CVE-2026-34753 vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `

vLLM is an inference and serving engine for large language models LLMs. From 0.16.0 to before 0.19.0, a server-side request forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from t...

CVE-2026-35053

OneUptime prior to v10.0.42 exposes unauthenticated access in the Worker service ManualAPI endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId, allowing an attacker who can obtain or guess a workflowId to trigger arbitrary workflow execution with attacker-cont...

CVE-2026-27880

CVE-2026-27880 affects Grafana deployments via the OpenFeature feature toggle evaluation endpoint, which reads unbounded input into memory and can cause out-of-memory crashes. Public details in the connected Nessus entry specify affected Grafana versions: 12.1.x before 12.1.10, 12.2.x before 12.2...

CVE-2026-27880 OpenFeature evaluation API reads input data with no bounds

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...

CVE-2026-24372

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...

EUVD-2026-15568

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...

CVE-2026-24372

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...

CVE-2026-24372

CVE-2026-24372 affects the WordPress plugin Subscriptions for WooCommerce up to version 1.8.10, where an Authentication Bypass by Spoofing plus Input Data Manipulation vulnerability exists. The issue is confirmed across multiple sources (NVD/Red Hat/CVEs lists) with CVSS v3.1 base score 7.5 (HIGH...

CVE-2026-24372 WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...

PT-2026-27854

Name of the Vulnerable Software and Affected Versions Subscriptions for WooCommerce versions through 1.8.10 Description An authentication bypass by spoofing issue exists in WP Swings Subscriptions for WooCommerce. This allows for input data manipulation. The issue impacts the Subscriptions for...

ROS-20260323-73-0030

A vulnerability in the smb2setea function of the fs/smb/server/smb2pdu.c module of the Linux kernel SMB server support is related to buffer copying without checking the size of the input data classic buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of...

Packetbeat does not properly validate an array index in multiple protocol parser components

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

GHSA-27QJ-9GVP-8RH9 Packetbeat does not properly validate an array index in multiple protocol parser components

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

DEBIAN-CVE-2026-31885

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. This vulnerability is fixed in 3.24.0...

CVE-2026-31885

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. This vulnerability is fixed in 3.24.0...

CVE-2026-23237 platform/x86: classmate-laptop: Add missing NULL pointer checks

In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop: Add missing NULL pointer checks In a few places in the Classmate laptop driver, code using the accel object may run before that object's address is stored in the driver data of the input device usi...

BIT-KIBANA-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

BIT-ELK-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

BIT-ELK-2026-26934 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service

Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14290)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability , the vulnerability stems from the iptools.cgi endpoint IP parameters of the user-supplied data lack of effective filtering and escaping , an...