5275 matches found
ROS-20260609-73-0004
The vulnerability of the RDP client FreeRDP is related to the escape of operations beyond the buffer in memory due to incorrect validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
CVE-2026-43972
A flaw was found in gun. A malicious or compromised HTTP/2 server can exploit an Origin Validation Error vulnerability by injecting unvalidated HTTP/2 PUSHPROMISE authority. This allows the server to plant cookies scoped to arbitrary third-party domains into the client's shared cookie store. This...
CVE-2026-43972
CVE-2026-43972 (gun_http2) : In gun_http2:push_promise_frame/7, the incoming PUSH_PROMISE :authority header is stored without validating it against the connection origin. Later, gun_http2:headers_frame/9 uses this unvalidated value when calling gun_cookies:set_cookie_header/7, before status handl...
EUVD-2026-35073
Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...
PT-2026-47298
Origin Validation Error vulnerability in ninenines gun gun http2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSH PROMISE authority. In gun http2:push promise frame/7, the :authority pseudo-header from an incoming PUSH PROMISE frame is stored verbatim into the promised stre...
CVE-2025-71214
An origin validation error vulnerability in the Trend Micro Apex One mac agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...
CVE-2025-71213
An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...
CVE-2025-71251
In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
CVE-2026-6508
Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2...
EUVD-2026-34819
An out-of-bounds read flaw was found in the X.Org X server and Xwayland in glXDispChangeDrawableAttributes. A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapp...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via the cookies parameter, which is processed by connectandsendrequest in client.py. An attacker who can control a redirect on a request that passes cookies on a per-request basis can expose data from those...
CVE-2025-66593
An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...
CVE-2025-66592
An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...
CVE-2026-25276 Improper Validation of Array Index in Secure Processor
Memory corruption while using Strongbox due to missing bounds check...
Qualcomm Chipsets: Input validation error vulnerability
Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. Qualcomm Chipsets have a vulnerability related to input validation, which arises from the lack of boundary checks when using Strongbox...
Nextcloud user_oidc: Input validation error vulnerability
Nextcloud useroidc is an application developed by the German company Nextcloud. In versions 6.1.0 to 8.2.2, there was a vulnerability related to input validation errors. This vulnerability stemmed from improper redirection handling, which could allow attackers to create links that redirect users ...
CVE-2026-33463 Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access
Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticate...
CVE-2026-47332 Out-of-bounds read in Ubuntu Linux AppArmor notification handling
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in information disclosure from adjacent...
TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test management is impacted by vulnerabilities in Eclipse Paho Java client library
Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Engineering Test management Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an...