72474 matches found
CVE-2026-50090 Aqara OAuth redirect_uri validation bypass
The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...
CVE-2026-50090 Aqara OAuth redirect_uri validation bypass
The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...
EUVD-2026-36480
The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...
CVE-2026-50090
Technical details about CVE-2026-50090 are not publicly available in the provided documents. Monitor for updates from official advisories to learn affected components, impact, and fixes.
OESA-2026-2669 gvfs security update
Gvfs is a userspace virtual filesystem implementation for GIO a library available in GLib. It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage. Security...
BIT-GITLAB-2026-7250 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an unauthenticated user to cause denial of service due to improper input validation in the API request...
Exploit for CVE-2026-49777
CVE-2026-49777 CVE-2026-49777 - ShapedPlugin Product Slider Pr...
Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana OnPrem build 1.0.319 Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended...
CVE-2026-45169
Idira Privileged Access Manager PAM Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulti...
CVE-2026-45169 Idira Privileged Access Manager (PAM) Self-Hosted Vault: Denial of Service due to Unexpected Input Processing
Idira Privileged Access Manager PAM Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulti...
CVE-2026-47370
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances...
CVE-2026-47367
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device...
CVE-2026-47369
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances...
SUSE CVE-2025-15284
Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...
CVE-2026-47369
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances...
CVE-2026-47370
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances...
CVE-2026-47367
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device...
EUVD-2026-36379
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device...
EUVD-2026-36384
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances...
CVE-2026-47369
Technical details (affected products/versions/root cause/fixes) are not publicly available in the provided documents. Monitor for updates.