OpenCATS - Open Redirect

OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...

kkFileView 4.0 - Server-Side Request Forgery

kkFileView 4.0 contains a server-side request forgery caused by improper validation in OnlinePreviewController.java, letting attackers induce the server to make arbitrary requests, exploit requires sending crafted requests. id: CVE-2022-42149 info: name: kkFileView 4.0 - Server-Side Request Forge...

Gradio - Open Redirect

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...

CVE-2026-9330

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...

CVE-2026-47074

Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...

CVE-2026-47074 ex_aws_sns SigningCertURL not validated in verify_message/1

Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...

CVE-2026-42744

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the rsa key exchange process when handling an extremely short premaster secret sent to a server using an RSA key backed by a PKCS11 token. An attacker can access sensitive informatio...

PT-2026-43653

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

CVE-2026-40383

An improper validation of user-supplied input leads to a local file inclusion vulnerability...

CVE-2026-35222

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

CVE-2026-35222 Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

EUVD-2026-31885

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

CVE-2026-40384 Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

CVE-2026-9521 fraillt bitsery std_smart_ptr.h loadFromSharedState improper validation of specified type of input

A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library include/bitsery/ext/stdsmartptr.h. Such manipulation leads to improper validation of specified type of input. It is possible to launch the attack remotely. The...

PT-2026-43293

Name of the Vulnerable Software and Affected Versions com tags affected versions not specified Description Improperly validated order clauses lead to a SQL injection, which occurs when an attacker can interfere with the queries that an application makes to its database. Recommendations At the...

PT-2026-43296

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper validation of the search parameter in the "com media files" API endpoint allows for path traversal, a condition where an attacker can access files and...

Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affects IBM Rational Functional Tester / DevOps Test UI

Summary There are vulnerabilities in Eclipse Jetty used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote...

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the API request handlers due to insufficient validation of user-supplied input. An attacker can cause the plugin process to crash by sending a specially crafted HTTP request to the PR...

Improper Validation of Specified Index, Position, or Offset in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input via the legacy GridFS file reader API. An attacker can cause a crash or leak process memory contents by supplying crafted documents with malformed file metadata to the...