Lucene search
K

6778 matches found

NVD
NVD
added 1 hour ago4 views

CVE-2026-13706

Improper input validation vulnerability in Wikimedia Foundation UrlShortener. This vulnerability is associated with program files includes/UrlShortenerUtils.Php...

Exploits0References1
NVD
NVD
added 13 hours ago5 views

CVE-2026-20460

In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...

5.3CVSS
Exploits0References1
CVE
CVE
added 14 hours ago6 views

CVE-2026-20460

CVE-2026-20460 affects the Modem via information disclosure caused by improper input validation. The issue could enable remote information disclosure if a UE connects to a rogue base station controlled by an attacker, with no extra execution privileges and without user interaction. The available ...

5.3CVSS6AI score
Exploits0References1
EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-40872

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...

5.3CVSS6AI score
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-48315

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gainin...

9.3CVSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-48277

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday24 views

CVE-2026-48315 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gainin...

9.3CVSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-48315

Summary: CVE-2026-48315 affects ColdFusion versions 2025.9, 2023.20 and earlier. It is described as an Improper Input Validation vulnerability that could lead to arbitrary code execution in the context of the current user. An attacker could inject malicious scripts into a web page, potentially ga...

9.3CVSS6.4AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added yesterday27 views

CVE-2026-48281 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-48277

CVE-2026-48277 affects ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Improper Input Validation that could allow arbitrary code execution in the context of the current user. Exploitation does not require user interaction (network access implied by CVSS). No remediation or patch ...

10CVSS6.4AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added yesterday24 views

CVE-2026-48277 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS
Exploits0References1
RedHat Linux
RedHat Linux
added yesterday6 views

qs: qs: Denial of Service via improper input validation in array parsing

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...

6.3CVSS6.7AI score0.0041EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago5 views

Security Bulletin: Flow Validation Bypass via Empty Component Type Field

Summary A vulnerability in flow validation logic allowed attackers to bypass custom component restrictions by submitting flow nodes with empty or missing type fields. When custom components were disabled, the validator silently skipped nodes lacking a type value instead of blocking them, enabling...

9.8CVSS6.4AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 5 days ago4 views

FreeBSD : Gitlab -- Vulnerabilities (ee1e7aef-7117-11f1-873f-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ee1e7aef-7117-11f1-873f-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Cross-site...

8.7CVSS5.7AI score0.00328EPSS
Exploits0References15
CISA KEV Catalog
CISA KEV Catalog
added 6 days ago7 views

PTC Windchill and FlexPLM Improper Input Validation Vulnerability

PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network...

9.8CVSS6.3AI score0.01106EPSS
In wildExploits0
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52150

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBULibrarySlot JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...

8.8CVSS7.7AI score0.00689EPSS
Exploits0References9
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/23 12:0 a.m.8 views

Ubiquiti UniFi OS Improper Input Validation Vulnerability

Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection...

10CVSS5.9AI score0.78555EPSS
In wildExploits2
OSV
OSV
added 2026/06/22 5:39 a.m.4 views

BIT-DOTNET-SDK-2026-35433 .NET Elevation of Privilege Vulnerability

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally...

7.3CVSS5.8AI score0.00662EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 5:39 a.m.3 views

BIT-DOTNET-2026-35433 .NET Elevation of Privilege Vulnerability

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally...

7.3CVSS5.8AI score0.00662EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 2:16 p.m.12 views

CVE-2026-39998

Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

8.8CVSS0.00403EPSS
Exploits0References2
Rows per page
Query Builder