backup didn't filter Git and Mercurial configuration files and this could lead to remote code execution under certain circumstances. Patches https://github.com/WeblateOrg/weblate/pull/18549 Workarounds The project backup is only accessible to users who can create projects...

8CVSS6.4AI score0.00708EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:41 p.m.8 views

Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository

Impact The translation memory API exposed unintended endpoints, which in turn didn't do proper access control. Patches https://github.com/WeblateOrg/weblate/pull/18516 Workarounds The CDN add-on is not enabled by default. References Thanks to @spbavarva for reporting this responsibly via GitHub...

6.8CVSS5.8AI score0.00323EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:41 p.m.5 views

Weblate: Improper access control for the translation memory in API

Impact The translation memory API exposed unintended endpoints, which in turn didn't do proper access control. Patches https://github.com/WeblateOrg/weblate/pull/18513 Workarounds Blocking access to /api/memory/ in the HTTP server removes access to this feature. References This issue was reported...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:41 p.m.7 views

Weblate: Improper access control for pending tasks in API

Impact The API for tasks didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. Patches https://github.com/WeblateOrg/weblate/pull/18515 Workarounds The attacker needs to guess the random UUID of the task, so...

3.1CVSS5.8AI score0.00221EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:40 p.m.8 views

Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption

Details A buffer overflow vulnerability exists in Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to...

9.8CVSS6.8AI score0.00561EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 8:40 p.m.7 views

Silverstripe Assets Module has a DBFile::getURL() permission bypass

Impact Images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which bypasses file permissions. This usually happens when creating an image variant, for example using a manipulation method like ScaleWidt...

5.3CVSS5.7AI score0.00398EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 3:31 p.m.6 views

Withdrawn Advisory: Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p2gh-cfq4-4wjc. This link is maintained to preserve external references. Original Description A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input...

7.1CVSS5.7AI score0.0036EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 3:31 p.m.6 views

goodoneuz/pay-uz: the /payment/api/editable/update endpoint overwrites existing PHP payment hook files

The goodoneuz/pay-uz Laravel package = 2.2.24 contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any without authentication middleware, enabling remot...

10CVSS6.4AI score0.01941EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 3:31 p.m.6 views

Apache Airflow: JWT token appearing in logs

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue...

7.5CVSS5.8AI score0.00739EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 3:31 p.m.9 views

SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

7.5CVSS5.8AI score0.00544EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 3:31 p.m.21 views

Apache Airflow: RCE by race condition in example_xcom dag

The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...

8.1CVSS5.9AI score0.00579EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 1:37 a.m.12 views

wger has Stored XSS via Unescaped License Attribution Fields

Stored XSS via Unescaped License Attribution Fields Summary The AbstractLicenseModel.attributionlink property in wger/utils/models.py constructs HTML strings by directly interpolating user-controlled fields licenseauthor, licensetitle, licenseobjecturl, licenseauthorurl, licensederivativesourceur...

5.4CVSS6AI score0.00207EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 1:35 a.m.5 views

wger has Broken Access Control in Global Gym Configuration Update Endpoint

Summary wger exposes a global configuration edit endpoint at /config/gym-config/edit implemented by GymConfigUpdateView. The view declares permissionrequired = 'config.changegymconfig' but does not enforce it because it inherits WgerFormMixin ownership-only checks instead of the project’s...

7.6CVSS5.8AI score0.00333EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 1:34 a.m.14 views

Renovate affected by remote code execution was possible using the bazel-module or bazelisk managers, when using lockFileMaintenance

When using lockFileMaintenance using the bazel-module or bazelisk managers between Renovate 43.65.0 2026-03-12 and 43.102.11 2026-04-02, there was the opportunity for remote code execution from a malicious dependency, if the Bazel module executes code that relies on a dependency. As this is an...

6.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 1:31 a.m.11 views

UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen

uefi-firmware contains a heap out-of-bounds write vulnerability in the native tiano/EFI decompressor. in uefifirmware/compression/Tiano/Decompress.c, ReadCLen reads Number = GetBitsSd, CBIT with CBIT = 9, so Number can be as large as 511, while the destination array Sd-mCLen has NC = 510 elements...

