1567 matches found
CVE-2026-20187
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
CVE-2026-25271
Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use...
PT-2026-55995
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Memory corruption occurs when processing asynchronous input parameters. This is caused by a Time-of-Check to Time-of-Use TOCTOU race condition, where values are...
EUVD-2026-40130
Rancher has Privilege Escalation from Project Owner to Host...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the AsyncHTTPClient. An attacker can cause excessive memory...
USN-8409-1 uriparser vulnerability
It was discovered that uriparser incorrectly handled certain URI strings. An attacker could possibly use this issue to cause uriparser to crash, resulting in a denial of service...
ROS-20260609-73-0022
The vulnerability of the Telemetry component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to cause service failures...
CVE-2026-25659 Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability
Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...
CVE-2026-25659
Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...
CVE-2026-25657
Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure CWE-228 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the...
PT-2026-46935
Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...
SourceCodester Customer Review App 安全漏洞
SourceCodester Customer Review App is an open-source customer review application developed by SourceCodester. Version 1.0 of the SourceCodester Customer Review App contains a security vulnerability. This vulnerability stems from incorrect handling of parameters name and comment in the functions...
Path Traversal
.NET Core is vulnerable to Path Traversal. The vulnerability is due to improper handling of specially crafted files, which allows an attacker to write arbitrary files and directories to unintended locations on a vulnerable system...
Exploit for Improper Handling of Length Parameter Inconsistency in Linux Linux_Kernel
CVE-2026-31635...
GHSA-XMJC-63PR-2MPG Drupal core allows Object Injection
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...
Drupal core SQL注入漏洞
Drupal Core is a free, open-source content management system developed in PHP by the Drupal community. Versions of Drupal Core from 8.9.0 to 10.4.10, from 10.5.0 to 10.5.10, from 10.6.0 to 10.6.9, from 11.0.0 to 11.1.10, from 11.2.0 to 11.2.12, and from 11.3.0 to 11.3.10 have SQL injection...
EUVD-2026-30846
Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...
Apache OFBiz 安全漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by improper handling of...
PT-2026-41838
Name of the Vulnerable Software and Affected Versions Escargot version 590345cc6258317c5da850d846ce6baaf2afc2d3 Description Improper check or handling of exceptional conditions in Samsung Open Source Escargot allows for input data manipulation. Recommendations At the moment, there is no informati...
Exploit for Improper Handling of Exceptional Conditions in Apache Struts
apache-struts-cve-2017-56...