108 matches found
CVE-2026-6850
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload tha...
CVE-2026-22547 Gitea repository creation accepts invalid field values
Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values...
CVE-2026-22547
Gitea prior to version 1.25.5 exposes improper input validation during repository creation (fields such as template values and trust/model formats). The CVE description aligns with multiple advisories (Snyk for modules/structs, services/forms, and repository) indicating the root cause is insuffic...
CVE-2026-55700
pnpm stage download (affecting 11.3.0–11.5.3) allowed a crafted manifest to derive a local filename from package name and version, enabling the download to escape the target directory and overwrite a reachable file. The merged fix validates both fields, derives a single safe filename, and verifie...
JLSEC-2026-619 CR/LF injection in server-sent events (SSE) fields in HTTP.jl
Description The server-side SSE serializer wrote the single-line fields event, id, and retry verbatim to the text/event-stream wire with no CR/LF filtering, and split the multi-line data field only on \n, ignoring a bare \r that is also a valid SSE line terminator. The SSEEvent constructor...
CVE-2026-6415
The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...
CVE-2026-34179
In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/fingerprint for restricted TLS certificate users, allowing a remote authenticated attacker to escalate...
CVE-2026-47329 Incorrect validation of field size in Ubuntu Linux AppArmor notification responses
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses...
Astra Linux – Vulnerability in Wireshark
In Wireshark versions 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This issue was addressed in the plugin plugins/epan/wimax/msgdlmap.c by validating the length field...
CVE-2026-6415
The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...
Open-Vehicle-Monitoring-System-3 安全漏洞
Open-Vehicle-Monitoring-System-3 is an open source vehicle remote monitoring and diagnostic control system from Open Vehicles. A security vulnerability exists in Open-Vehicle-Monitoring-System-3 version 3.3.005, which stems from the length field of the GVRET binary data in canformatgvret.cpp not...
Arbitrary Code Injection
protobufjs is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper validation of the "type" field in protobuf definitions, which allows an attacker to inject and execute arbitrary code during object decoding...
PT-2026-33826
NEMU OpenXiangShan/NEMU before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector RVV decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings to be misinterpreted an...
CVE-2026-40253
A flaw was found in openCryptoki, a PKCS11 Cryptographic Token Interface Standard library. The BER/DER Basic Encoding Rules/Distinguished Encoding Rules decoding functions in the shared common library do not properly validate attacker-controlled length fields against actual buffer boundaries. Thi...
Improper Authentication And Authorization
kubevirt.io/kubevirt is vulnerable to improper authentication and authorization. The vulnerability is due to improper validation of the Common Name CN field in client TLS certificates during mTLS authentication, which allows an attacker to bypass RBAC controls by impersonating the Kubernetes API...
graphql-php is affected by a Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation
The OverlappingFieldsCanBeMerged validation rule exhibits quadratic time complexity when processing queries with many repeated fields sharing the same response name. An attacker can send a crafted query like hello hello hello ... with thousands of repeated fields, causing excessive CPU usage duri...
PT-2026-31851
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions up to and including 1.2.58 The plugin is susceptible to Improper Access Control due to insufficient field-level permission validation within the upload file remove AJAX handler. The...
LXD 安全漏洞
LXD is a Canonical open-source container-based system for managing applications on Linux systems. Versions of LXD from 4.12 to 6.7 have security vulnerabilities. These vulnerabilities stem from the lack of validation of the Type field in the doCertificateUpdate function when handling PUT/PATCH...
SUSE SLED15: libsystemd0 / libsystemd0-32bit / libudev1 / libudev1-32bit / etc (SUSE-SU-2026:1040-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1040-1 advisory. - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus...
SUSE-SU-2026:1040-1 Security update for systemd
This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. - CVE-2026-29111: local unprivileged user can trigger an assert in systemd bsc1259418. - udev: check for invalid chars in various...