5836 matches found
CVE-2026-4153
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...
CVE-2026-5907
An insufficient data validation flaw was found in the Media component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=484665123...
CVE-2026-5907
Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. Chromium security severity: Low...
EUVD-2026-20489
CI4MS Vulnerable to .env CRLF Injection via Unvalidated host Parameter in Install Controller...
ROS-20260408-73-0032
A vulnerability in the btrfscopyroot function of the btrfs component of the Linux kernel is related to buffer copying without input data validation. Exploitation of the vulnerability allows an attacker to cause a denial of service...
GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling
A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...
PT-2026-38108
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.96 Description Insufficient data validation in DevTools allows a remote attacker to bypass navigation restrictions through the use of a crafted HTML page. Recommendations Update to version...
GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling
A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...
GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer
A flaw was found in GStreamer. This vulnerability allows a remote attacker to execute arbitrary code by exploiting an out-of-bounds write in the RealMedia Demuxer component. The issue occurs due to improper validation of user-supplied data during the processing of video packets, leading to a writ...
CVE-2021-27380
A vulnerability has been identified in Solid Edge SE2020 All versions SE2020MP13, Solid Edge SE2021 All Versions SE2021MP4. Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure...
CVE-2021-27382
A vulnerability has been identified in Solid Edge SE2020 All versions SE2020MP13, Solid Edge SE2020 All versions SE2020MP14, Solid Edge SE2021 All Versions SE2021MP4. Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based...
CVE-2021-27397
A vulnerability has been identified in Tecnomatix Plant Simulation All versions V16.0.5. The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute...
CVE-2021-27496
Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PRT files. This could lead to pointer dereferences of a value obtained from an untrusted source. An...
gimp: GIMP: Remote Code Execution via XWD file parsing vulnerability
A flaw was found in GIMP. A remote attacker can exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted XWD X Window Dump file. This issue occurs due to improper validation of user-supplied data during XWD file parsing, leading to a write past the end of...
gimp: GIMP: Remote Code Execution via XWD file parsing vulnerability
A flaw was found in GIMP. A remote attacker can exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted XWD X Window Dump file. This issue occurs due to improper validation of user-supplied data during XWD file parsing, leading to a write past the end of...
gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing
A flaw was found in GIMP. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the conte...
CVE-2026-33080
Filament (Laravel) has a stored XSS risk in the Table summarizers Range and Values. Affected versions: 4.0.0–4.8.4 and 5.0.0–5.3.4 render raw database values without escaping HTML, enabling malicious HTML/JavaScript in unvalidated data shown by those summarizers. Remediation: upgrade to 4.8.5 or ...
CVE-2026-33080 Filament: Unvalidated Range and Values summarizer values can be used for XSS
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...
Parse Server has an auth provider validation bypass on login via partial authData
Impact An authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowing the user's credentials. The attacker only needs to know the user's provider ID to gain full access to their account, including a valid sessi...
CVE-2026-31966
A flaw was found in htslib, a library for reading and writing bioinformatics file formats. Specifically, within the CRAM Compressed Reference-oriented Alignment Map decoding process, insufficient validation of feature data series could allow a remote attacker to craft malicious CRAM records. This...