CVE-2026-22559

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server Version 10.1.85 and earlier Mitigation: Update UniFi Network Server to...

CVE-2026-4755

CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...

PT-2026-27348

CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...

PT-2026-27489

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server Version 10.1.85 and earlier Mitigation: Update UniFi Network Server to...

Android ImageMagick 安全漏洞

Android ImageMagick is an image processing library developed by Cherry’s individual developer for the Android platform. Versions of Android ImageMagick prior to 7.1.2-11 contained security vulnerabilities, which were caused by improper input validation...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38466)

In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAPSYSADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the requested offset, but d...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38071)

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Check return value from memblockphysallocrange At least with CONFIGPHYSICALSTART=0x100000, if there is 4 MiB of contiguous free memory available at this point, the kernel will crash and burn because memblockphysallocrange...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38063)

In the Linux kernel, the following vulnerability has been resolved: dm: fix unconditional IO throttle caused by REQPREFLUSH When a bio with REQPREFLUSH is submitted to dm, sendemptyflush generates a flushbio with REQOPWRITE | REQPREFLUSH | REQSYNC, which causes the flushbio to be throttled by...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38451)

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmapgetstats The commit message of commit 6ec1f0239485 md/md-bitmap: fix stats collection for external bitmaps states: Remove the external bitmap check as the statistics should be available regardless o...

Siemens SIMATIC S7-1500 Improper Input Validation(CVE-2025-38457)

In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort tcmodifyqdisc if parent class does not exist Lion's patch 1 revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, during...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38280)

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid bpfprogret0warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38430)

In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4spomustallow must check this is a v4 compound request If the request being processed is not a v4 compound request, then examining the cstate can have undefined results. This patch adds a check that the rpc procedure...

EUVD-2026-14187

The Appmax plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 1.0.3. This is due to the plugin registering a public REST API webhook endpoint at /webhook-system without implementing webhook signature validation, secret verification, or any...

CLSA-2026-1773941493 Fix CVE(s): CVE-2025-66614

SECURITY UPDATE: Improper Input Validation vulnerability - debian/patches/CVE-2025-66614.patch: Add protocol host name and SNI host name matching with strictSNI attribute on the Connector. Covers NIO, NIO2, and APR connectors. - CVE-2025-66614...

Improper Input Validation

code.gitea.io/gitea is vulnerable to improper input validation. The vulnerability is due to insufficient validation of attachment file names in the attachment API, which allows an attacker to bypass file extension restrictions by modifying the attachment name...

Exploit for Improper Input Validation in Adobe Commerce

SessionReaper-CVE-2025-54...

PT-2026-26184

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 1.4.2 Description This issue is an Improper Input Validation leading to Denial of Service in free5GC NRF. All deployments of free5GC using the NRF discovery service are affected. The EncodeGroupId function attempts to...

PT-2026-26207

Name of the Vulnerable Software and Affected Versions: gRPC-Go versions prior to 1.79.3 Description: gRPC-Go is vulnerable to an authorization bypass due to improper input validation of the HTTP/2 :path pseudo-header. The server incorrectly routes requests with missing leading slashes in the :pat...

CVE-2026-3563

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the DataRow.Decode function. An attacker can cause a panic and potentially disrupt application availability by sending a DataRow message with a negative field length from a malicious or compromised PostgreS...