72637 matches found
Cross-site Scripting (XSS)
Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tag creation process. An attacker can execute arbitrary scripts in the context of the user's browser by crafting malicious input...
HCL Aftermarket DPC Input Validation Error Vulnerability
HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from an input validation error vulnerability that can be exploited by an attacker to inject executable code and perform cross-site scripting, SQL injection, command injectio...
Discourse 输入验证错误漏洞
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an input validation error vulnerability that originates when the enter operation in StaticController reads the...
SonicWALL Email Security 输入验证错误漏洞
SonicWALL Email Security is an email security system developed by the American company SonicWALL. SonicWall Email Security has a vulnerability related to input validation, which stems from improper input cleansing. This vulnerability may lead to data corruption...
go-git 输入验证错误漏洞
go-git is an open-source, highly scalable Git implementation written entirely in Go. Prior to version 5.17.1, go-git had a vulnerability related to input validation errors. This vulnerability stemmed from the index decoder not verifying the length of the application path name prefix, which could...
Denial of Service Vulnerability in Multiple Apple Products (CNVD-2026-19045)
Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A denial of service vulnerability exists in multiple Apple products, which is caused by improper input...
SonicWALL Email Security 输入验证错误漏洞
SonicWALL Email Security is an email security system developed by the American company SonicWALL. SonicWall Email Security has a vulnerability related to input validation. This vulnerability arises from improper input validation and could lead to denial-of-service attacks...
PT-2026-29345
Name of the Vulnerable Software and Affected Versions SonicWall Email Security appliance affected versions not specified Description The SonicWall Email Security appliance contains a flaw related to improper input validation. A remote, authenticated attacker with admin privileges can exploit this...
Mbed TLS -- vulnerabilities
https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports: Client impersonation while resuming a TLS 1.3 session CVE-2026-34873 Entropy on Linux can fall back to /dev/urandom CVE-2026-34871 PSA random generator cloning CVE-2026-25835 Compiler-induced constant-time violations...
Exploit for OS Command Injection in Hoverfly
CVE-2025-54123 - Hoverfly Command Injection RCE PoC CVE-2...
EUVD-2026-17129
MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...
CVE-2026-29909
MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...
CVE-2026-5164
The CVE-2026-5164 entry describes a vulnerability in virtio-win where the RhelDoUnMap() function fails to properly validate the number of descriptors in an unmap request. This input validation flaw can be exploited by a local user who supplies an excessive number of descriptors, potentially causi...
EUVD-2026-17064
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...
CVE-2026-2328
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...
CVE-2026-2328 Backend Access Due to Insufficient Input Validation
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...
CVE-2026-2328
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...
CVE-2026-2328
Technical details about CVE-2026-2328 are not publicly available in the provided documents beyond a generic path-traversal description. Monitor for updates from the referenced advisories for any affected products and fixes.
CVE-2026-2328 Backend Access Due to Insufficient Input Validation
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...
Nginx UI 输入验证错误漏洞
Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.4 contained a vulnerability related to input validation. This vulnerability stemmed from issues with input validation in the logrotate configuration. It allowed authenticated users to cause the web interfa...