EUVD-2026-25069

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

CVE-2025-64128 Zenitel TCIV-3+ OS Command Injection

An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands...

CVE-2025-20218

Cisco Secure Firewall Management Center (FMC) Software is affected by a vulnerability in its web-based management interface caused by insufficient input validation. An authenticated remote attacker with valid administrative credentials could send a crafted request to retrieve sensitive informatio...

Cisco IP Phones 8800 Series Denial of Service (CVE-2017-12328)

A vulnerability in Session Initiation Protocol SIP call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process...

Improper Input Validation (RCE)

Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service...

Wazuh API Arbitrary Code Execution Vulnerability

Wazuh is a Wazuh open source application. Used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. Arbitrary code execution exists in the Wazuh API in Wazuh versions 4.0.0 through 4.0.3, which allows an authenticated...

CVE-2021-26814

Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service...

Debian: Security Advisory (DLA-2486-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2486-1] xorg-server security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2486-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 09, 2020 https://wiki.debian.org/LTS -...

Debian: Security Advisory (DSA-4803-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4803-1 : xorg-server - security update

Jan-Niklas Sohn discovered that the XKB extension of the Xorg X server performed incomplete input validation, which could result in privilege escalation. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4803...

Cisco IOS XE Software IOx Application Hosting Privilege Escalation (cisco-sa-iosxe-iox-app-host-mcZcnsBt)

According to its self-reported version, Cisco IOS XE Software is affected by a privilege escalation vulnerability in the application-hosting subsystem due to incomplete input validation of the user payload of CLI commands and improper role-based access control when commands are issued at the...

CVE-2019-4541

IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814...

Cisco IOS XE Software, Catalyst, and NGWC GUI Privilege Escalation (cisco-sa-20170927-ngwc)

According to its self-reported version, Cisco IOS XE Software is affected by a privilege escalation vulnerability in the web-based Wireless Controller GUI for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E Wireless Switches, and Cisco New Generation Wireless...

CVE-2019-4556

IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205...

CVE-2019-1873 Cisco ASA and FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software ASA and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure...

Security Bulletin: IBM InfoSphere Change Data Capture is affected by a jackson-core open source library vulnerability (CVE-2018-0125)

Summary InfoSphere Data Replication has addressed the following vulnerability: CVE-2018-0125 Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete input validation on user-controll...

CVE-2018-1813

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017...

Input validation

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 148484...

Input validation

A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user input within an HTTP...