72646 matches found
CVE-2026-34872
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...
Xenforo 输入验证错误漏洞
Xenforo is a forum software developed by the Xenforo company. Versions of XenForo prior to 2.2.17 and 2.3.1 had a vulnerability related to input validation errors. This vulnerability stemmed from the getDynamicRedirect function not properly verifying the redirection target, which could allow for...
Corosync 输入验证错误漏洞
Corosync is an open-source cluster engine developed by The Corosync Cluster Engine. Corosync has a vulnerability in input validation, which stems from integer overflows in the message integrity verification process. This vulnerability may lead to service crashes and denial-of-service attacks...
Medium: python
Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...
PT-2026-29553
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could...
Amazon Linux 2 : python, --advisory ALAS2-2026-3218 (ALAS-2026-3218)
The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3218 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |=...
Medium: python3
Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...
PT-2026-29551
A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...
Cisco Integrated Management Controller(IMC) 命令注入漏洞
The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...
Cisco Integrated Management Controller 命令注入漏洞
The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...
Cisco Integrated Management Controller 输入验证错误漏洞
The Cisco Integrated Management Controller IMC is a set of software developed by Cisco Corporation in the United States, used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, shutting down, and restartin...
Cisco Integrated Management Controller(IMC) 跨站脚本漏洞
The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...
Cisco Integrated Management Controller 跨站脚本漏洞
The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...
Cisco Integrated Management Controller(IMC) 跨站脚本漏洞
The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...
Cisco Nexus Dashboard和Cisco Nexus Dashboard Insights 代码问题漏洞
Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights are products of Cisco, a US-based company. Cisco Nexus Dashboard is a single console that simplifies the operation and management of data center networks. Cisco Nexus Dashboard Insights is a platform for operational analysis and fault...
SUSE CVE-2026-20643
A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the destination parameter rendered on the challenge page using text/template. An attacker can execute arbitrary JavaScript in the context of the victim's browser by supplying a crafted value that breaks out ...
EUVD-2026-17642
A denial-of-service DoS vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive...
CVE-2026-3469
A denial-of-service DoS vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive...
CVE-2026-34740 AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG Electronic Program Guide link feature in AVideo allows authenticated users with upload permissions to store arbitrary URLs that the server fetches on every EPG page visit. The URL is validated only with PHP's...