CVE-2025-57834

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410. The absence of proper input validation leads to a...

PT-2026-30708

Name of the Vulnerable Software and Affected Versions Anthropic Claude Code CLI and Claude Agent SDK affected versions not specified Description Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection issue in authentication helper execution. Helper configuration values are...

PT-2026-30632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Lingren Media LIbrary Assistant allows Stored XSS.This issue affects Media LIbrary Assistant: from n/a through 3.34...

PT-2026-30718

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410. The absence of proper input validation leads to a...

GLPI 访问控制错误漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

WeGIA 输入验证错误漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation or restrictions on the nextPage parameter, which could lead to...

WeGIA 输入验证错误漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of URL validation or allowlist checks, which could lead...

WeGIA 输入验证错误漏洞

WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation on the /WeGIA/controle/control.php endpoint, which did not...

Directus 输入验证错误漏洞

Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Prior to Directus 11.16.1, there was a vulnerability related to input validation errors. This vulnerability stemmed from the isLoginRedirectAllowed function failing...

Qualcomm Chipsets 输入验证错误漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. Qualcomm Chipsets have a vulnerability related to input validation errors. This vulnerability arises due to memory corruption that occurs when decoding corrupted satellite data files with invalid signature offsets...

SQL Injection

baserCMS is vulnerable to SQL injection. The vulnerability is due to insufficient input validation in the blog post functionality, where malicious SQL may be executed in blog posts and attackers can inject crafted SQL statements to manipulate the database...

OS Command Injection

baserCMS is vulnerable to OS command injection. The vulnerability is due to insufficient validation in the installer, where user‑controlled input is passed to the operating system and attackers can execute arbitrary commands by accessing the uninstalled application...

GHSA-2WVG-62QM-GJ33 pyLoad: SSRF in parse_urls API endpoint via unvalidated URL parameter

Vulnerability Details CWE-918: Server-Side Request Forgery SSRF The parseurls API function in src/pyload/core/api/init.py line 556 fetches arbitrary URLs server-side via geturlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated user with ADD permission...

EUVD-2017-18961

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...

WordPress plugin WPFunnels 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

SUSE CVE-2026-34872

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

CVE-2017-20236

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...

CVE-2025-43238

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination...

curl: Internal application wrapper or script using curl

While -guid is not a standard or documented curl command, a Command Injection or Argument Injection vulnerability within a specific application that wraps curl. Security Analysis: curl -guid -url example.com 1. Status of the "-guid" FlagUndocumented/Non-existent: The official curl binary does not...

Kedro: Path Traversal in versioned dataset loading via unsanitized version string

Impact The getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned...