Lucene search
K

6836 matches found

CVE
CVE
added 3 days ago447 views

CVE-2026-55808

Drupal core is affected by CVE-2026-55808, a Cross-Site Scripting (XSS) vulnerability caused by improper validation in content uploads. The JSON:API and REST modules allow image files to be uploaded to image fields; validation checks only file extensions and not MIME types, which could let a non-...

6.1AI score0.0015EPSS
Exploits0References1
Veracode
Veracode
added 3 days ago5 views

Improper Input Validation

github.com/coder/coder is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of the scheme and host in external workspace application URLs before substituting the $SESSIONTOKEN placeholder, which allows an attacker controlling a malicious workspace templa...

7.7CVSS6.1AI score0.00336EPSS
Exploits0References9Affected Software2
NVD
NVD
added 3 days ago7 views

CVE-2026-21053

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS0.00111EPSS
Exploits0References1
NVD
NVD
added 3 days ago8 views

CVE-2026-15288

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS0.00333EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-21053

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS6AI score0.00111EPSS
Exploits0References2
CVE
CVE
added 3 days ago7 views

CVE-2026-21053

CVE-2026-21053 describes an inability to properly validate input in Samsung Email before 6.2.13.1, allowing local attackers to create arbitrary files inside the app sandbox. Affected product/version: Samsung Email prior to 6.2.13.1. Root cause: improper input validation in the application. Impact...

5.1CVSS6AI score0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-21053

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS0.00111EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-15288

CVE-2026-15288 affects the SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress. All versions up to and including 2.2.1 are vulnerable to Improper Input Validation: the plugin accepts the payment amount directly from user-controlled POST data in the create_payment_intent and ...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42706

An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a specific packet is received from device in the same broadcast...

7.1CVSS6AI score0.00269EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-12879

An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is...

5.9CVSS0.00188EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42584

An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is...

5.9CVSS6AI score0.00188EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-5356

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 5.4.0. This is due to the plugin's Stripe Connect payment processor accepting a client-supplied PaymentIntent ID. This makes it...

7.5CVSS0.0021EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42227

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 5.4.0. This is due to the plugin's Stripe Connect payment processor accepting a client-supplied PaymentIntent ID. This makes it...

7.5CVSS6AI score0.0021EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56400

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.4.1 Description Improper input validation in the Stripe Connect payment processor allows unauthenticated attackers to pay an arbitrary amount. This occurs...

7.5CVSS6.2AI score0.0021EPSS
Exploits0References5
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1141 Apache Airflow Spark Provider Improper Input Validation vulnerability

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected...

7.5CVSS7AI score0.01667EPSS
Exploits0References6
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1140 Apache Airflow Spark Provider vulnerable to improper input validation

Apache Software Foundation Apache Airflow Spark Provider before 4.0.1 is vulnerable to improper input validation because the host and schema of JDBC Hook can contain / and ? which is used to denote the end of the field...

7.5CVSS7.1AI score0.02152EPSS
Exploits0References7
OSV
OSV
added 6 days ago3 views

PYSEC-2026-1136 Apache Airflow Drill Provider vulnerable to improper input validation

Apache Software Foundation's Apache Airflow Drill Provider before 2.3.2 is vulnerable to improper input validation because the host passed in drill connection is not sanitized...

8.7CVSS7.1AI score0.02062EPSS
Exploits0References10
NVD
NVD
added last week9 views

CVE-2026-48316

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.01396EPSS
Exploits0References1
Cvelist
Cvelist
added last week38 views

CVE-2026-48316 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.01396EPSS
Exploits0References1
CVE
CVE
added last week176 views

CVE-2026-48316

CVE-2026-48316 affects Adobe ColdFusion versions 2025.9, 2023.20 and earlier and is an Improper Input Validation vulnerability that could enable arbitrary code execution in the current user context without user interaction. Remediation: update to ColdFusion 2023 Update 21 or ColdFusion 2025 Updat...

10CVSS7.9AI score0.01396EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder