ROS-20260408-73-0026

A vulnerability in the drivers/soc/qcom/mdtloader.c component of the Linux kernel is related to buffer copying without input data validation. Exploitation of the vulnerability allows an intruder to gain unauthorized access to protected information...

ROS-20260408-73-0030

A vulnerability in the blkstacklimits function of the block/blk-settings.c component of the Linux kernel is related to buffer copying without input data validation. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260408-73-0024

A vulnerability in the jbd2logdocheckpoint function of the fs/jbd2/checkpoint.c component of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260408-73-0016

A vulnerability in the Linux operating system kernel is related to insufficient input data validation. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260408-73-0013

A vulnerability in the addtuningcontrol function of the sound/pci/hda/patchca0132.c component of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2025-50644

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint...

OpenClaw 输入验证错误漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an input validation error vulnerability that can be exploited by an attacker to cause an insecure request body to be resent in a cross-domain redirect, thereby disclosing sensitive request data or...

D-Link DI-8003 安全漏洞

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability that stems from the s parameter in the pppoelistopt.asp endpoint failing to properly validate the length size of the input data, which can be exploited by an attack...

PT-2026-31408

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX53 v1.0 versions prior to 1.7.1 Build 20260213 Description An OS command injection issue in the OpenVPN module allows an authenticated adjacent attacker to execute system commands. This occurs during the processing of a...

CVE-2025-50646

The CVE-2025-50646 entry applies to the D-Link DI-8003 router (firmware 16.07.26A1). A buffer overflow is triggered by insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint, causing potential denial of service. The issue is documented across multiple feeds (CNVD, R...

CVE-2025-50648

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint...

PT-2026-31470

Name of the Vulnerable Software and Affected Versions Unfurl versions through 2025.08 Description Unfurl through 2025.08 has an improper input validation issue in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to...

WordPress plugin Prime Slider – Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to th...

Juniper Junos OS Vulnerability (JSA107850)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA107850 advisory. - An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP...

Hono 输入验证错误漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.12 contained a vulnerability related to input validation errors. This vulnerability stemmed from differences in how browser Cookie parsing and the parse function were handled, which could lead to...

GitLab 18.2 < 18.8.9 / 18.9 < 18.9.5 / 18.10 < 18.10.3 (CVE-2026-1101)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial o...

PT-2026-31539

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.2 through 18.8.9, 18.9 through 18.9.5, and 18.10 through 18.10.3 Description The issue involves improper input validation in GraphQL queries, potentially allowing an authenticated user to cause a denial of service to the...

MONAI: Unsafe functions lead to pickle deserialization rce

Summary The algofrompickle function in monai/auto3dseg/utils.py causes pickle.loadsdatabytes to be executed, and it does not perform any validation on the input parameters. This ultimately leads to insecure deserialization and can result in code execution vulnerabilities. Details poc import pickl...

GHSA-89GG-P5R5-Q6R4 MONAI: Unsafe functions lead to pickle deserialization rce

Summary The algofrompickle function in monai/auto3dseg/utils.py causes pickle.loadsdatabytes to be executed, and it does not perform any validation on the input parameters. This ultimately leads to insecure deserialization and can result in code execution vulnerabilities. Details poc import pickl...

EUVD-2026-19749

NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service...