72887 matches found
PT-2026-27610
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.4 iPadOS versions prior to 26.4 macOS Sequoia versions prior to 15.7.5 macOS Sonoma versions prior to 14.8.5 macOS Tahoe versions prior to 26.4 Description An issue exists that may allow a remote attacker to cause a...
PT-2026-35860
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description Insufficient validation of untrusted input in Compositing allows a remote attacker who has compromised the renderer process to bypass site isolation using a crafted HTML page. Site...
CVE-2026-4614 itsourcecode sanitize or validate this input Parameter subjects.php sql injection
A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...
CVE-2026-4614
CVE-2026-4614 : A vulnerability in itsourcecode sanitization/validation affects the Parameter Handler’s processing of /admin/subjects.php, where manipulation of the subject_code argument enables SQL injection. The issue can be exploited remotely and exploit details have been publicly disclosed. C...
GHSA-Q5PR-72PQ-83V3 H3: Unbounded Chunked Cookie Count in Session Cleanup Loop may Lead to Denial of Service
Summary The setChunkedCookie and deleteChunkedCookie functions in h3 trust the chunk count parsed from a user-controlled cookie value chunkedN without any upper bound validation. An unauthenticated attacker can send a single request with a crafted cookie header e.g., Cookie: h3=chunked999999 to a...
EUVD-2026-14546
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread...
CVE-2026-3055 Insufficient input validation leading to memory overread
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread...
CVE-2026-3055 Insufficient input validation leading to memory overread
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread...
CVE-2026-3055
CVE-2026-3055 affects Citrix NetScaler ADC/NetScaler Gateway when configured as a SAML IDP, causing a memory overread due to insufficient input validation. Affected versions per Nessus plugin: NetScaler ADC/Gateway 14.1 prior to 14.1-66.59; 13.1 prior to 13.1-62.23; and 13.1-FIPS/NDcPP prior to 1...
Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input...
EUVD-2026-14461
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the NGAP message handling process. An attacker can cause the application to panic and potentially crash by sending specially crafted messages with invalid PDU Session IDs. Remediation Upgrade...
Out-of-bounds Read
Overview github.com/shamaton/msgpack/v2/internal/decoding is a Affected versions of this package are vulnerable to Out-of-bounds Read. due to improper validation of input in the fixext process. An attacker can cause the application to panic and terminate unexpectedly by sending specially crafted...
valkey: Valkey: Denial of Service via invalid clusterbus packet
A flaw was found in Valkey, a distributed key-value database. A malicious actor with access to the Valkey clusterbus port can exploit an input validation vulnerability by sending a specially crafted invalid clusterbus packet. This lack of validation for clusterbus ping extension packets can lead ...
gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing
A flaw was found in GIMP. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the conte...
gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing
A flaw was found in GIMP. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the conte...
Vulnerabilities fixed in Citrix Netscaler ADC and Netscaler Gateway
Citrix has fixed vulnerabilities in their software related to insufficient input validation and a race condition in session management. The input validation vulnerability occurs because the software does not correctly check for input sizes or limits, which can lead to memory overreads. This can...
Chromium: CVE-2026-4451 Insufficient validation of untrusted input in Navigation
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2025-10679 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Limited Remote Code Execution
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to arbitrary method calls in all versions up to, and including, 2.2.12. This is due to insufficient input validation in the bulkTenReviews function that...
CVE-2025-10679
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More WordPress plugin (up to v2.2.12) is vulnerable due to insufficient input validation in the bulkTenReviews function, allowing user-controlled data to be passed to a variable function call ...