Browse all 3 CVE security advisories affecting ensdomains. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ensdomains operates as a domain registrar and web hosting provider, enabling organizations and individuals to establish online presences through domain registration and website management services. Historically, the platform has been susceptible to various vulnerability classes, including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from input validation failures and improper access controls. While no major public security incidents have been widely documented, the three CVEs associated with ensdomains highlight recurring issues in web application security, particularly in areas like user input handling and authentication mechanisms, which remain critical focus areas for maintaining secure domain and hosting operations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-22866 | ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation — ens-contractsCWE-347 | 5.9AI | MediumAI | 2026-02-25 |
| CVE-2023-38698 | .eth registrar controller can shorten the duration of registered names — ens-contractsCWE-190 | 4.9 | Medium | 2023-08-04 |
| CVE-2020-5232 | Ethereum Name Service - Malicious takeover of previously owned ENS names — @ensdomains/ensCWE-285 | 8.7 | High | 2020-01-30 |
This page lists every published CVE security advisory associated with ensdomains. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.