CVE-2026-30523

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan in months. However, the backend fails to validate that the duration...

Hoppscotch 输入验证错误漏洞

Hoppscotch is an open-source API development ecosystem created by Hoppscotch. Versions of Hoppscotch prior to 2026.3.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from an open redirection flaw, which could lead to token leaks and account takeovers...

Hoppscotch 输入验证错误漏洞

Hoppscotch is an open-source API development ecosystem created by Hoppscotch. Versions of Hoppscotch prior to 2026.3.0 contained a vulnerability related to input validation errors. This vulnerability occurred because the redirect query parameter on the /enter page was used directly in the URL...

TP-Link Tapo C520WS 安全漏洞

The TP-Link Tapo C520WS is a WiFi camera produced by the TP-Link company. The TP-Link Tapo C520WS v2.6 version has a security vulnerability. This vulnerability stems from insufficient input validation in the configuration processing component, which may lead to a stack buffer overflow, potentiall...

vLLM 输入验证错误漏洞

vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM prior to 0.5.5 and 0.18.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from inconsistencies in the audio mono downmi...

PT-2026-29744

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.10.2 Description The OpenSTAManager software contains a flaw in the Aggiornamenti Updates module. This module includes a database conflict resolution feature that accepts a JSON array of SQL statements via PO...

EUVD-2026-18025

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lowe...

EUVD-2026-18021

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

CVE-2026-34559

CI4MS (CodeIgniter 4-based CMS skeleton) is affected prior to version 0.31.0.0. A stored cross-site scripting (XSS) flaw arises from improper sanitization when creating or editing blog tags, allowing an attacker to inject a malicious JavaScript payload in the tag name that is stored server-side a...

Payload has an SQL Injection via Query Handling

Impact Certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. Patches This issue has been fixed in v3.79.1 and later. Query input validation has been hardened. Upgrade to v3.79...

CVE-2026-1345

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lowe...

CVE-2026-1345

The CVE-2026-1345 entry affects IBM Verify Identity Access Container (11.0–11.0.2), IBM Security Verify Access Container (10.0–10.0.9.1), IBM Verify Identity Access (11.0–11.0.2), and IBM Security Verify Access (10.0–10.0.9.1). The root cause is improper validation of user-supplied input, enablin...

CVE-2026-1345 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lowe...

CVE-2026-1345

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lowe...

CVE-2026-34872

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

UBUNTU-CVE-2026-34872

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

EUVD-2026-17953

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. A...

EUVD-2026-17929

Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery SSRF, potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through...

EUVD-2026-17948

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation o...

CVE-2026-34751

Payload CMS (including @payloadcms/graphql and the core payload) contains a password-recovery flow vulnerability prior to version 3.79.1 that could allow an unauthenticated attacker to act on behalf of a user initiating a password reset. The issue is rated at CVSS v3.1 base score 9.1 (CRITICAL) w...