29 matches found
CVE-2026-50090
The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...
CVE-2026-50090 Aqara OAuth redirect_uri validation bypass
The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...
CVE-2026-50090
Technical details about CVE-2026-50090 are not publicly available in the provided documents. Monitor for updates from official advisories to learn affected components, impact, and fixes.
CVE-2026-50090 Aqara OAuth redirect_uri validation bypass
The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...
EUVD-2026-36480
The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...
PT-2026-48914
Name of the Vulnerable Software and Affected Versions Aqara Cloud affected versions not specified Description The OAuth Authorization Endpoint "open-cn.aqara.com/oauth/authorize" is subject to a redirect bypass caused by improper validation of unsafe equivalence in input. This flaw allows for...
CVE-2026-33260 Insufficient input validation of internal webserver
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-0489
SAP Business One Job Service is affected by a DOM-based XSS vulnerability (CVE-2026-0489) due to insufficient validation of a user-controlled input in a URL query parameter. The issue could allow an unauthenticated attacker, via user interaction, to inject crafted input that executes in the victi...
BIT-GITLAB-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...
CVE-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...
CVE-2026-1094
Summary (CVE-2026-1094): GitLab CE/EE versions 18.8 prior to 18.8.4 were patched to address an issue where an authenticated developer could hide specially crafted file changes from the WebUI. The remediation is included in GitLab 18.8.4 (and later). The CVSSv3.1 base score is 4.6 (MEDIUM) with at...
GHSA-G2PG-6438-JWPF devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse
Summary Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the ArrayBuffer...
CVE-2025-63604
CVE-2025-63604 affects baryhuang/mcp-server-aws-resources-python 0.1.0. A code-injection flaw stems from insufficient input validation in the execute_query method, exposing dangerous built-ins (import , getattr, hasattr) in the execution namespace and using exec() to run user-supplied code. Attac...
CVE-2025-54123 Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. The vulnerability exists i...
Code-Projects Human Resource Integrated System 安全漏洞
Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /logquery.php. An attacker can exploit...
CVE-2024-12829
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within...
Improper Validation of Unsafe Equivalence in Input
Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the srcset attribute, which allows bypassing the imgSrcSanitizationTrustedUrlList allowlist. An attacke...
SUSE CVE-2024-7004
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. Chromium security severity: Low...
Redis 安全漏洞
Redis Labs Redis is Redis Labs, Inc. is a set of open source written in ANSI C, network-enabled, memory-based can also be persistent log-type, key-value Key-Value storage database, and provides a variety of languages API. A security vulnerability exists in Redis versions 7.0.0 through 7.0.10, 6.2...
SUSE CVE-2023-1814
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. Chromium security severity: Medium...