Lucene search
K

72864 matches found

Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-28091

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.27 n8n versions prior to 2.13.3 n8n versions prior to 2.14.1 Description n8n is a workflow automation platform. A flaw in the LDAP node's filter escape logic allows LDAP metacharacters to pass through unescaped when...

6.3CVSS5.9AI score0.00245EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of input validation protection, potentially leading to null pointer dereferencing...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/24 9:31 p.m.6 views

EUVD-2026-14988

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server Version 10.1.85 and earlier Mitigation: Update UniFi Network Server to...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 9:16 p.m.3 views

CVE-2026-3912

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour...

8.7CVSS0.00333EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/24 8:44 p.m.2 views

CVE-2026-3912 TIBCO ActiveMatrix BusinessWorks Injection Vulnerability

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour...

8.7CVSS5.7AI score0.00333EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 8:44 p.m.25 views

CVE-2026-3912 TIBCO ActiveMatrix BusinessWorks Injection Vulnerability

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour...

8.7CVSS0.00333EPSS
Exploits0References1
CVE
CVE
added 2026/03/24 8:44 p.m.7 views

CVE-2026-3912

CVE-2026-3912 affects TIBCO ActiveMatrix BusinessWorks and Enterprise Administrator. The issue is an injection vulnerability arising from validation/sanitisation gaps for user-supplied input, leading to information disclosure (including accessible local files and host system details) and potentia...

8.7CVSS5.7AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/24 8:26 p.m.4 views

CVE-2026-23920

A flaw was found in Zabbix. Authenticated users can bypass input validation in host and event action scripts by injecting a newline character. This bypass occurs because the validation regex, which uses start-of-line ^ and end-of-line $ anchors, operates in multiline mode. Successful exploitation...

7.7CVSS5.9AI score0.00248EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 8:16 p.m.7 views

CVE-2026-22559

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server Version 10.1.85 and earlier Mitigation: Update UniFi Network Server to...

8.8CVSS0.00358EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 7:16 p.m.4 views

CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

7.7CVSS0.00248EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 7:16 p.m.4 views

UBUNTU-CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

7.7CVSS5.8AI score0.00248EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/24 7:5 p.m.24 views

CVE-2026-22559

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server Version 10.1.85 and earlier Mitigation: Update UniFi Network Server to...

8.8CVSS0.00358EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 7:5 p.m.4 views

CVE-2026-22559

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server Version 10.1.85 and earlier Mitigation: Update UniFi Network Server to...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/24 7:5 p.m.46 views

CVE-2026-22559

CVE-2026-22559 concerns an improper input validation in UniFi Network Server (affected: 10.1.85 and earlier) that may allow unauthorized account access if the account owner is socially engineered into clicking a malicious link. Impact is high (C, I, A: High) with network access, user interaction ...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/03/24 6:37 p.m.7 views

PortSwigger Web Security: Out of scope: Improper Input Validation Order on /api-internal/login via password field leads to unnecessary resource consumption

A security issue was discovered in the /api-internal/login authentication endpoint of the internal login interface of Burp Suite DAST Enterprise. The issue was caused by improper input validation order, where the application processed user-supplied input before enforcing field-level validation...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:27 p.m.2 views

CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

7.7CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/24 6:27 p.m.27 views

CVE-2026-23920

The CVE describes a bypass of input validation for host and event action scripts where a regex (admin-set) is evaluated in multiline mode. If ^ and $ anchors are used in input validation, an injected newline can bypass the check and allow authenticated users to inject shell commands. The descript...

7.7CVSS5.8AI score0.00248EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 4:9 p.m.3 views

SUSE-SU-2026:20926-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation...

9.1CVSS5.8AI score0.00498EPSS
Exploits0References8
OSV
OSV
added 2026/03/24 4:7 p.m.5 views

OPENSUSE-SU-2026:20414-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation...

9.1CVSS5.6AI score0.00498EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/24 11:13 a.m.10 views

CVE-2026-33176

A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References10
Rows per page
Query Builder