CVE-2026-29909

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...

CVE-2026-5164

The CVE-2026-5164 entry describes a vulnerability in virtio-win where the RhelDoUnMap() function fails to properly validate the number of descriptors in an unmap request. This input validation flaw can be exploited by a local user who supplies an excessive number of descriptors, potentially causi...

EUVD-2026-17064

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...

CVE-2026-2328

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...

CVE-2026-2328 Backend Access Due to Insufficient Input Validation

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...

CVE-2026-2328

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...

CVE-2026-2328

Technical details about CVE-2026-2328 are not publicly available in the provided documents beyond a generic path-traversal description. Monitor for updates from the referenced advisories for any affected products and fixes.

CVE-2026-2328 Backend Access Due to Insufficient Input Validation

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...

(0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper...

CVE-2026-29909

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...

PT-2026-28802

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...

MRCMS 安全漏洞

MRCMS is a content management system developed by Marker individuals. MRCMS V3.1.2 has a security vulnerability that stems from the lack of authentication and input validation in the file management module, which may lead to unvalidated directory enumeration...

WAGO Device Sphere 安全漏洞

WAGO Device Sphere is a device management system developed by the German company WAGO. There is a security vulnerability in WAGO Device Sphere, which stems from insufficient input validation. This vulnerability may allow for access to backend components through path traversal, potentially leading...

PT-2026-29090

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.4 Description An input validation issue in the logrotate configuration allows an authenticated user to cause a Denial of Service DoS. Submitting a negative integer for the rotation interval causes the backend to...

SourceCodester Sales and Inventory System 安全漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a security vulnerability. This vulnerability stems from improper cleaning of the parameter msg i...

Nginx UI 输入验证错误漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.4 contained a vulnerability related to input validation. This vulnerability stemmed from issues with input validation in the logrotate configuration. It allowed authenticated users to cause the web interfa...

Server-side Request Forgery (SSRF)

Overview @openclaw/mattermost is an OpenClaw Mattermost channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch process in multiple channel extensions when outbound requests are made to configured base URLs without proper validation. An...

VulnCheck KEV: CVE-2026-3055

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread...

CVE-2026-33937

A flaw was found in Handlebars. An attacker can exploit this by supplying a crafted Abstract Syntax Tree AST object to the Handlebars.compile function. This allows the injection and execution of arbitrary JavaScript code due to improper sanitization of the value field in NumberLiteral AST nodes...

CVE-2026-33941

A flaw was found in Handlebars. The Handlebars command-line interface CLI precompiler concatenates user-controlled strings, such as template file names and CLI options, directly into the generated JavaScript without proper escaping or sanitization. An attacker capable of influencing these inputs...