PT-2026-32976

Name of the Vulnerable Software and Affected Versions free5GC versions 4.2.1 and earlier Description A fail-open request handling flaw exists in the UDR service. The PUT handler for the endpoint '/nudr-dr/v2/policy-data/subs-to-notify/subsId' does not terminate execution after request body...

Microsoft PowerShell 输入验证错误漏洞

Microsoft PowerShell is a Microsoft-developed cross-platform task automation solution that includes a command-line shell, scripting language, and configuration management framework. A security feature bypass vulnerability exists in Microsoft PowerShell, which can be exploited by an attacker to...

Adobe Framemaker 输入验证错误漏洞

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. An input validation error vulnerability exists in Adobe Framemaker, which can be exploited by an attacker to cause...

Microsoft Office Sharepoint Server 输入验证错误漏洞

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...

Microsoft Azure Monitor Agent 输入验证错误漏洞

Microsoft Azure Monitor Agent is a monitoring agent program from Microsoft USA. A security vulnerability exists in Microsoft Azure Monitor Agent. An attacker can exploit the vulnerability to elevate privileges...

Libexif 输入验证错误漏洞

Libexif is a function library written in C language by the Libexif organization. This product is primarily used for reading and writing EXIF metadata from graphic files. Versions of Libexif prior to 0.6.25 contained a vulnerability related to input validation errors. This vulnerability stemmed fr...

Discourse Input Validation Error Vulnerability (CNVD-2026-17260)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an input validation error vulnerability that originates when the enter operation in StaticController reads the...

OpenClaw Input Validation Error Vulnerability (CNVD-2026-16690)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an input validation error vulnerability that can be exploited by an attacker to cause an insecure request body to be resent in a cross-domain redirect, thereby disclosing sensitive request data or...

OpenClaw 输入验证错误漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an input validation error vulnerability that can be exploited by an attacker to cause an insecure request body to be resent in a cross-domain redirect, thereby disclosing sensitive request data or...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation for unreliable inputs in the ANGLE library, which could allow remote attackers to...

WeGIA 输入验证错误漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation or restrictions on the nextPage parameter, which could lead to...

WeGIA 输入验证错误漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation or restrictions on the nextPage parameter, which could lead to...

WeGIA 输入验证错误漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of URL validation or allowlist checks, which could lead...

Qualcomm Chipsets 输入验证错误漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. Qualcomm Chipsets have a vulnerability related to input validation errors. This vulnerability arises due to memory corruption that occurs when decoding corrupted satellite data files with invalid signature offsets...

Core Flight System 输入验证错误漏洞

Core Flight System cFS is a generic flight software architecture framework open source by NASA, used for flagship spacecraft, manned spacecraft, cube satellites, and Raspberry Pi devices. Versions of Core Flight System cFS 7.0.0 and earlier contained a input validation vulnerability, which was...

Belden Hirschmann HiOS 输入验证错误漏洞

Belden Hirschmann HiOS is an industrial Ethernet switch operating system developed by the American company Belden. Versions of Belden Hirschmann HiOS prior to 08.1.00 and 07.1.01 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of the...

CVE-2026-34872

A flaw was found in Mbed TLS and TF-PSA-Crypto. This vulnerability, stemming from improper input validation in the finite-field Diffie-Hellman FFDH key exchange, allows a remote attacker to force the shared secret into a small, predictable set of values. This lack of contributory behavior can...

HCL Aftermarket DPC Input Validation Error Vulnerability

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from an input validation error vulnerability that can be exploited by an attacker to inject executable code and perform cross-site scripting, SQL injection, command injectio...

Discourse 输入验证错误漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an input validation error vulnerability that originates when the enter operation in StaticController reads the...

Ory polis 输入验证错误漏洞

Ory Polis is an open-source enterprise single-sign-on and directory synchronization solution developed by Ory. Versions of Ory Polis prior to 26.2.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper trust in URL parameters with the callbackUrl...