6777 matches found
CVE-2026-20460
In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...
CVE-2026-20460
CVE-2026-20460 affects the Modem via information disclosure caused by improper input validation. The issue could enable remote information disclosure if a UE connects to a rogue base station controlled by an attacker, with no extra execution privileges and without user interaction. The available ...
EUVD-2026-40872
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...
CVE-2026-48315
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gainin...
CVE-2026-48277
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48315 ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gainin...
CVE-2026-48315
Summary: CVE-2026-48315 affects ColdFusion versions 2025.9, 2023.20 and earlier. It is described as an Improper Input Validation vulnerability that could lead to arbitrary code execution in the context of the current user. An attacker could inject malicious scripts into a web page, potentially ga...
CVE-2026-48281 ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48277
CVE-2026-48277 affects ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Improper Input Validation that could allow arbitrary code execution in the context of the current user. Exploitation does not require user interaction (network access implied by CVSS). No remediation or patch ...
CVE-2026-48277 ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
qs: qs: Denial of Service via improper input validation in array parsing
A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...
Security Bulletin: Flow Validation Bypass via Empty Component Type Field
Summary A vulnerability in flow validation logic allowed attackers to bypass custom component restrictions by submitting flow nodes with empty or missing type fields. When custom components were disabled, the validator silently skipped nodes lacking a type value instead of blocking them, enabling...
FreeBSD : Gitlab -- Vulnerabilities (ee1e7aef-7117-11f1-873f-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ee1e7aef-7117-11f1-873f-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Cross-site...
PTC Windchill and FlexPLM Improper Input Validation Vulnerability
PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network...
PT-2026-52150
Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBULibrarySlot JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...
Ubiquiti UniFi OS Improper Input Validation Vulnerability
Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection...
BIT-DOTNET-SDK-2026-35433 .NET Elevation of Privilege Vulnerability
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally...
BIT-DOTNET-2026-35433 .NET Elevation of Privilege Vulnerability
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally...
CVE-2026-39998
Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...
CVE-2026-39998
Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...