72731 matches found
PT-2026-28569
Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars allows Remote Code Execution RCE through a crafted Abstract Syntax Tree AST object. The Handlebars.compile function accepts either a template string or a pre-parsed AST. When an AS...
Cisco Nexus 3000 9000 Series Switches Intermediate System-to-Intermediate System DoS (cisco-sa-n39k-isis-dos-JhJA8Rfx)
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability in the Intermediate System-to-Intermediate System IS-IS feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode...
Squid < 7.5 Multiple Vulnerabilities
The version of Squid on the remote host is prior to 7.5. It is, therefore, affected by multiple vulnerabilities: - Due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This attack is limited to Squid deployments that explicitly enable ICP support...
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...
CVE-2026-3622 Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N
The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This...
CVE-2026-3622
CVE-2026-3622 affects TL-WR841N v14's UPnP component, where improper input validation triggers an out-of-bounds read that can crash the UPnP service and cause a Denial-of-Service. Affected builds include EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and US_0.9.1.4.19 Build 260312 Rel. 49108n...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to insufficient validation of incoming request size in the webhook endpoint. An attacker can disrupt service availability by sending oversized requests to the endpoint. Details Denial of Service DoS describes a...
EUVD-2026-15958
n8n Vulnerable to LDAP Filter Injection in LDAP Node...
CVE-2026-2745
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...
CVE-2026-20108
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...
CVE-2026-3988
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in...
CVE-2026-20125
A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to improper validation ...
CVE-2026-3116 Improper Input Validation in Zoom Plugin Webhook Handler
Mattermost Plugins versions =11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589...
CVE-2026-3116
CVE-2026-3116 affects Mattermost Plugins with versions
CVE-2026-3116 Improper Input Validation in Zoom Plugin Webhook Handler
Mattermost Plugins versions =11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589...
EUVD-2025-209063
HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc...
CVE-2025-36920
In hypalloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-3563
Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of...
CVE-2026-20643
A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Lin...
CVE-2026-20639
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3. Processing a maliciously crafted string may lead to heap corruption...