CVE-2026-33260 Insufficient input validation of internal webserver

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

CVE-2026-0489

SAP Business One Job Service is affected by a DOM-based XSS vulnerability (CVE-2026-0489) due to insufficient validation of a user-controlled input in a URL query parameter. The issue could allow an unauthenticated attacker, via user interaction, to inject crafted input that executes in the victi...

BIT-GITLAB-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

CVE-2026-1094

Summary (CVE-2026-1094): GitLab CE/EE versions 18.8 prior to 18.8.4 were patched to address an issue where an authenticated developer could hide specially crafted file changes from the WebUI. The remediation is included in GitLab 18.8.4 (and later). The CVSSv3.1 base score is 4.6 (MEDIUM) with at...

CVE-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

GHSA-G2PG-6438-JWPF devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse

Summary Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the ArrayBuffer...

CVE-2025-63604

CVE-2025-63604 affects baryhuang/mcp-server-aws-resources-python 0.1.0. A code-injection flaw stems from insufficient input validation in the execute_query method, exposing dangerous built-ins (import , getattr, hasattr) in the execution namespace and using exec() to run user-supplied code. Attac...

CVE-2025-54123 Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. The vulnerability exists i...

Code-Projects Human Resource Integrated System 安全漏洞

Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /logquery.php. An attacker can exploit...

CVE-2024-12829

Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within...

Improper Validation of Unsafe Equivalence in Input

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the srcset attribute, which allows bypassing the imgSrcSanitizationTrustedUrlList allowlist. An attacke...

SUSE CVE-2024-7004

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. Chromium security severity: Low...

Redis 安全漏洞

Redis Labs Redis is Redis Labs, Inc. is a set of open source written in ANSI C, network-enabled, memory-based can also be persistent log-type, key-value Key-Value storage database, and provides a variety of languages API. A security vulnerability exists in Redis versions 7.0.0 through 7.0.10, 6.2...

SUSE CVE-2023-1814

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. Chromium security severity: Medium...

TP-LINK TL-WR841N 操作系统命令注入漏洞

The TP-LINK TL-WR841N is a wireless router from China P&L TP-LINK. The TP-LINK TL-WR841N suffers from an operating system command injection vulnerability that originates from failure to properly validate a user-supplied string before executing a system call with it...

DEBIAN-CVE-2022-3316

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. Chromium security severity: Low...

CVE-2022-3316

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. Chromium security severity: Low...

Fast Food Ordering System SQL注入漏洞

Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to SQL injection, which originates from /ffos/classes/Master.php?f=deletemenu The page lacks validation for external input SQL statements, which...

Zoom 多款产品输入验证错误漏洞

ZOOM Zoom Call Recording is a scalable session recording management solution.ZOOM on-premise Meeting Connector is a meeting connector.Zoom On- Premise Meeting Connector Controller and others are products of Zoom USA.Zoom On-Premise Meeting Connector Controller is an on-premise meeting connector. ...

Neekey node-ps injection vulnerability

Neekey node-ps is a lookup tool from the US-based individual developer Neekey. It is provided to find running processes. An injection vulnerability exists in Neekey node-ps, which stems from a lack of proper validation of user input data in lib/index.js, which is not filtered or does not correctl...