239 matches found
CVE-2026-8172
The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors vi...
CVE-2026-8172 Simple Basic Contact Form <= 20250114 - Reflected XSS
The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors vi...
EUVD-2026-38418
The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors vi...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
EUVD-2025-210008
In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation errors. This vulnerability stemmed from insufficient input validation in the WebView component, which could allow remote attackers to exploit th...
PT-2026-45045
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.78 Parse Server versions prior to 9.9.1-alpha.2 Description The GraphQL endpoint discloses schema metadata to unauthenticated callers via "Did you mean ...?" suggestions within GraphQL validation-error...
synapse 输入验证错误漏洞
Synapse is an open-source matrix main server developed by Element. Versions prior to 1.152.1 of Synapse contained a vulnerability related to input validation errors. This vulnerability allowed malicious servers to manipulate room events, thereby preventing the complete history from being provided...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect implementation of the isguestmode function in KVM x86’s slow refresh supercall...
CVE-2026-48135
A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation...
Snipe-IT 输入验证错误漏洞
Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the unauthorized storage of HTTP Referer headers in session variables,...
Gmission Web Fax 输入验证错误漏洞
Gmission Web Fax is a network fax management system developed by the South Korean company Gmission. In versions 3.0 to 3.1 of Gmission Web Fax, there was a vulnerability related to input validation errors. This vulnerability stemmed from improper input validation and unrestricted uploading of...
PT-2026-42400
Notice FreeBSD-EN-26:13.freebsd-update Advisories FreeBSD-SA-26:18.setcred Stack buffer overflow via setcred2 CVE Record: CVE-2026-45250 FreeBSD-SA-26:19.file Kernel use-after-free via file descriptor syscalls CVE Record: CVE-2026-45251 FreeBSD-SA-26:20.fusefs Heap overflow in FUSE LISTXATTR CVE...
Apache Thrift 路径遍历漏洞
Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a path traversal vulnerability. This vulnerability was caused by source validation errors, path traversal, improper handling of...
ONE 输入验证错误漏洞
ONE is a high-performance edge-side neural network inference framework developed by Samsung. Versions of ONE prior to 1.30.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from a lack of operator boundary validation, which could lead to out-of-bounds code...
CVE-2026-5512
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...
PT-2026-32052
Name of the Vulnerable Software and Affected Versions Palo Alto Networks Autonomous Digital Experience Manager on Windows affected versions not specified Description A certificate validation issue exists in Palo Alto Networks Autonomous Digital Experience Manager on Windows. An unauthenticated...
Backstage 输入验证错误漏洞
Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 0.27.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from an experimental OIDC provisioning...
MedDream PACS Premium 安全漏洞
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. A cross-site scripting vulnerability exists in MedDream PACS Premium and is caused by improper validation of user-supplied input by the Modify Anonymization feature. An attacker could exploit the...
ROS-20251201-01
A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is related to insufficient protection of service data. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information Vulnerability of Core component of...