Lucene search
K

72688 matches found

NVD
NVD
added 2026/03/27 5:16 p.m.5 views

CVE-2026-30576

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption...

7.5CVSS0.00256EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.7 views

CVE-2025-55270

HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc...

9.8CVSS6AI score0.00997EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:25 p.m.15 views

CVE-2021-27401

The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access view and modify user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting XSS...

6.1CVSS6.8AI score0.00586EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 1:58 p.m.2 views

CVE-2026-33284

GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches...

5.1CVSS5.9AI score0.00196EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/27 12:15 p.m.5 views

BIT-GITLAB-2026-3988 Inefficient Algorithmic Complexity in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in...

7.5CVSS5.9AI score0.00478EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/03/27 9:4 a.m.9 views

Security update for python312

This update for python312 fixes the following issues: Update to Python 3.12.13: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

8.7CVSS7AI score0.01525EPSS
Exploits0References40
Snyk
Snyk
added 2026/03/27 7:18 a.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the RedisFilterExpressionConverter function. An attacker can access sensitive information by injecting specially crafted input into the filter value for a TAG field, which is inserted directly into the...

8.7CVSS5.9AI score0.0025EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 7:18 a.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the doKey function of Neo4jVectorFilterExpressionConverter when a user-controlled string is embedded as a filter expression key without proper escaping of backticks. An attacker can access internal resources...

8.7CVSS5.9AI score0.0025EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 1:21 a.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. An attacker can gain unauthorized access to resources by sending specially crafted requests that result in cache key collisions, causing the system to reuse cached authorization results for different requests...

9.8CVSS5.9AI score0.00241EPSS
Exploits0References2
Amazon
Amazon
added 2026/03/27 12:0 a.m.7 views

Important: tomcat10

Issue Overview: mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through...

9.1CVSS6.9AI score0.00498EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.6 views

ocaml 输入验证错误漏洞

OCaml is an open-source functional programming language and its compiler developed by OCaml. Versions of ocaml 4.14.3 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows in Bigarray.reshape, which could lead to arbitrary memo...

5.9CVSS5.9AI score0.00114EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

Mastodon 输入验证错误漏洞

Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. Versions of Mastodon prior to 4.5.8, 4.4.15, and 4.3.21 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of URL-encoded path segments in...

6.1CVSS5.8AI score0.00515EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.8 views

PT-2026-28325

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.4 Spring AI versions 1.1.0 through 1.1.3 Description Spring AI’s spring-ai-bedrock-converse component has a Server-Side Request Forgery SSRF issue within the BedrockProxyChatModel. This occurs when handling...

8.6CVSS5.9AI score0.00353EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.6 views

globaleaks-whistleblowing-software 输入验证错误漏洞

globaleaks-whistleblowing-software is an open-source anonymous whistleblowing platform developed by GLOBALEAKS. Versions of globaleaks-whistleblowing-software prior to version 5.0.89 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of...

5.1CVSS5.8AI score0.00196EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.6 views

Statamic 输入验证错误漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. Versions of Statamic 5.73.16 and earlier, as well as 6.7.2 and earlier, had an input validation vulnerability. This...

6.1CVSS5.8AI score0.00177EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.2 views

Cisco Nexus 3000 9000 Series Switches Intermediate System-to-Intermediate System DoS (cisco-sa-n39k-isis-dos-JhJA8Rfx)

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability in the Intermediate System-to-Intermediate System IS-IS feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode...

7.4CVSS5.9AI score0.00266EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.3 views

PT-2026-28571

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars templates containing decorator syntax referencing an unregistered decorator e.g., n can cause a Denial of Service. The compiled template calls lookupPropertydecorators, "n", which...

7.5CVSS5.9AI score0.00602EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.5 views

PT-2026-28573

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings – template file names and several CLI options – directly into the JavaScript it emits...

8.2CVSS6.1AI score0.00291EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28569

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars allows Remote Code Execution RCE through a crafted Abstract Syntax Tree AST object. The Handlebars.compile function accepts either a template string or a pre-parsed AST. When an AS...

9.8CVSS6.3AI score0.01739EPSS
Exploits2References274
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.5 views

Squid < 7.5 Multiple Vulnerabilities

The version of Squid on the remote host is prior to 7.5. It is, therefore, affected by multiple vulnerabilities: - Due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This attack is limited to Squid deployments that explicitly enable ICP support...

9.2CVSS6AI score0.08942EPSS
Exploits0References6
Rows per page
Query Builder