Search
Search Results (8 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32136 | 1 Adguard | 1 Adguardhome | 2026-03-13 | 9.8 Critical |
| AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (h2c). Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware attached. All subsequent HTTP/2 requests on that connection are processed as fully authenticated, regardless of whether any credentials were provided. This vulnerability is fixed in 0.107.73. | ||||
| CVE-2023-41173 | 1 Adguard | 1 Adguard Dns | 2026-01-14 | 7.5 High |
| AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets. | ||||
| CVE-2025-51497 | 1 Adguard | 2 Adguard, Adguard For Safari | 2025-10-09 | 5.5 Medium |
| An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22. | ||||
| CVE-2022-32175 | 1 Adguard | 1 Adguardhome | 2025-05-20 | 5.4 Medium |
| In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules. | ||||
| CVE-2022-45770 | 1 Adguard | 1 Adguard | 2025-03-31 | 7.8 High |
| Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation. | ||||
| CVE-2024-36586 | 1 Adguard | 1 Adguardhome | 2024-11-21 | 8.8 High |
| An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary. | ||||
| CVE-2021-27935 | 1 Adguard | 1 Adguard Home | 2024-11-21 | 7.5 High |
| An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie. | ||||
| CVE-2024-36814 | 1 Adguard | 1 Adguard Home | 2024-10-10 | 4.9 Medium |
| An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory. | ||||
Page 1 of 1.