BIT-GITLAB-2026-1659 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted requests due to insufficient input validation...

BIT-GITLAB-2025-14870 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation...

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-34197 Description \ Improper Input Validation, Imp...

SimpleSAMLphp-casserver 输入验证错误漏洞

SimpleSAMLphp-casserver is an open-source CAS protocol-compatible single-signpoint login server module developed by SimpleSAMLphp. Versions prior to 6.3.1 and 7.0.0 of SimpleSAMLphp-casserver contained a vulnerability related to input validation errors. This vulnerability occurred because the...

FacturaScripts 输入验证错误漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2026 contained a vulnerability related to input validation errors. This vulnerability stemmed from the Plugins::add function not properly verifying the file paths in...

NetBSD 输入验证错误漏洞

NetBSD is an open-source Unix-like operating system developed by the NetBSD Foundation. Prior to version ec8451, there was a vulnerability related to input validation. This vulnerability stemmed from the fact that the local variable iovlen was declared as a signed integer in the cryptodevop...

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

Apple Private Cloud Compute Server Software 输入验证错误漏洞

Apple Private Cloud Compute Server Software is a privacy-protective cloud-based AI computing platform software developed by Apple Inc. Versions prior to Apple Private Cloud Compute Server Software Release 5E290.3 contained a vulnerability related to input validation errors. This vulnerability...

CVE-2026-29963

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

OPENSUSE-SU-2026:20809-1 Security update for trivy

This update for trivy fixes the following issues - CVE-2025-64702: github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS bsc1255366. - CVE-2025-69725: github.com/go-chi/chi/v5: incorrect input validation in the RedirectSlashes function can lead to an open redirect bsc1258513...

CVE-2026-46720 Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

oinone-pamirs 输入验证错误漏洞

Oinone-Pamirs is an AI-driven low-code development framework developed by Oinone. Versions of Oinone-Pamirs 7.2.0 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from a deserialization issue in the JsonUtils.parseMap function within the...

Beetl 输入验证错误漏洞

Beetl is a high-speed template engine developed by xiandafu’s individual developers. Versions of Beetl 3.20.2 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of special elements within expression language statements in th...

Fedora 44 : chromium (2026-885a3f8c70)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-885a3f8c70 advisory. Update to 148.0.7778.167 CVE-2026-8509: Heap buffer overflow in WebML CVE-2026-8510: Integer overflow in Skia CVE-2026-8511: Use after free in UI...

CVE-2026-46719 Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections

Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

CVE-2025-48519

An improper input validation vulnerability within the AMD Platform Management Framework PMF driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation...

Improper Input Validation

mppx is vulnerable to improper input validation. The vulnerability is due to improper validation in the cooperative close handler, where the close voucher amount was checked using “” instead of “=” against the on-chain settled amount, which allows an attacker to submit a close voucher equal to th...

SUSE CVE-2026-8527

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-8528

Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. Chromium security severity: High...

Chromium: CVE-2026-8579 Insufficient validation of untrusted input in Skia

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...