Lucene search
K

72898 matches found

RedHat Linux
RedHat Linux
added 2026/03/19 12:13 p.m.7 views

gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing

A flaw was found in GIMP. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the conte...

7.8CVSS5.9AI score0.00566EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2026/03/19 10:27 a.m.5 views

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass due ...

8.7CVSS5.7AI score0.00498EPSS
Exploits0References12
EUVD
EUVD
added 2026/03/19 3:30 a.m.3 views

EUVD-2026-13031

OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for...

7.1CVSS6.1AI score0.0014EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 3:30 a.m.1 views

GHSA-GGM6-H3MX-CMMP Duplicate Advisory: safeBins stdin-only bypass via sort output and recursive grep flags

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4685-c5cp-vp95. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allow...

3.6CVSS6.2AI score0.0014EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 2:16 a.m.3 views

CVE-2026-31996

OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for...

7.1CVSS6.2AI score
Exploits0References3
NVD
NVD
added 2026/03/19 2:16 a.m.6 views

CVE-2026-31996

OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for...

7.1CVSS0.0014EPSS
Exploits0References3
Redos
Redos
added 2026/03/19 12:0 a.m.5 views

ROS-20260319-73-0026

A vulnerability in the Core component of Oracle VM VirtualBox is related to insufficient input validation. Exploitation of the vulnerability may allow an attacker to gain unauthorized access to protected information...

6CVSS5.8AI score0.00236EPSS
Exploits0
Redos
Redos
added 2026/03/19 12:0 a.m.4 views

ROS-20260319-73-0023

A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

7.1CVSS5.8AI score0.00186EPSS
Exploits0
Redos
Redos
added 2026/03/19 12:0 a.m.4 views

ROS-20260319-73-0027

A vulnerability in the Core component of Oracle VM VirtualBox is related to insufficient input validation. Exploitation of the vulnerability may allow an attacker to gain unauthorized access to protected information...

6CVSS5.8AI score0.00236EPSS
Exploits0
Redos
Redos
added 2026/03/19 12:0 a.m.3 views

ROS-20260319-73-0022

A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

7.1CVSS5.8AI score0.00186EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.8 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from improper input validation. This vulnerability could lead to denial-of-service attacks through excessive resource allocation...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References2
CNVD
CNVD
added 2026/03/19 12:0 a.m.3 views

HCL AION SQL Injection Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to steal sensitive database data by injecting a...

9.8CVSS6AI score0.00281EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/19 12:0 a.m.2 views

Apache Livy Input Validation Error Vulnerability

Apache Livy is the United States Apache Apache Foundation, an application server . Provides support for programmatic , fault-tolerant , multi-tenant submission of Spark jobs from Web, mobile applications . Apache Livy suffers from an input validation error vulnerability. The vulnerability stems...

6.3CVSS5.8AI score0.00488EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.7 views

PT-2026-26465

Name of the Vulnerable Software and Affected Versions flatted versions prior to 3.4.2 Description flatted is a circular JSON parser. The parse function does not validate that string values from the parsed JSON used as array index keys are numeric. This allows attacker-controlled strings, such as ...

9.8CVSS5.5AI score0.00704EPSS
Exploits1References22
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

SuiteCRM 输入验证错误漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 had a vulnerability related to input validation errors. This vulnerability stemmed from an unvalidated redirection in the WebToLead capture function, which could le...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.5 views

PT-2026-26251

CVE-2026-28044 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Media WP Rocket allows Stored XSS.This issue affects WP Rocke… https://t.co/XDQeDGbZS2...

5.9CVSS5.8AI score0.00143EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.5 views

SUSE SLES12 Security Update : tomcat (SUSE-SU-2026:0922-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0922-1 advisory. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385 Tenable has extracted the preceding description block directly from the SUS...

6.5CVSS7AI score0.00494EPSS
Exploits0References4
OSV
OSV
added 2026/03/18 8:11 p.m.5 views

GHSA-P9HG-PQ3Q-V9GV free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error

Impact This is an Improper Input Validation vulnerability with Denial of Service and Injection implications. - Security Impact: A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's NudmSubscriberDataManagement API. This causes URL parsing failure in...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/18 8:10 p.m.26 views

gRPC-Go has an authorization bypass via missing leading slash in :path

Impact What kind of vulnerability is it? Who is impacted? It is an Authorization Bypass resulting from Improper Input Validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory leading slash e.g.,...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/18 8:5 p.m.6 views

free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter

Impact This is an Improper Input Validation vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the NRF service to panic and crash by sending a crafted HTTP GET request with a malformed group-id-list parameter. This results in complete denial of service for...

8.7CVSS5.9AI score0.00674EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder