CVE-2026-4646

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

Vulnerabilities are handled in GitLab through GitLab Inc.

GitLab Inc. has addressed several vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE in various versions, particularly in releases from version 8.3 to 18.11.3. These vulnerabilities concern various components and functions within GitLab, including Jira integration, container...

CVE-2026-20114

Cisco IOS XE Lobby Ambassador web-based management API has a vulnerability where an authenticated Lobby Ambassador can bypass validation to create a new user with privilege level 1 access, enabling access to management APIs. Root cause: insufficient validation of API parameters. Impact: privilege...

CVE-2025-59785

CVE-2025-59785 involves improper validation of an API end-point in 2N Access Commander v3.4.2 and earlier. The vulnerability allows an attacker who has administrator privileges to bypass the password policy used for encrypting backup files. The issue is tied to insufficient input validation on th...

EUVD-2024-42137

Malicious code in bioql PyPI...

CVE-2025-52547

E3 Site Supervisor Control firmware version 2.31F01 MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application services...

PT-2025-35556

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: E3 Site Supervisor Control firmware version prior to 2.31F01 MGW contains an API call lacking input validation. An attacker can use this command to continuously crash the...

PT-2023-20645 · Unknown · Imageconverter Service

Name of the Vulnerable Software and Affected Versions: imageconverter service affected versions not specified Description: The issue allows requests to cache an image and return its metadata to be abused, including SQL queries that would be executed unchecked. Exploiting this requires at least...

CVE-2022-28811

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands...

Input validation

HCL Domino is susceptible to a Denial of Service DoS vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server...

CVE-2020-27126

A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface API within Cisco Webex Meetings. An attacker...

Microsoft SharePoint Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm...

CVE-2014-8036

The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254...

Authentication flaw

The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254...

CVE-2014-8036

CVE-2014-8036 affects the outlookpa component in Cisco WebEx Meetings Server, where improper sanitization/validation of API input enables an unauthenticated, remote attacker to modify the invite list of scheduled meetings via crafted URL requests. The vulnerability stems from insufficient input v...

CVE-2014-8036

The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254...