SUSE CVE-2026-32990

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116,...

basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands

Summary basic-ftp's CRLF injection protection added in commit 2ecc8e2 for GHSA-chqc-8p9q-pq6q is incomplete. Two code paths bypass the protectWhitespace control character check: 1 the login method directly concatenates user-supplied credentials into USER/PASS FTP commands without any validation,...

GHSA-3WQJ-33CG-XC48 Rembg has a Path Traversal via Custom Model Loading

Summary A path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can force the server to attempt loading any file as an ONNX...

CVE-2025-50649

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlanname parameter in the /shutset.asp endpoint...

CVE-2025-50646

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qostypeasp.asp endpoint...

CVE-2025-50648

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint...

CVE-2025-50644

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint...

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the base64 decoder. An attacker can cause the processing of incomplete data by supplying base64-encoded input with additional data after the first padding character, which is...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the email notification rendering process. An attacker can inject arbitrary HTML content, such as phishing links or tracking images, by crafting malicious task titles that are embedded in notification emails...

EUVD-2026-21391

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow server core

Summary Due to use of Undertow, DevOps Test Performance and Rational Performance Tester contain a potential improper input validation vulnerability. CVE-2025-12543 Vulnerability Details CVEID:CVE-2025-12543 DESCRIPTION: A flaw was found in the Undertow HTTP server core, which is used in WildFly,...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow web server

Summary Due to use of the Undertow web server, DevOps Test Performance and Rational Performance Tester contain a potential improper input validation vulnerability. CVE-2024-4027 Vulnerability Details CVEID:CVE-2024-4027 DESCRIPTION: A flaw was found in Undertow. Servlets using a method that calls...

Security Bulletin: DevOps Test Performance and Rational Performance Tester contains a vulnerabilty related to use of the qs library

Summary Due to use of the qs library, DevOps Test Performance and Rational Performance Tester contain a potential improper input validation vulnerabiity. CVE-2025-15284 Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP...

BIT-JOOMLA-2026-23898 Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...

CVE-2026-32990

A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application. Mitigation Mitigation for thi...

CVE-2026-5919

An insufficient validation of untrusted input flaw was found in the WebSockets component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=483423893...

CVE-2026-5915

An insufficient validation of untrusted input flaw was found in the WebML component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=494341335...

CVE-2026-5884

An insufficient validation of untrusted input flaw was found in the Media component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=484547633...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of the AES-GCM authentication tag length in the wcPKCS7DecodeAuthEnvelopedData function. An attacker can bypass authentication by truncating the authentication tag, significantly...