Apache Tomcat 10.1.50 < 10.1.53 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.53. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.53security-10 advisory. - CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007519)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007519 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that doreplace handler...

SUSE SLES15: libpython3_10-1_0 / libpython3_10-1_0-32bit / python310 / etc (SUSE-SU-2026:1376-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1376-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to...

CVE-2026-41080

A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing a specially crafted XML document that leverages insufficient entropy in the hash function. This can lead to hash flooding, a type of Denial of Service DoS attack, where the system becomes unresponsive or...

Exploit for Improper Input Validation in Unrealircd

CVE-2...

Exploit for Improper Input Validation in N8N

PoC-CVE-2026-21858 n8n is an open source workflow automatio...

CLSA-2026-1776262694 Fix CVE(s): CVE-2026-0968

SECURITY UPDATE: null pointer dereference and out-of-bounds read in sftpparselongname when processing malformed SSHFXPNAME messages - debian/patches/CVE-2026-0968.patch: add null check, input validation, and end-of-string guards in sftpparselongname - CVE-2026-0968...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-34197link is external Apache ActiveMQ Improper Input Validation Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber acto...

Improper Input Validation

Lodash is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of options.imports key names and unsafe merging of inherited properties, which allows an attacker to inject malicious expressions that execute arbitrary code during template compilation...

CVE-2024-10242

The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an...

CVE-2024-4867

The CVE-2024-4867 entry describes a cross-site scripting (XSS) vulnerability in the WSO2 API Manager developer portal. User-supplied input is not properly validated or output-encoded, enabling injection of script content executed in the user’s browser. Exploitation can cause the UI to redirect to...

EUVD-2026-23174

Due to improper input validation in one of the Eaton Intelligent Power Protector IPP XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version...

CVE-2026-22615

Due to improper input validation in one of the Eaton Intelligent Power Protector IPP XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version...

CVE-2026-22615

Due to improper input validation in one of the Eaton Intelligent Power Protector IPP XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version...

CVE-2026-22615

Due to improper input validation in one of the Eaton Intelligent Power Protector IPP XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version...

CVE-2026-22615

CVE-2026-22615 affects Eaton Intelligent Power Protector (IPP) XML parsing due to improper input validation. An attacker with admin privileges and local access can inject malicious code causing arbitrary command execution. The issue is fixed in the latest Eaton IPP software version available from...

MsQuic has a Remote Elevation of Privilege Vulnerability

Summary Improper input validation in Microsoft QUIC allows an unauthorized attacker to elevate privileges over a network. Details Improper Input Validation Integer Underflow Wrap or Wraparound when decoding ACK frame. Patches - Fix underflow in ACK frame parsing - 1e6e999b Impact An attacker who...

GHSA-GVVW-8J96-8G5R MsQuic has a Remote Elevation of Privilege Vulnerability

Summary Improper input validation in Microsoft QUIC allows an unauthorized attacker to elevate privileges over a network. Details Improper Input Validation Integer Underflow Wrap or Wraparound when decoding ACK frame. Patches - Fix underflow in ACK frame parsing - 1e6e999b Impact An attacker who...

WordPress plugin CodeColorer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin OPEN-BRAIN 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...