73 matches found
EUVD-2025-210367
Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...
CVE-2025-0824 lack of validation for firmware update in Hitachi Virtual Storage
Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...
CVE-2025-0824
Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...
CVE-2025-0824
CVE-2025-0824 describes a vulnerability in the firmware update process of Hitachi Virtual Storage Platform One Block models 23, 24, 26, and 28 (pre-DKCMAIN A3-04-21-40/00, pre-ESM A3-04-21/00) where input/firmware update validation is insufficient. The underlying issue is lack of validation for f...
EUVD-2026-28318
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and...
CVE-2026-1880
An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows t...
TrueConf Client 安全漏洞
TrueConf Client is a video conferencing and collaboration software client developed by TrueConf Company in Lithuania. There is a security vulnerability in TrueConf Client, which stems from the lack of validation during the download of application update code. This vulnerability could allow...
CVE-2026-1753
The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options such as userscanregister...
CVE-2026-1753
The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options such as userscanregister...
PT-2026-24584
🚨 CVE-2026-1753 The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options such as users can register. 🎖@cveNotify...
CVE-2025-15575
The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...
EPSON WF-2750 Origin Validation Error (CVE-2018-14903)
EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot f...
CVE-2025-12006
CVE-2025-12006 affects Supermicro BMC firmware on the MBD-X12STW-F board. The vulnerability lies in the firmware validation logic, enabling an attacker to update the system firmware with a specially crafted image. Public sources (NVD/Red Hat/CIRCL) describe the same underlying issue; ARMs to expl...
CVE-2025-13320
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...
CVE-2025-55073
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...
GO-2025-3985 kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace in github.com/kcp-dev/kcp
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace in github.com/kcp-dev/kcp...
EUVD-2020-2450
Malware in sbrugna...
EUVD-2018-10943
Malware in sbrugna...
EUVD-2025-31346
Malicious code in bioql PyPI...
GHSA-Q6HV-WCJR-WP8H kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace
Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...