72727 matches found
CVE-2026-33062
free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input Validation vulnerability leading to Denial of Service. All deployments of free5GC using the NRF discovery service are affected. The EncodeGroupId function attempts to access array indices 0, 1, 2...
CVE-2026-20967
Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network...
CVE-2026-22559
An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server Version 10.1.85 and earlier Mitigation: Update UniFi Network Server to...
CVE-2026-26115
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2026-26106
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
CVE-2025-55270
HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc...
CVE-2025-55270 HCL Aftermarket DPC is affected by Improper Input Validation
HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc...
CVE-2025-55270 HCL Aftermarket DPC is affected by Improper Input Validation
HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc...
CVE-2025-55270
HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc...
CVE-2025-55270
CVE-2025-55270 affects HCL Aftermarket DPC. Connected sources confirm an input validation error that can be exploited to inject executable code, enabling XSS, SQL injection, and command injection, among other attacks. Root cause: improper input validation in the affected component/file. Documente...
Exploit for Improper Input Validation in Tecrail Responsive_Filemanager
POC-CVE-2020-10567 RCE poc - RESPONSIVE filemanager v.9.14.0...
Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to "MadeYouReset" DoS attack bsc1243895. CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM...
CVE-2026-33183 Saloon has a Fixture Name Path Traversal Vulnerability
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments e.g. ../traversal or ../../etc/passwd resulted in a pat...
Wecodex SAT CFDI SQL注入漏洞
Wecodex SAT CFDI is an electronic invoice generation and management system developed by Wecodex Corporation. Version 3.3 of Wecodex SAT CFDI contains a SQL injection vulnerability, which stems from insufficient input validation for the id parameter. This vulnerability may lead to SQL injection...
PT-2026-28295
Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software suffers from Improper Input Validation, enabling an attacker to inject executable code. This could lead to attacks such as Cross-Site Scripting XSS, SQL Injection, an...
NetScaler ADC and NetScaler Gateway Memory Overread (CTX696300 / CVE-2026-3055)
The remote NetScaler ADC formerly Citrix ADC or NetScaler Gateway formerly Citrix Gateway device is version 14.1 prior to 14.1-60.58, 13.1 prior to 13.1-62.23, or 13.1-FIPS/NDcPP prior to 13.1-37.262. It is, therefore, affected by a vulnerability: - Insufficient input validation in NetScaler ADC...
OpenEMR 安全漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...
PT-2026-28523
Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.37 Description BentoML is a Python library used for building online serving systems for AI applications and model inference. A flaw exists where the docker.system packages field within the bentofile.yaml file does...
WebOfisi E-Ticaret 跨站脚本漏洞
WebOfisi E-Ticaret is an e-commerce website building and management system provided by the Turkish company WebOfisi. Version 4.0 of WebOfisi E-Ticaret has a cross-site scripting vulnerability, which stems from insufficient input validation for the “product” parameter. This vulnerability may lead ...
Ory polis 输入验证错误漏洞
Ory Polis is an open-source enterprise single-sign-on and directory synchronization solution developed by Ory. Versions of Ory Polis prior to 26.2.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper trust in URL parameters with the callbackUrl...