14 matches found
CVE-2026-39341
ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...
CVE-2025-68143
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...
CVE-2025-48623
In initpkvmhypvcpu of pkvm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
The vulnerability of the f2fs_get_unusable_blocks() function in the fs/f2fs/f2fs.h module of the F2FS file system support in Linux kernel allows a attacker to compromise the integrity of protected information or cause service failures.
The vulnerability of the f2fsgetunusableblocks function in the fs/f2fs/f2fs.h module of the F2FS file system support in Linux’s operating system is related to incorrect input validation. Exploiting this vulnerability could allow an attacker to compromise the integrity of protected information or...
The vulnerability of the pata_macio_do_resume() function in the Linux operating system’s SATA/PATA kernel support driver allows a hacker to cause a service failure.
The vulnerability of the patamaciodoresume function in the SATA/PATA driver of the Linux operating system is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
Astra Linux – Vulnerability in krb5
The vulnerability of the krb5chpwmessage function in the Kerberos authentication protocol is related to insufficient input validation. Exploiting this vulnerability allows an attacker to access confidential data and also cause service interruptions...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, issues with drop bad gso csumstart and offset in virtionethdr have been addressed. Additionally, the checks for csumstart and csumoffset in virtionethdrtoskb for GSO packets have been improved. The function...
kernel: netfilter: complete validation of user input
A denial of service vulnerability exists in the Linux kernel such that @optlen validation is not called before the function xtalloctableinfo, an attacker could craft a payload that results in a crash resulting in loss of availability...
Vulnerability of the `bn_reduce_once_in_place` function in the OpenSSL library, allowing a hacker to execute arbitrary code
The vulnerability of the bnreduceonceinplace function in the OpenSSL library is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the fribidi_remove_bidi_marks() function in the GNU FriBidi library, which allows a hacker to execute arbitrary code.
The vulnerability of the fribidiremovebidimarks function in the GNU FriBidi library exists due to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Improper Input Validation
Overview railsmultisite is a gem for multi-db support for Rails applications. Affected versions of this package are vulnerable to Improper Input Validation. Secure/signed cookies share secrets between sites in a multi-site application. Impact This vulnerability impacts any Rails applications usin...
openstack-neutron: arbitrary dnsmasq reconfiguration via extra_dhcp_opts
An input-validation flaw was found in openstack-neutron, where an authenticated attacker could change the dnsmasq configuration. By crafting extradhcpopts values, the attacker could crash the dnsmasq, change parameters for tenants sharing the same interface, or otherwise alter that daemon’s...
NOCC 1.0 no_mail.php html_no_mail Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject...
PHP Perl Extension Safe_mode Bypass Exploit
No description provided by source. ?php ---------------------------------------------------- ----PHP Perl Extension Safemode Bypass Exploit----- ---------------------------------------------------- -Author:--NetJackal--------------------------------- -Email:---nima501atyahoodotcom----------------...