GoBGP 输入验证错误漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Versions prior to GoBGP 4.3.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of internal slice index shifts when processing a 4-byte AS...

Saltcorn 输入验证错误漏洞

Saltcorn is an open-source, scalable, and code-free database application builder developed by Saltcorn developers. Vulnerabilities existed in versions prior to Saltcorn 1.4.6, 1.5.6, and 1.6.0-beta.5, due to input validation errors. These vulnerabilities stemmed from the dest parameter validation...

PT-2026-38419

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal...

PT-2026-38580

Name of the Vulnerable Software and Affected Versions Azure Managed Instance for Apache Cassandra affected versions not specified Description Improper input validation allows an authorized attacker to execute code over a network. Recommendations At the moment, there is no information about a newe...

Microsoft Azure Managed Instance for Apache Cassandra 输入验证错误漏洞

Microsoft Azure Managed Instance for Apache Cassandra is a service provided by Microsoft for Apache Cassandra on Azure. There is an input validation vulnerability in Microsoft Azure Managed Instance for Apache Cassandra; this vulnerability stems from improper input validation and could allow...

PT-2026-38424

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

DivvyDrive 输入验证错误漏洞

DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive from 4.8.2.9 to 4.8.3.2 contained a vulnerability related to input validation errors. This vulnerability resulted from URL redirection to untrusted sites, which could lead t...

OpenEXR 输入验证错误漏洞

OpenEXR is an open standard for high dynamic range image HDR file formats, open-sourced by the Academy Software Foundation. There were input validation vulnerabilities in versions 3.0.0 to 3.2.9, 3.3.0 to 3.3.11, and 3.4.0 to 3.4.11 of OpenEXR. These vulnerabilities stemmed from the...

open-notebook 安全漏洞

Open-Notebook is a privacy-oriented multi-model AI note-taking tool developed by Luis Novo. Version 1.8.1 of Open-Notebook contains a security vulnerability. This vulnerability stems from improper input validation and overly permissive default CORS configurations. It could allow remote attackers ...

CI4MS 输入验证错误漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. In versions 0.31.1.0 to 0.31.8.0 of CI4MS, there was a vulnerability related to input validation errors. This vulnerability stemmed from the deleteProcess operation not verifying whether the table name in the POST parameter...

Weblate 输入验证错误漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 had a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation of the repository URL in the component JSON during...

PT-2026-38417

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration i...

VulnCheck KEV: CVE-2026-6973

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution...

PT-2026-38372

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description Netty's DNS codec fails to enforce RFC 1035 domain name constraints during encoding and decoding, creating a bidirectional attack surface. In the encoder, t...

PT-2026-38456

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile versions prior to 12.7.0.2 Ivanti Endpoint Manager Mobile versions prior to 12.8.0.3 Ivanti Endpoint Manager Mobile versions prior to 12.9.0.1 Description A configuration control issue involving improper input...

Linux Distros Unpatched Vulnerability : CVE-2026-7967

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer...

Linux Distros Unpatched Vulnerability : CVE-2026-7964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer...

Linux Distros Unpatched Vulnerability : CVE-2026-7961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Permissions in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to leak...

Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution...

kanidmd_lib: Image upload validators run before authorization; PNG validator panics on malformed input

Summary The POST /v1/domain/image and POST /v1/oauth2/rsname/image handlers call validateimage on the uploaded body before the ACL check that restricts image upload to admins. Any bug in an image validator is therefore reachable by an unauthenticated remote client rather than being admin-gated. O...