CVE-2025-59886

The CVE-2025-59886 issue affects Eaton xComfort ECI, specifically improper input validation at a web interface endpoint. This could allow a network-adjacent attacker to execute privileged commands on the device. Multiple sources corroborate a high-severity impact (CVSS 3.1: Network access, Privil...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the parseFlowDesc function after PFCP association, when processing a PFCP Session Establishment Request containing a malformed Flow-Description. An attacker can cause the process to panic and terminate by...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Input Validation in Ceph (CVE-2024-47866)

Summary Ceph RGW is used by IBM Storage in RGW as part of storage. CVE-2024-47866 This bulletin identifies the steps to take to address the vulnerability in Ceph. Vulnerability Details CVEID:CVE-2024-47866 DESCRIPTION: Ceph is a distributed object, block, and file storage platform. In versions up...

Elastic Filebeat 安全漏洞

Elastic Filebeat is a lightweight data probe for forwarding and centralizing log data from Elastic Netherlands. A security vulnerability exists in Elastic Filebeat that stems from improper input validation and could lead to a buffer overflow and denial of service...

Improper Validation of Specified Type of Input

Overview github.com/mattermost/mattermost-plugin-calls is a package for voice calling and screen sharing functionality in Mattermost channels. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the WebSocket request handling. An attacker can cau...

Improper Input Validation

sha.js is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to influence how data is processed...

Improper Input Validation

cipher-base is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to alter processing behavior...

Honeywell PM43 Industrial Printers Improper Input Validation (CVE-2023-3710)

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Command Injection. This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 e.g. P10.19.050006...

Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect its use of the MIME4J library

Summary Due to the use of the MIME4J library, Rational Performance Tester contains vulnerabilities that could result in improper input validation. Vulnerability Details CVEID:CVE-2024-21742 DESCRIPTION: Improper input validation allows for header injection in MIME4J library when using MIME4J DOM...

Adobe ColdFusion Improper Input Validation Vulnerability

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. An improper input validation vulnerability exists in Adobe ColdFusion, whi...

Improper Input Validation

Adobe Commerce is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of user-supplied input, which allows an attacker to exploit the flaw and achieve session takeover without requiring user interaction...

Improper Input Validation

mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of email ownership verification during profile updates, which allows an attacker to register an unauthorized email address and potentially cause information disclosure by redirecting notifications...

Improper Input Validation

mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of server-side validation on note length, which allows an attacker to submit excessively long notes and corrupt the issue activity logs, thereby breaking the activity stream UI and preventing future...

Improper Input Validation

Symfony is vulnerable to improper input validation. The vulnerability is due to incorrect interpretation of PATHINFO in the Request class, which allows an attacker to bypass access control mechanisms by crafting URLs that do not start with a /...

Cross-Site Scripting (XSS)

com.liferay, com.liferay.account.admin.web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Account Role “Title” and Organization “Name” fields, which allows an attacker to inject crafted HTML or JavaScript payloads that execute when users vi...

Improper Input Validation

org.openidentityplatform.openam, openam-oauth2 is vulnerable to improper input validation. The vulnerability is due to improper validation of the claimsparametersupported feature in the oidc-claims-extension.groovy script, which allows an attacker to inject a crafted JSON claims parameter in the...

CVE-2025-36932

In the Google tracepoint IPC component, specifically in tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, a memory overwrite can occur due to improper input validation. This has the potential for local elevation of privilege without requiring additional execution privileges or...

CVE-2025-36929

In AreFencesRegistered of gxpfencemanager.cc, there is a possible information leak due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-61812

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction...

PT-2025-51120

CVE-2025-67688 - Apache HTTP Server Improper Input Validation CVE ID : CVE-2025-67688 Published : Dec. 11, 2025, 4:15 a.m. | 1 hour, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...