557 matches found
CVE-2026-37458
Missing input validation in the MPREACHNLRI component of FRRouting FRR stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service DoS via supplying a crafted UPDATE message...
TOTOLINK A3300R pppoeMtu Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3300R pppoeMtu parameter suffers from a command injection vulnerability that stems from the firmware failing to properly validate user input for the pppoeMtu parameter in /cgi-bin/cstecgi.cgi, which can be...
TOTOLINK A3300R 命令注入漏洞
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R stunuser parameter, which originates from the failure of the stunuser parameter in the cstecgi.cgi file to properly validate user input, and can be exploite...
CVE-2026-20061 Cisco Unity Connection SQL Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...
CVE-2026-5493
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in...
CVE-2025-50648
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint...
CVE-2025-57834
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410. The absence of proper input validation leads to a...
CVE-2026-20097
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. A...
CVE-2026-23898
Joomla! Core (com_joomlaupdate) is affected by an arbitrary file deletion vulnerability due to lack of input validation in the autoupdate server mechanism. The issue is documented across multiple sources (e.g., CVE-2026-23898, JOOMLA-1031, BIT-JOOMLA-2026-23898) and is tied to Joomla core updates...
CVE-2026-23898 Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...
CVE-2026-30312
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...
IBM Storage Protect Server SQL注入漏洞
IBM Storage Protect Server is an enterprise-class data backup and recovery management system from International Business Machines IBM. A SQL injection vulnerability exists in IBM Storage Protect Server version 8.2.0. The vulnerability stems from the application's lack of validation of externally...
CVE-2026-4004
The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...
EUVD-2026-15921
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OOPSpam Team OOPSpam Anti-Spam oopspam-anti-spam allows Stored XSS.This issue affects OOPSpam Anti-Spam: from n/a through = 1.2.62...
CVE-2026-4614 itsourcecode sanitize or validate this input Parameter subjects.php sql injection
A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...
EUVD-2026-14461
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...
gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing
A flaw was found in GIMP. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the conte...
CVE-2025-10679
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More WordPress plugin (up to v2.2.12) is vulnerable due to insufficient input validation in the bulkTenReviews function, allowing user-controlled data to be passed to a variable function call ...
CVE-2026-1668
The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.An unauthenticated attacker with networ...
CVE-2026-20117
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability exists because the web-based management interfa...