UBUNTU-CVE-2026-2922

GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

CVE-2026-2293 NestJS 11.1.13 - Lack of data validation allowing authentication/authorization bypass

A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13...

The vulnerability of the set_add_routing function in the internet.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setaddrouting function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the can_map_frag() function in the net/ipv4/tcp.c module of the Linux operating system’s IPv4 protocol implementation allows a attacker to cause a service failure.

The vulnerability of the canmapfrag function in the net/ipv4/tcp.c module of the Linux operating system’s IPv4 protocol implementation is related to the lack of necessary data validation checks. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

CVE-2023-42045

PDF-XChange Editor J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visi...

CVE-2023-2507

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them...

Contec SolarView Compact 跨站脚本漏洞

Contec SolarView Compact is an application from Contec Japan, Inc. Contec SolarView Compact v6.0 contains a cross-site scripting vulnerability that originates in the component SolarAiConf.php, which lacks a data validation filter for user-supplied data and output. An attacker could exploit this...

Popcorn Time 跨站脚本漏洞

Popcorn Time is a multi-platform BitTorrent client. version 0.4.7 of Popcorn Time is vulnerable to a cross-site scripting vulnerability that originates in the setting page Movies API Servers field's lack of data validation filtering for user-supplied data and output. An attacker could exploit the...

GalleryCMS 跨站脚本漏洞

GalleryCMS is a free image gallery CMS based on the CodeIgniter 2.1 framework from Aaron Benson, a US-based individual developer. GalleryCMS v2.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation in the albumname parameter in /index.php/album/add for...

Hotel-Mgmt-System 跨站脚本漏洞

Hotel-Mgmt-System is a hotel management system. A cross-site scripting vulnerability exists in Hotel-Mgmt-System version 1.0, which stems from a lack of data validation filtering of user-supplied and output data in /admin.php. An attacker could exploit this vulnerability to execute JavaScript cod...

IBM Security Verify Access 跨站脚本漏洞

IBM Security Verify Access is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT, and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls, identity...

PbootCMS 安全漏洞

PbootCMS is an open source enterprise building content management system CMS developed using the PHP language. PbootCMS has a security vulnerability, the vulnerability stems from the platform's message board function does not validate the data, an attacker can exploit the vulnerability to execute...

The vulnerabilities of the functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage in the console image editor ImageMagick components, related to the lack of data validation, allow attackers to trigger service interruptions.

The vulnerability of the functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage in the ImageMagick console graphic editor’s code components coders/dcm.c, coders/pwp.c, coders/cals.c, and coders/p Pict.c is related to the lack of data validation during function execution. Exploitin...

CVE-2021-25678

A vulnerability has been identified in Solid Edge SE2020 All versions SE2020MP13, Solid Edge SE2020 All versions SE2020MP14, Solid Edge SE2021 All Versions SE2021MP4. Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds...

The vulnerability of Google Chrome’s mechanism for processing external browser protocols lies in the lack of a mechanism for checking entered data. This allows attackers to compromise the integrity of the data.

The vulnerability of Google Chrome’s mechanism for processing external browser protocols is related to the lack of a mechanism for checking entered data. Exploiting this vulnerability allows an attacker to influence the integrity of data by creating a malicious HTML page...

The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of measures to sanitize input data, allowing a intruder to execute arbitrary code.

The vulnerability of Advantech WebAccess remote monitoring software lies in the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary code...