7.8CVSS6.1AI score0.00396EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 1:30 a.m.13 views

UEFI Firmware Parser has a stack out-of-bounds write in tiano decompressor MakeTable

uefi-firmware contains a stack out-of-bounds write vulnerability in the native tiano/EFI decompressor. in uefifirmware/compression/Tiano/Decompress.c, MakeTable does not validate that bit-length values read from the compressed bitstream are within the expected range 0..16. a crafted firmware blob...

7.8CVSS6.1AI score0.00396EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 1:20 a.m.6 views

pyLoad has a Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

Summary The setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted proxy, then mutates the global Flask configuration SESSIONCOOKIESECURE on every request...

4.8CVSS5.8AI score0.00171EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 1:20 a.m.6 views

LangSmith SDK: Streaming token events bypass output redaction

Summary The LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When an LLM run produces streaming output, each chunk is recorded as a newtoken event containing the raw token value. These events bypass the redaction pipeline...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 1:9 a.m.8 views

PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

Summary The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. The blocklist implemented in PluginSecurity.validateplugincode is incomplete and can be bypassed using several Python constructs that are not checked. An...

7.8CVSS6.6AI score0.00185EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 1:4 a.m.7 views

MsQuic has a Remote Elevation of Privilege Vulnerability

Summary Improper input validation in Microsoft QUIC allows an unauthorized attacker to elevate privileges over a network. Details Improper Input Validation Integer Underflow Wrap or Wraparound when decoding ACK frame. Patches - Fix underflow in ACK frame parsing - 1e6e999b Impact An attacker who...

5.8AI score0.00075EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/16 1:3 a.m.9 views

@fastify/express has a middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)

Summary @fastify/express v4.0.4 fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-scoped authentication middleware via two vectors: 1. Duplicate slashes //admin/dashboard when...

9.1CVSS5.9AI score0.00483EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 1:3 a.m.8 views

@fastify/express's middleware path doubling causes authentication bypass in child plugin scopes

Summary @fastify/express v4.0.4 contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. This results in complete bypass of Express middleware security controls for all routes defined within child plugin scopes that share ...

9.1CVSS5.8AI score0.0043EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 1:2 a.m.9 views

Fastify's connection header abuse enables stripping of proxy-added headers

Summary @fastify/reply-from and @fastify/http-proxy process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers like access control or identification headers from upstream requests by...

9CVSS5.9AI score0.00441EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/16 1:2 a.m.8 views

Path traversal in vite-plus/binding downloadPackageManager() writes outside VP_HOME

Summary downloadPackageManager in vite-plus/binding accepts an untrusted version string and uses it directly in filesystem paths. A caller can supply ../ segments to escape the VPHOME/packagemanager// cache root and cause Vite+ to delete, replace, and populate directories outside the intended cac...

10CVSS5.8AI score0.00311EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 1:2 a.m.17 views

hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR

Summary Improper handling of JSX attribute names in hono/jsx allows malformed attribute keys to corrupt the generated HTML output. When untrusted input is used as attribute keys during server-side rendering, specially crafted keys can break out of attribute or tag boundaries and inject unintended...

5.3CVSS5.7AI score0.00174EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 1:2 a.m.10 views

Froxlor has Local File Inclusion via path traversal in API `def_language` parameter leads to Remote Code Execution

Summary The Froxlor API endpoint Customers.update and Admins.update does not validate the deflanguage parameter against the list of available language files. An authenticated customer can set deflanguage to a path traversal payload e.g., ../../../../../var/customers/webs/customer1/evil, which is...

9.9CVSS6.4AI score0.00524EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 12:54 a.m.8 views

ProcessWire: server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...

5.9AI score0.00385EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 12:50 a.m.8 views

Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)

Summary PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, the privilegeduser parameter which has no input validation is written...

9.1CVSS6AI score0.0048EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 12:47 a.m.12 views

Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()

Summary DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g., NAPTR, PTR, HINFO, content validation is entirely bypassed. Embedded...

8.5CVSS5.9AI score0.00347EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities33225