72898 matches found
gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing
A flaw was found in GIMP. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the conte...
Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass due ...
EUVD-2026-13031
OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for...
GHSA-GGM6-H3MX-CMMP Duplicate Advisory: safeBins stdin-only bypass via sort output and recursive grep flags
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4685-c5cp-vp95. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allow...
CVE-2026-31996
OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for...
CVE-2026-31996
OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for...
ROS-20260319-73-0026
A vulnerability in the Core component of Oracle VM VirtualBox is related to insufficient input validation. Exploitation of the vulnerability may allow an attacker to gain unauthorized access to protected information...
ROS-20260319-73-0023
A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20260319-73-0027
A vulnerability in the Core component of Oracle VM VirtualBox is related to insufficient input validation. Exploitation of the vulnerability may allow an attacker to gain unauthorized access to protected information...
ROS-20260319-73-0022
A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Elastic Kibana 安全漏洞
Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from improper input validation. This vulnerability could lead to denial-of-service attacks through excessive resource allocation...
HCL AION SQL Injection Vulnerability
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to steal sensitive database data by injecting a...
Apache Livy Input Validation Error Vulnerability
Apache Livy is the United States Apache Apache Foundation, an application server . Provides support for programmatic , fault-tolerant , multi-tenant submission of Spark jobs from Web, mobile applications . Apache Livy suffers from an input validation error vulnerability. The vulnerability stems...
PT-2026-26465
Name of the Vulnerable Software and Affected Versions flatted versions prior to 3.4.2 Description flatted is a circular JSON parser. The parse function does not validate that string values from the parsed JSON used as array index keys are numeric. This allows attacker-controlled strings, such as ...
SuiteCRM 输入验证错误漏洞
SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 had a vulnerability related to input validation errors. This vulnerability stemmed from an unvalidated redirection in the WebToLead capture function, which could le...
PT-2026-26251
CVE-2026-28044 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Media WP Rocket allows Stored XSS.This issue affects WP Rocke… https://t.co/XDQeDGbZS2...
SUSE SLES12 Security Update : tomcat (SUSE-SU-2026:0922-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0922-1 advisory. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385 Tenable has extracted the preceding description block directly from the SUS...
GHSA-P9HG-PQ3Q-V9GV free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error
Impact This is an Improper Input Validation vulnerability with Denial of Service and Injection implications. - Security Impact: A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's NudmSubscriberDataManagement API. This causes URL parsing failure in...
gRPC-Go has an authorization bypass via missing leading slash in :path
Impact What kind of vulnerability is it? Who is impacted? It is an Authorization Bypass resulting from Improper Input Validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory leading slash e.g.,...
free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter
Impact This is an Improper Input Validation vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the NRF service to panic and crash by sending a crafted HTTP GET request with a malformed group-id-list parameter. This results in complete denial of service for...