CVE-2026-25602

Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-40448

Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0...

PT-2026-34255

CVE-2026-40448 Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE. Affected v… https://t.co/x8HxY9Raln...

CVE-2026-34236

CVE-2026-34236 affects the Auth0-PHP SDK. In versions 8.0.0 through 8.18.0, cookies are encrypted with insufficient entropy, which may allow threat actors to brute-force the encryption key and forge session cookies. Multiple trusted sources (NVD, Red Hat, CIRCL, OSV, PT Security, CNNVD) consisten...

CVE-2026-3939

Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. Chromium security severity: Low...

CVE-2026-1643

The CVE-2026-1643 entry concerns the MP-Ukagaka WordPress plugin with Reflected Cross-Site Scripting vulnerabilities in all versions up to 1.5.2, caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary scripts into pages that are ex...

ROS-20260203-73-0008

A vulnerability in the vxlanvnifilter.c component of the Linux operating system kernel is related to insufficient blocking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Arbitrary Code Execution

Orval is vulnerable to Arbitrary Code Execution. The vulnerability is due to incomplete sanitization of untrusted input during code generation, where insufficient escaping in jsStringEscape allows attackers to inject executable JavaScript using only non-alphanumeric characters via JSFuck...

CVE-2026-0905

CVE-2026-0905: Insufficient policy enforcement in the Network component of Google Chrome/Chromium before 144.0.7559.59 could let an attacker with access to a network log file potentially obtain sensitive information. Affected software includes Chrome/Chromium builds; CVSS 3.1 metrics indicate Net...

CVE-2020-10211

A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive...

CVE-2020-12498

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

PT-2025-52537

Name of the Vulnerable Software and Affected Versions WP Hallo Welt plugin versions prior to 1.5 Description The WP Hallo Welt plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the hallo welt seite function. This allows...

Apple macOS Tahoe Insufficient Privilege Restriction Vulnerability

Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a permission restriction insufficiency vulnerability that stems from a flaw in the system'...

Apple macOS Tahoe Logic Insufficient Limits Vulnerability

Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a Logical Restriction Insufficiency vulnerability that can be exploited by an attacker to...

Reflected Cross-Site Scripting (XSS)

NiceGUI is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper sanitization or encoding in the ui.addcss, ui.addscss, and ui.addsass functions, which allows an attacker to inject closing tags and execute arbitrary JavaScript...

Apple macOS Tahoe 安全漏洞

Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a Symbolic Link Validation Insufficiency vulnerability that can be exploited by an attacke...

Apple macOS Tahoe 安全漏洞

Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a permission restriction insufficiency vulnerability that stems from a flaw in the system'...

Google Chrome Insufficient Policy Enforcement Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a policy enforcement insufficiency vulnerability, which stems from Devtools Policy Enforcement Insufficiency, and can be exploited by an attacker to cause a cross-origin data leak...

Apple iOS and iPadOS Improvements for Underchecked Vulnerabilities

Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and iPadOS contain an Improvement Check Insufficiency vulnerability that can be exploited by attackers to cause an application to monitor keystrokes without th...