CVE-2026-5437 Out-of-Bounds Read in DicomStreamReader

An out-of-bounds read vulnerability exists in DicomStreamReader during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly ...

CVE-2026-5437

An out-of-bounds read vulnerability exists in DicomStreamReader during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly ...

CVE-2026-5437

CVE-2026-5437 is an out-of-bounds read in DicomStreamReader during DICOM meta-header parsing. The vulnerability stems from insufficient input validation while processing malformed metadata structures, potentially causing reads beyond the allocated metadata buffer. Documents consistently describe ...

EUVD-2026-20789

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads...

EUVD-2026-20777

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...

PT-2026-31808

An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service DoS. An attacker repeatedly...

Sonicverse 代码问题漏洞

Sonicverse is an open-source, hosted real-time radio audio streaming solution developed by Sonicverse. There are code-related vulnerabilities in Sonicverse; these vulnerabilities stem from the API client accepting user-controlled URLs with insufficient validation. This could allow authenticated...

PT-2026-31744

A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts input without carefully validating it, which allows for shell...

rrweb 安全漏洞

rrweb is an open-source web recording and playback tool developed by rrweb-io. Versions of rrweb prior to v2.0.0-alpha.18 contained security vulnerabilities, which were caused by insufficient input validation and could lead to cross-site scripting attacks...

PT-2026-31667

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, the redirect parameter upon login to LORIS was not validating the value of the redirect as being within LORIS,...

Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 输入验证错误漏洞

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, a US-based company. Juniper Networks Junos OS is a network operating system specifically designed for the company’s hardware devices. This operating system provides secure programming interfaces...

PT-2026-31800

An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service DoS. If an affected device receives a...

Rapid7 Velociraptor 安全漏洞

Rapid7 Velociraptor is a digital forensics and incident response platform provided by Rapid7, Inc. Versions of Rapid7 Velociraptor prior to 0.76.2 contained security vulnerabilities. These vulnerabilities stemmed from improper input validation in the client monitoring message processor running on...

wasmtime 输入验证错误漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions of Wastime prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the improper validation of the alignment of reallocated...

PT-2026-31626

Name of the Vulnerable Software and Affected Versions DicomStreamReader affected versions not specified Description An out-of-bounds read issue exists in DicomStreamReader when parsing DICOM meta-headers. Processing malformed metadata structures can cause the parser to read beyond the allocated...

OpenClaw Input Validation Error Vulnerability (CNVD-2026-16690)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an input validation error vulnerability that can be exploited by an attacker to cause an insecure request body to be resent in a cross-domain redirect, thereby disclosing sensitive request data or...

LORIS Neuroimaging Platform 输入验证错误漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open source developed by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the login redirection parameters not verifying...

Apache ActiveMQ 输入验证错误漏洞

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a vulnerability in input validation of Apache ActiveMQ, which stems from improper validation of the remaini...

Apache Tomcat 输入验证错误漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Versions of Apache Tomcat 11.0.18 and earlier, 10.1.52 and earlier, 9.0.115 and earlier, as well as 8.5.100 and earlier, have a...

Apache Tomcat 输入验证错误漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Versions of Apache Tomcat 11.0.19 and earlier, 10.1.52 and earlier, as well as 9.0.115 and earlier, have a vulnerability related...