Ech0: Unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata

Summary The GET /api/website/title endpoint accepts an arbitrary URL via the websiteurl query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. The endpoint requires no authentication. An attacker can use this to reach internal network...

GHSA-MWMH-MQ4G-G6GR Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Impact On Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCU\Software\Classes, potentially hijacking existing protocol...

HTTP Response Splitting

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to HTTP Response Splitting via the protocol.handle, protocol.registerSchemesAsPrivileged, or webRequest.onHeadersReceived...

PT-2026-30260

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...

Core Flight System 输入验证错误漏洞

Core Flight System cFS is a generic flight software architecture framework open source by NASA, used for flagship spacecraft, manned spacecraft, cube satellites, and Raspberry Pi devices. Versions of Core Flight System cFS 7.0.0 and earlier contained a input validation vulnerability, which was...

OpenPrinting CUPS 输入验证错误漏洞

OpenPrinting CUPS is an open-source printing system developed by OpenPrinting Corporation, suitable for Linux® and other Unix®-based operating systems. Versions of OpenPrinting CUPS prior to 2.4.16 contained a vulnerability related to input validation. This vulnerability occurred in network-expos...

PT-2026-30003

Impact On Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCUSoftwareClasses, potentially hijacking existing protocol...

Belden Hirschmann HiOS 输入验证错误漏洞

Belden Hirschmann HiOS is an industrial Ethernet switch operating system developed by the American company Belden. Versions of Belden Hirschmann HiOS prior to 08.1.00 and 07.1.01 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of the...

JupyterHub 输入验证错误漏洞

JupyterHub is an open-source server for Jupyter that supports multi-user usage. Prior to JupyterHub 5.4.4, there was a vulnerability related to input validation errors. This vulnerability stemmed from open redirection, which could potentially redirect users to a site controlled by an attacker...

Linux Distros Unpatched Vulnerability : CVE-2026-34872

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input...

ROS-20260403-73-0036

A vulnerability in the fs/ext4/inline.c component of the Linux operating system kernel is related to insufficient input data validation. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260403-73-0033

A vulnerability in the jfs/file.c component of the Linux operating system kernel is related to insufficient input data validation. Exploitation of the vulnerability allows an intruder to affect confidentiality, integrity and availability of protected information...

ROS-20260403-73-0020

A vulnerability in the nftablesupdchain function of the net/netfilter/nftablesapi.c component of the Linux kernel is related to insufficient input data validation. Exploitation of the vulnerability allows an attacker to cause a denial of service...

CVE-2026-34747

Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. This issue has been patche...

CVE-2026-1345

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lowe...

EUVD-2025-209196

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination...

Improper Input Validation

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Input Validation due to inconsistent downmixing behavior in the tomono process. An attacker can manipulate audio inputs to cause the AI mod...

CVE-2025-43238

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination...

CVE-2026-34122

A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable configuration parameter,...

CVE-2025-43238

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination...