Security Bulletin: Due to the use of Apache Tomcat and mchange-commons-java, IBM ApplinX is vulnerable to Improper Input Validation vulnerablities (CVE-2025-66614, CVE-2026-24733, CVE-2026-24734) and an 'Injection' vulnerability (CVE-2026-27727).

Summary Due to the use of Apache Tomcat and mchange-commons-java, IBM ApplinX is vulnerable to Improper Input Validation vulnerablities CVE-2025-66614, CVE-2026-24733, CVE-2026-24734 and an Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'...

WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page

Summary AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglink to a malicious XML file whose elements contain JavaScript. This...

CVE-2025-50644

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint...

PT-2026-31503

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description Insufficient validation of untrusted input in WebML could allow a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. The security...

OpenClaw Input Validation Error Vulnerability

OpenClaw is a command line tool for rights management. A security vulnerability exists in OpenClaw versions prior to 2026.3.11, which stems from the matchesExecAllowlistPattern function performing lowercase conversions and wildcard matching on POSIX paths when normalizing patterns, resulting in a...

CVE-2025-50649

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlanname parameter in the /shutset.asp endpoint...

CVE-2025-50646

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qostypeasp.asp endpoint...

CVE-2025-50644

The CVE-2025-50644 affects D-Link DI-8003 (firmware 16.07.26A1). A buffer overflow arises from improper validation of input to the qj.asp endpoint, allowing a network-triggered crash. Public sources (CNVD-2026-17622, RH CVE, NVD/NVD-enriched entries) describe it as a denial-of-service vulnerabili...

CVE-2025-50648

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint...

PT-2026-31374

CVE-2025-50648 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint. https://t.co/iw17wuhq2W...

Juniper Junos OS Vulnerability (JSA107850)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA107850 advisory. - An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP...

CVE-2025-50648

The CVE-2025-50648 entry concerns the D-Link DI-8003 wireless router running version 16.07.26A1. A buffer overflow is triggered by inadequate input validation in the /tggl.asp endpoint, as noted across multiple sources (NVD, Red Hat, CNVD, EUVD, CVE list). The vulnerability is exploitable remotel...

PT-2026-31370

CVE-2025-50644 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint. https://t.co/OA5jicje3M...

D-Link DI-8003 安全漏洞

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability that originates from the qj.asp endpoint failing to properly validate the length and size of input data, which can be exploited by an attacker to cause a denial of...

Unfurl 安全漏洞

Unfurl is a URL data extraction and visualization analysis tool developed by Ryan Benson. Versions of Unfurl prior to 2025.08 contained security vulnerabilities. These vulnerabilities stemmed from improper input validation in configuration parsing. By default, Flask debug mode was enabled, which...

CVE-2025-50644

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint...

OpenClaw 输入验证错误漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an input validation error vulnerability that can be exploited by an attacker to cause an insecure request body to be resent in a cross-domain redirect, thereby disclosing sensitive request data or...

D-Link DI-8003 安全漏洞

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability that stems from the s parameter in the pppoelistopt.asp endpoint failing to properly validate the length size of the input data, which can be exploited by an attack...

PT-2026-31539

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.2 through 18.8.9, 18.9 through 18.9.5, and 18.10 through 18.10.3 Description The issue involves improper input validation in GraphQL queries, potentially allowing an authenticated user to cause a denial of service to the...

PT-2026-31408

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX53 v1.0 versions prior to 1.7.1 Build 20260213 Description An OS command injection issue in the OpenVPN module allows an authenticated adjacent attacker to execute system commands. This occurs during the processing of a...