ESP-IDF 输入验证错误漏洞

ESP-IDF is an open-source development framework for Espressif’s Espressif SoC, supported on Windows, Linux, and macOS. Versions 5.5.4 and 6.0 of ESP-IDF contain input validation vulnerabilities. These vulnerabilities stem from the ESP-TEE security service wrapper, which only validates the pointer...

OpenVM 输入验证错误漏洞

OpenVM is an open-source, high-performance, and modularized zkVM framework designed for customization and scalability. Prior to OpenVM 1.6.0, there was a vulnerability related to input validation errors. This vulnerability stemmed from the tryhonestpairingcheck function in the openvm-pairing...

Roxy-WI 输入验证错误漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from HAProxy saving unvalidated and unescaped JSON field values direct...

Jenkins 输入验证错误漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have a vulnerability related...

Jenkins 输入验证错误漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have a vulnerability related...

Jenkins 输入验证错误漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Versions of Jenkins prior to 2.567, as well as LTS versions prior to 2.555.2, contain a vulnerabilit...

VMware Spring Data Relational 安全漏洞

VMware Spring Data Relational is a relational database access framework developed by VMware, Inc. There is a security vulnerability in VMware Spring Data Relational, which stems from the improper escaping of external control inputs when using StringMatcher in Query By Example. Attackers can use...

VMware Spring for Apache Kafka 输入验证错误漏洞

VMware Spring for Apache Kafka is a Kafka messaging integration framework developed by VMware, Inc. Versions of Spring for Apache Kafka such as 4.0.0 and earlier, 3.3.0 and earlier, 3.2.0 and earlier, 2.9.0 and earlier, and 2.8.0 and earlier have a input validation vulnerability. This vulnerabili...

ESP-IDF 输入验证错误漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.5.4 and 6.0 of ESP-IDF contain input validation vulnerabilities. These vulnerabilities stem from issues with the security service wrapper component in the esptee module, which...

VMware Spring Security和Spring Authorization Server 输入验证错误漏洞

VMware Spring Security and Spring Authorization Server are both products of the American company VMware. VMware Spring Security is a security framework designed to provide descriptive security protections for Spring-based applications. Spring Authorization Server is a framework used to build secu...

ImageMagick 输入验证错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-24 contained a vulnerability related to input validation errors. This vulnerability...

ROS-20260610-73-0044

The vulnerability of the smartcardunpacksetattribcall function in the RDP client FreeRDP is related to the execution of operations outside the buffer in memory, resulting from an incorrect validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary...

ROS-20260610-73-0032

The vulnerability in Thunderbird relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...

ROS-20260610-73-0043

The vulnerability of the smartcardunpacksetattribcall function in the RDP client FreeRDP is related to the execution of operations outside the buffer in memory, resulting from an incorrect validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary...

Spring Security 输入验证错误漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Spring Security has a vulnerability related to input validation. This vulnerability arises from the use of CookieRequestCache and CookieServerRequestCache, which store...

EulerOS 2.0 SP13 : polkit (EulerOS-SA-2026-2350)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-2336)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : iommu/sva: invalidate stale IOTLB entries for kernel address spaceCVE-2025-71202 iommu: disable SVA when CONFIGX86 is setCVE-2025-71089 tls: Fix...

📄 IO-Compress 2.219 Eval Injection

An eval injection vulnerability in File::GlobMapper::getFiles allows any attacker who can control the output fileglob argument passed to IO::Compress::Gzip::gzip, IO::Compress::Zip::zip, or any sibling function to execute arbitrary Perl code in the context of the running process. Summary An eval...

CVE-2026-41719 Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

CVE-2026-41719 Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...