Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation by the Popup Blocker, which could allow a remote attacker with access to th...

PT-2026-38123

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in Cookies allows a remote attacker to perform privilege escalation through the use of a crafted HTML page. Recommendations Update to version...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient input validation in ChromeDriver, which could allow remote attackers to execute arbitrary code through a...

PT-2026-38140

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in the Network component allows a remote attacker who has compromised the renderer process to perform UI spoofing using a crafted HTML page...

ROS-20260505-73-0007

Vulnerability in python3.11 related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the handling of raw string arguments in commands such as uidsearch, search, uidfetch, fetch, uidstore, store, and setquota. A user can execute arbitrary IMAP commands by injecting specially crafted input containing CR...

net-imap vulnerable to command Injection via unvalidated Symbol inputs

Summary Symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. Details Symbol arguments represent IMAP "system flags", which are formatted as "atoms" with no quoting with a "" prefix. Vulnerable versions of Net::IMAP...

Improper Input Validation

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Improper Input Validation via the deleteProcess function. An attacker can cause arbitrary database tables to be dropped by supplying crafted POST requests with malicious...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the metadata field processing. An attacker can rename, move, or change permissions of files within the container by submitting specially crafted tag names such as System:FileName, System:Directory, or...

CVE-2026-41926 WDR201A WiFi Extender OS Command Injection via firewall.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

CVE-2026-41926

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

CVE-2026-41926 WDR201A WiFi Extender OS Command Injection via firewall.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

Apache Polaris has an Improper Input Validation issue

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...

Apache Polaris has an Improper Input Validation Issue

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

Apache Polaris has an Improper Input Validation issue

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

GHSA-FC3H-C6H7-R83J Apache Polaris has an Improper Input Validation issue

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

Apache Polaris has an Improper Input Validation Issue

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

GHSA-W76P-3CGP-QFCM Apache Polaris has an Improper Input Validation issue

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...

EUVD-2026-27003

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

DEBIAN-CVE-2026-37458

Missing input validation in the MPREACHNLRI component of FRRouting FRR stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service DoS via supplying a crafted UPDATE message...