CVE-2026-47703
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding pat
CVSS
—
Sin CVSS
EPSS
0.1%
p3
KEV
—
Exploit Today
1
0-100
Publicado: 15 jul 2026 · Última mod.: 15 jul 2026 · CWE-330 · CWE-346
Sin historial EPSS suficiente todavía.
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by producing dns_id=0 or txid=0 and exposed a quoted-port ICMP source-port oracle, weakening DNS response matching for forwarded queries. This issue is fixed in version 0.107.75.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-342918.8 ALT99.6%
KEV—80Langflow Origin Validation Error Vulnerability3dCVE-2022-365369.8 CRÍ88.9%
——27An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.9dCVE-2021-460108.8 ALT65.1%
——20Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations.9dCVE-2022-293304.9 MED55.2%
——17Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.9dCVE-2023-307977.5 ALT51.9%
——16Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.3dCVE-2026-271489.6 CRÍ41.9%
——13Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability only affects the Storybook dev server; production builds are not impacted. Exploitation requires a developer to visit a malicious website while their local Storybook dev server is running. Because the WebSocket connection does not validate the origin of incoming connections, a malicious site can silently send WebSocket messages to the local instance without any further user interaction. If the Storybook dev server is intentionally exposed publicly (e.g. for design reviews or stakeholder demos) the risk is higher, as no malicious site visit is required. Any unauthenticated attacker can send WebSocket messages to it directly. The vulnerability affects the WebSocket message handlers for creating and saving stories. Both are vulnerable to injection via unsanitized input in the componentFilePath field, which can be exploited to achieve persistent XSS or Remote Code Execution (RCE). Versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10 contain a fix for the issue.3d