PT-2026-48033

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

PT-2026-48094

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

PT-2026-48283

Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and earlier CAI Content Credentials versions c2pa-v0.80.1 and earlier Description Improper Input Validation allows an attacker to crash the application, resulting in a denial-of-service condition...

PT-2026-48286

Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and earlier CAI Content Credentials versions c2pa-v0.80.1 and earlier Description Improper Input Validation allows an attacker to crash the application, resulting in a denial-of-service condition...

PT-2026-48280

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

CVE-2026-36770

CVE-2026-36770 affects Shenzhen Tenda Technology Co. device: Tenda US_W3V1.0BR v1.0.0.3. The vulnerability is a stack overflow in the Go parameter of the ask_to_reboot function, leading to Denial of Service through a crafted input. CVSS v3.1 base score is 7.5 (Network attack, Low attack complexit...

CVE-2026-36773

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) has a stack overflow in the Go parameter of the ask_to_reboot function, causing Denial of Service via crafted input. Affected component: the ask_to_reboot parameter handling. Root cause: stack overflow in Go code. Impact: ...

PT-2026-48100

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network. Cross-si...

PT-2026-47732

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...

PT-2026-48268

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 and earlier ColdFusion versions 2025.8 and earlier Description Improper Input Validation allows for arbitrary code execution in the context of the current user. This issue can be exploited without requiring any user...

NETGEAR JR6150 输入验证错误漏洞

NETGEAR JR6150 is a wireless router produced by NETGEAR Corporation. The NETGEAR JR6150 has a vulnerability related to input validation. This vulnerability stems from insufficient input validation, which may allow administrators connected to the local network to make unauthorized modifications to...

PT-2026-47676

Name of the Vulnerable Software and Affected Versions Global Body Mass Index Calculator versions prior to 1.3 Description The Global Body Mass Index Calculator plugin for WordPress contains a Stored Cross-Site Scripting issue. The GBMI Calc Widget::widget function fails to properly sanitize input...

PT-2026-48037

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network. Cross-si...

WordPress plugin Blocksy 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Microsoft Win32k 输入验证错误漏洞

Microsoft Win32k is a system file used for multi-user management in Windows by Microsoft Corporation. There is an input validation vulnerability in Microsoft Win32k-GRFX. Attackers can exploit this vulnerability to execute code. The following products and versions are affected: Windows 10 Version...

NETGEAR JR6150 输入验证错误漏洞

NETGEAR JR6150 is a wireless router produced by NETGEAR, a company in the United States. The NETGEAR JR6150 has a vulnerability related to input validation. This vulnerability stems from insufficient input validation, which may allow users connected to the local WiFi network to execute operating...

PT-2026-48226

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this...

Adobe CAI Content Credentials 输入验证错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 have a...

VMware Spring Framework 输入验证错误漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware Corporation. This framework helps developers build high-quality applications. Versions of VMware Spring Framework from 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 contain a...

Microsoft Windows Kerberos 输入验证错误漏洞

Microsoft Windows Kerberos is a software developed by Microsoft for authentication in network clusters. As a network authentication protocol, Kerberos aims to provide robust authentication services for client/server applications through a key system. There is an input validation vulnerability in...