CVE-2026-27304 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...

CVE-2026-27304 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...

CVE-2026-27306 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user interaction in that a victim...

CVE-2026-27306

CVE-2026-27306 affects ColdFusion versions 2023.18, 2025.6 and earlier due to improper input validation that can lead to arbitrary code execution in the context of the current user. Attacker requires elevated privileges, and exploitation requires a victim to open a malicious file. Overall risk is...

CVE-2026-27306 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user interaction in that a victim...

CVE-2026-27306

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user interaction in that a victim...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the HandlePolicyDataSubsToNotifySubsIdPut process. An attacker can cause unintended modification of existing Policy Data notification subscriptions by sending malformed, empty, or...

Improper Check for Unusual or Exceptional Conditions

Overview github.com/free5gc/udr/internal/sbi is a None Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions. in the HandlePolicyDataSubsToNotifySubsIdPut process. An attacker can cause unintended modification of existing Policy Data notification...

GHSA-WRWH-RPQ4-87HF free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication

Summary An information disclosure vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to retrieve stored subscriber identifiers SUPI/IMSI with a single HTTP GET request requiring no parameters or credentials. Details The endpoint...

CVE-2026-5437

An out-of-bounds read vulnerability exists in DicomStreamReader during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly ...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit these vulnerabilities by having multiple Azure and Microsoft components fail to validate input adequately or process untrusted data insecurely, allowing an authorized attacker to increase privileges...

CVE-2026-36233

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

EUVD-2026-22645

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network...

EUVD-2026-22559

Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

EUVD-2026-22587

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...

EUVD-2026-22534

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally...

EUVD-2026-22481

Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network...

EUVD-2026-22455

Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally...

EUVD-2026-22444

Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally...

EUVD-2026-22376

Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network...