Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables

Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in ONNX [CVE-2026-34445, CVE-2026-34446, CVE-2026-34447]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in ONNX due to an issue with the ExternalDataInfo class in ONNX using Python's setattr function to load metadata like file paths or data lengths directly from an ONNX model file, which fails to properly...

Azure Virtual Network Gateway Remote Code Execution Vulnerability

Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network...

Azure Stack HCI Information Disclosure Vulnerability

Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network...

CVE-2026-9157 Remote Code Execution in Gmission Web FAX

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1...

CVE-2026-9157 Remote Code Execution in Gmission Web FAX

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1...

CVE-2026-9157

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1...

CVE-2026-9157

The CVE-2026-9157 entry documents a vulnerability in Gmission Web Fax affecting Web Fax versions 3.0 before 3.1. It is caused by improper input validation and unrestricted upload of a file with a dangerous type, enabling Remote Code Inclusion. According to CVSS 3.1, the impact is High (C/H, I/H, ...

EUVD-2026-31244

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1...

PT-2026-42443

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1...

Gmission Web Fax 输入验证错误漏洞

Gmission Web Fax is a network fax management system developed by the South Korean company Gmission. In versions 3.0 to 3.1 of Gmission Web Fax, there was a vulnerability related to input validation errors. This vulnerability stemmed from improper input validation and unrestricted uploading of...

PT-2026-42659

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description An improper input validation issue exists in UniFi OS devices. A remote attacker with network access can exploit this flaw to perform command injection, which allows the execution of arbitra...

CVE-2026-2813

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulti...

CVE-2026-9124

Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-9124

Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-9124

Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-2813

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulti...

EUVD-2026-31145

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulti...

CVE-2026-20206

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco...

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...