1298 matches found
CVE-2026-3622
The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This...
CVE-2021-27401
The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access view and modify user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting XSS...
EUVD-2026-15804
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...
CVE-2026-25025
VikRestaurants (WordPress plugin)
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Versions of Apple iOS prior to 26.3 and iPadOS prior to 26.3 contained security vulnerabilities. These...
CVE-2026-4614
CVE-2026-4614 : A vulnerability in itsourcecode sanitization/validation affects the Parameter Handler’s processing of /admin/subjects.php, where manipulation of the subject_code argument enables SQL injection. The issue can be exploited remotely and exploit details have been publicly disclosed. C...
CVE-2026-30915
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...
CVE-2025-14513 Improper Validation of Specified Quantity in Input in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...
CVE-2025-61616
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
GHSA-6W48-2G9J-V9Q5 Apache IoTDB has an Improper Input Validation vulnerability
Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...
CVE-2025-69279
CVE-2025-69279 concerns a vulnerability in the nr modem where improper input validation can cause a system crash, enabling remote denial of service without requiring privileges. Multiple sources (NVD, Red Hat, EUVD, CVE list, etc.) describe the issue consistently, identifying the affected compone...
CVE-2025-40894
CVE-2025-40894 describes a Stored HTML Injection in the Alerted Nodes Dashboard due to improper input validation. A logged-in user with required privileges can edit a node label to inject HTML, which may render in a victim’s browser if alerts exist for that node, enabling phishing and potentially...
CVE-2026-0014
In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48587
CVE-2025-48587 is linked to Google Android and involves multiple functions in ProfilingService.java where improper input validation can cause a persistent local denial of service without user interaction or extra privileges. The condition is confirmed across CVE/NVD entries and mirrored in relate...
Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (February 2026)
Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2025-69277 DESCRIPTION: libsodium before ad3004e, in atypical use cases...
CVE-2026-26934 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service
Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...
PT-2026-22139
Name of the Vulnerable Software and Affected Versions Dokuzsoft Technology Ltd. E-Commerce Product versions through 10122025 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a Reflected Cross-site Scripting XSS condition. The issue...
CVE-2025-67972
Technical details about CVE-2025-67972 are not provided in the connected documents. Public details in the set pertain to other products (e.g., Prague plugin) and do not confirm affected vendor/version/root-cause for Zoho ZeptoMail. Monitor for updates.
WordPress plugin PixelYourSite 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-20642
An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen...