Advisory ROSA-SA-2026-3279

software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-16 affected versions tomcat-9.0.37-16 CVE-ID: CVE-2026-24733 BDU-ID: None CVE-Crit: LOW CVE-DESC.: An invalid input validation vulnerability in Apache Tomcat allows a remote attacker to bypass security restrictions by...

CVE-2026-31963 HTSlib CRAM reader has heap buffer overflow due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of video...

CVE-2025-61608

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2023-23109

In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv...

CVE-2022-20585

In validoutofspecialsecdramaddr of drmaccesscontrol.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

CVE-2025-3288

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute...

CVE-2024-20138

In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604...

CVE-2023-23109

In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv...

Null pointer dereference

In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc...

CVE-2023-23109

In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv...

Broadcom CA Automic Automation 输入验证错误漏洞

Broadcom CA Automic Automation is an automation product from Broadcom, Inc. It provides a service orchestration and automation platform to automate complex applications, platforms, and technology environments. A security vulnerability exists in Broadcom CA Automic Automation versions 12.2 and 12....

Micro Focus NetIQ Access Manager 跨站脚本漏洞

Micro Focus NetIQ Access Manager is a resource access control solution from Micro Focus, a UK-based company. A cross-site scripting vulnerability exists in versions prior to Micro Focus NetIQ Access Manager 5.0.2, which stems from a lack of data validation filtering of user-supplied data and...

Apache Apisix 安全漏洞

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation. The software is based on OpenResty and etcd and features dynamic routing and plugin hot-loading for API management in microservices systems. versions prior to Apache Apisix 2.13.1 contain an information...

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored Cross-site Scripting CWE-79 - CVE-2021-20667 Path Traversal CWE-22 - CVE-2021-20668 Path Traversal CWE-22 - CVE-2021-20669 Improper Access Control CWE-284 - CVE-2021-20670 Improper Input Validation CWE-...

CVE-2020-0329

In the OMX encoder, there is a possible out of bounds read due to invalid input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-63522940...

UBUNTU-CVE-2019-1010204

GNU binutils gold gold v1.11-v1.16 GNU binutils v2.21-v2.31.1 is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcppfile.h:644. The attack vector is: An ELF file with an...

Openfind Mail2000 Cross-Site Scripting Vulnerability

Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in Webmail in Openfind Mail2000 v6. The vulnerability stems from a lack of proper validation of client data by the web application. An attacker can exploit this vulnerability to execute client-side code...

rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can...

Foxit Reader Arbitrary Code Execution Vulnerability (CNVD-2018-10555)

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A security vulnerability exists in the parsing of the U3D Clod Progressive Mesh Declaration framework in Foxit Reader version 9.0.0.29935, which is caused by the program failing to properly validate user-submitted...