340 matches found
CVE-2026-45615 mouse07410/asn1c: 1-byte Heap Out-of-Bounds Read in `INTEGER_decode_oer` via Malformed OER Payload
mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGERoer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, th...
PT-2026-44847
mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGER oer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, t...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation of untrusted inputs by UI components, which could allow a remote attacker...
CVE-2026-8788
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...
Reliance on Untrusted Inputs in a Security Decision
Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the headerUserLogin function. An attacker can gain unauthorized access to any user account, including administrators, by injecting...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions when handling field names containing control characters in schemas or JSON descriptors. An attacker can cause runtime errors and disrupt application functionality by supplying crafted...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016797)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016797 advisory. The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...
OpenClaw 数据伪造问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 had a data falsification vulnerability. This vulnerability stemmed from insufficient input validation, allowing external hook metadata to be added as trusted system events...
CVE-2026-39807
Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determinescheme/2 in lib/bandit/pipeline.ex returns the client-supplied URI scheme verbatim, ignoring the...
EEF-CVE-2026-39807 Client-supplied URI scheme trusted without transport verification in bandit
Summary Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determinescheme/2 in lib/bandit/pipeline.ex returns the client-supplied URI scheme verbatim, ignoring...
GHSA-WPQR-6V78-JR5G Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses
Summary Gemini CLI @google/gemini-cli and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive headless environment...
libgphoto2 安全漏洞
libgphoto2 is an open-source camera access and control library developed by gPhoto. Versions of libgphoto2 prior to 2.5.33 contained security vulnerabilities. These vulnerabilities stemmed from the ptpunpackEOSFocusInfoEx function, which had a buffer overflow vulnerability that could lead to a...
SQL Injection
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
CVE-2026-0390
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...
EUVD-2026-22350
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...
CVE-2026-0390
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...
UEFI Secure Boot Security Feature Bypass Vulnerability
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...
PT-2026-32716
Name of the Vulnerable Software and Affected Versions Windows Boot Loader affected versions not specified Description Reliance on untrusted inputs in a security decision allows an authorized attacker to bypass a security feature locally. Recommendations At the moment, there is no information abou...
Reliance on Untrusted Inputs in a Security Decision
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the group policy enforcement that relies on mutable displayName values. An attacker can gain unauthorized access to protected...
CVE-2025-13926 Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision
An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T...