ROS-20260430-73-0001

A vulnerability in valkey is related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

EUVD-2026-9099

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2026-1542

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2026-1388

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...

CVE-2026-1388

Removed by vendor...

CVE-2025-1969

Improper request input validation in Temporary Elevated Access Management TEAM for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process...

Linux Distros Unpatched Vulnerability : CVE-2022-42312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2022-27240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion. CVE-2022-27240 Note that Nessus relies on...

CVE-2023-22439

Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface Port 80 can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a...

CVE-2025-1969

Improper request input validation in Temporary Elevated Access Management TEAM for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process...

Exploit for Unrestricted Upload of File with Dangerous Type in Revmakx Backup_And_Staging_By_Wp_Time_Capsule

CVE-2024-8856: WordPress WP Time Capsule Plugin Arbitrary File...

PT-2024-24122 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: A vulnerability exists in the thread update process, allowing users with Default or Manager roles to escalate their privileges to Administrator. This issue arises from...

PT-2024-14522 · Spip · Spip

Name of the Vulnerable Software and Affected Versions: SPIP versions 4.1.3 and earlier SPIP versions 4.2.x through 4.2.6 Description: The issue arises from the ecrire/public/assembler.php file in SPIP, where input from request is not restricted to safe characters, such as alphanumerics, allowing...

GHSA-PPPV-CH8P-RP2W lite-dev-server vulnerable to Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

CVE-2021-36982

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall AIWAF devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request...

CVE-2021-35397

A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this vulnerability by...

CVE-2021-27710

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...

McAfee MVISION Endpoint Code Issue Vulnerability

McAfee MVISION Endpoint is a set of endpoint security protection software from the U.S. company McAfee McAfee. The software provides enhanced threat detection and correction for Windows systems. A security vulnerability exists in McAfee MVISION Endpoint versions prior to 20.11, which can be...

PYSEC-2020-156

flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...

UBUNTU-CVE-2016-10517

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port...