CVE-2026-5174

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0...

EUVD-2026-26390

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0...

CVE-2026-5174

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0...

CVE-2026-5174 Improper Access Control Vulnerability in Progress MOVEit Automation

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0...

CVE-2026-5174

CVE-2026-5174 describes an improper input validation vulnerability in Progress Software MOVEit Automation that allows privilege escalation. Affected: MOVEit Automation versions 2025.1.0 before 2025.1.5, 2025.0.0 before 2025.0.9, 2024.0.0 before 2024.1.8, and versions prior to 2024.0.0. Root cause...

CVE-2026-5174 Improper Access Control Vulnerability in Progress MOVEit Automation

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0...

CVE-2026-6644

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied...

Apache Tomcat: Apache Tomcat: Improper Input Validation vulnerability due to incomplete fix

A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application...

Apache Tomcat: Apache Tomcat: Improper Input Validation vulnerability due to incomplete fix

A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.2 release and security update

Red Hat JBoss Web Server 6.2.2 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CV...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

SUSE CVE-2026-7345

Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Progress Software MOVEit 输入验证错误漏洞

Progress Software MOVEit is a secure file transfer software developed by Progress Software Corporation in the United States. Progress Software MOVEit has a vulnerability related to input validation. This vulnerability arises due to improper input validation, which may lead to privilege escalation...

Open5GS 输入验证错误漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Version 2.7.3 of Open5GS contains a vulnerability related to input validation errors. This vulnerability stems from specially crafted PDU session modification requests,...

Ricoh Web Image Monitor 输入验证错误漏洞

Ricoh Web Image Monitor is a network management interface for multifunctional printing devices from the Japanese company Ricoh. It provides remote monitoring and configuration capabilities. Ricoh Web Image Monitor has a vulnerability related to input validation, which stems from open redirection...

PT-2026-36124

Name of the Vulnerable Software and Affected Versions MOVEit Automation versions 2025.1.0 through 2025.1.4 MOVEit Automation versions 2025.0.0 through 2025.0.8 MOVEit Automation versions 2024.0.0 through 2024.1.7 MOVEit Automation versions prior to 2024.0.0 Description Improper input validation i...

ROS-20260430-73-0003

Vulnerability in valkey related to insufficient input validation. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service...

Little CMS 输入验证错误漏洞

Little CMS lcms or liblcms is an open-source color management system developed by Marti Maria. This system offers features such as black-point compensation, processing of various pixel formats, and configuration file editing. Versions 2.16 to 2.18 of Little CMS, as well as earlier versions, had a...

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1617)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1617 advisory. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, a...

Important: python3.11

Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...