72688 matches found
CVE-2026-30576
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption...
CVE-2025-55270
HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc...
CVE-2021-27401
The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access view and modify user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting XSS...
CVE-2026-33284
GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches...
BIT-GITLAB-2026-3988 Inefficient Algorithmic Complexity in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in...
Security update for python312
This update for python312 fixes the following issues: Update to Python 3.12.13: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the RedisFilterExpressionConverter function. An attacker can access sensitive information by injecting specially crafted input into the filter value for a TAG field, which is inserted directly into the...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation in the doKey function of Neo4jVectorFilterExpressionConverter when a user-controlled string is embedded as a filter expression key without proper escaping of backticks. An attacker can access internal resources...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation. An attacker can gain unauthorized access to resources by sending specially crafted requests that result in cache key collisions, causing the system to reuse cached authorization results for different requests...
Important: tomcat10
Issue Overview: mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through...
ocaml 输入验证错误漏洞
OCaml is an open-source functional programming language and its compiler developed by OCaml. Versions of ocaml 4.14.3 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows in Bigarray.reshape, which could lead to arbitrary memo...
Mastodon 输入验证错误漏洞
Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. Versions of Mastodon prior to 4.5.8, 4.4.15, and 4.3.21 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of URL-encoded path segments in...
PT-2026-28325
Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.4 Spring AI versions 1.1.0 through 1.1.3 Description Spring AI’s spring-ai-bedrock-converse component has a Server-Side Request Forgery SSRF issue within the BedrockProxyChatModel. This occurs when handling...
globaleaks-whistleblowing-software 输入验证错误漏洞
globaleaks-whistleblowing-software is an open-source anonymous whistleblowing platform developed by GLOBALEAKS. Versions of globaleaks-whistleblowing-software prior to version 5.0.89 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of...
Statamic 输入验证错误漏洞
Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. Versions of Statamic 5.73.16 and earlier, as well as 6.7.2 and earlier, had an input validation vulnerability. This...
Cisco Nexus 3000 9000 Series Switches Intermediate System-to-Intermediate System DoS (cisco-sa-n39k-isis-dos-JhJA8Rfx)
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability in the Intermediate System-to-Intermediate System IS-IS feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode...
PT-2026-28571
Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars templates containing decorator syntax referencing an unregistered decorator e.g., n can cause a Denial of Service. The compiled template calls lookupPropertydecorators, "n", which...
PT-2026-28573
Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings – template file names and several CLI options – directly into the JavaScript it emits...
PT-2026-28569
Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars allows Remote Code Execution RCE through a crafted Abstract Syntax Tree AST object. The Handlebars.compile function accepts either a template string or a pre-parsed AST. When an AS...
Squid < 7.5 Multiple Vulnerabilities
The version of Squid on the remote host is prior to 7.5. It is, therefore, affected by multiple vulnerabilities: - Due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This attack is limited to Squid deployments that explicitly enable ICP support...