Fallos del tipo CWE-350

22 resultados

CVE-2021-22884—Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “lEPSS 32.4%CVE-2018-7160—The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. AEPSS 9.9%CVE-2017-0902—RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client EPSS 4.8%CVE-2026-1490CRITICALSpam protection, Honeypot, Anti-Spam by CleanTalk <= 6.71 - Authorization Bypass via Reverse DNS (PTR record) Spoofing to Unauthenticated Arbitrary Plugin InstallationEPSS 1.2%CVE-2020-11091MEDIUMWeave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisementsEPSS 0.9%CVE-2021-34561HIGHA vulnerability in WirelessHART-Gateway <= 3.0.8 allows to bypass any IP or firewall based access restrictions through DNS rebindingEPSS 0.8%CVE-2023-32020MEDIUMWindows DNS Spoofing VulnerabilityEPSS 0.7%CVE-2022-22364MEDIUMIBM Cognos Controller security bypassEPSS 0.5%CVE-2023-52235HIGHSpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a reEPSS 0.5%CVE-2026-28271MEDIUMKiteworks Core is vulnerable to Server-Side Request Forgery (SSRF)EPSS 0.4%CVE-2025-8036HIGHDNS rebinding circumvents CORSEPSS 0.4%CVE-2025-59956MEDIUMAgentAPI exposed user chat history via a DNS rebinding attackEPSS 0.4%CVE-2025-59163LOWvet MCP Server SSE Transport DNS Rebinding VulnerabilityEPSS 0.4%CVE-2026-24281MEDIUMApache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManagerEPSS 0.3%CVE-2026-33002HIGHJenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made tEPSS 0.3%CVE-2025-24010MEDIUMVite allows any websites to send any requests to the development server and read the responseEPSS 0.3%CVE-2024-53275MEDIUMGHSL-2024-091: DNS rebinding attack in home-galleryEPSS 0.3%CVE-2026-6874MEDIUMericc-ch copilot-api Header token dns rebindingEPSS 0.3%CVE-2026-36604MEDIUMMercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An eEPSS 0.3%CVE-2024-42364MEDIUMhomepage DNS rebinding vulnerability (GHSL-2024-096)EPSS 0.2%

← anteriorpágina 1 / 2siguiente →