72590 matches found
CVE-2026-3828
The CVE affects some Hikvision switch products (discontinued since December 2023) and is caused by insufficient input validation enabling authenticated remote command execution. With valid credentials, an attacker can send crafted packets containing malicious commands to affected devices, resulti...
CVE-2026-42301
CVE-2026-42301 affects pyp2spec. Prior to v0.14.1, it wrote PyPI metadata (e.g., summary) into the generated Fedora RPM spec file without escaping RPM macro directives, allowing a local attacker to execute arbitrary commands during rpmbuild. The issue is patched in v0.14.1; upgrade to 0.14.1 or l...
CVE-2026-42301 Improper Input Validation leading to Improper Control of Generation of Code ('Code Injection') in pyp2spec
pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...
CVE-2026-33844
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...
PT-2026-39325
Name of the Vulnerable Software and Affected Versions Hikvision switch products affected versions not specified Description Certain Hikvision switch products, discontinued since December 2023, contain a flaw allowing authenticated remote command execution. This issue stems from insufficient input...
Hikvision多款产品 安全漏洞
Hikvision DS-3E1310P-SI, DS-3E1318P-SI, and DS-3E1326P-SI are all intelligent switch devices from Hikvision, a Chinese company. Several Hikvision products have security vulnerabilities. These vulnerabilities stem from insufficient input validation, allowing authenticated attackers to execute...
pyp2spec 输入验证错误漏洞
pyp2spec is a Python tool for generating Fedora RPM specification files from the individual developer Karolina Surma. An input validation error vulnerability exists in pyp2spec versions prior to 0.14.1, which stems from the failure to escape RPM macro commands when generating a spec file, which...
PgBouncer 输入验证错误漏洞
PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Prior to PgBouncer 1.25.2, there was a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows in the network packet parsing code, which allowe...
Pillow 输入验证错误漏洞
Pillow is an open-source image processing library developed by Pillow. In versions 10.3.0 to 12.2.0, Pillow had a vulnerability related to input validation errors. This vulnerability could lead to memory corruption when processing malicious PSD files, potentially causing crashes or arbitrary code...
CVE-2026-8013
An insufficient validation of untrusted input flaw was found in the FedCM component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497427430...
CVE-2026-8007
An insufficient validation of untrusted input flaw was found in the Cast component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496399759...
CVE-2026-8005
An insufficient validation of untrusted input flaw was found in the Cast component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496298665...
CVE-2026-8003
An insufficient validation of untrusted input flaw was found in the TabGroups component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495985532...
CVE-2026-7997
An insufficient validation of untrusted input flaw was found in the Updater component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=487960705...
CVE-2026-7968
An insufficient validation of untrusted input flaw was found in the CORS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497432281...
CVE-2026-7966
An insufficient validation of untrusted input flaw was found in the SiteIsolation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497341787...
CVE-2026-7965
An insufficient validation of untrusted input flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497255035...
CVE-2026-7964
An insufficient validation of untrusted input flaw was found in the FileSystem component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497254383...
CVE-2026-7953
An insufficient validation of untrusted input flaw was found in the Omnibox component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496379792...
CVE-2026-7947
An insufficient validation of untrusted input flaw was found in the Network component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496169594...