CVE-2026-44169

Disclaimer: This data contains information about vulnerable...

GHSA-8H88-GXP3-J7PG openssl-encrypt's unverified key bundle from_dict() + to_identity() path allows encryption to attacker keys

Summary The PublicKeyBundle.fromdict method in opensslencrypt/modules/keybundle.py at lines 329-361 creates bundles from untrusted data without verifying the signature. The docstring warns to call verifysignature after creation, but the toidentity method line 363-391 can convert an unverified...

openssl-encrypt's unverified key bundle from_dict() + to_identity() path allows encryption to attacker keys

Summary The PublicKeyBundle.fromdict method in opensslencrypt/modules/keybundle.py at lines 329-361 creates bundles from untrusted data without verifying the signature. The docstring warns to call verifysignature after creation, but the toidentity method line 363-391 can convert an unverified...

Philips Hue Bridge 安全漏洞

The Philips Hue Bridge is a smart lighting gateway device developed by the Japanese company Philips Hue. There is a security vulnerability in the Philips Hue Bridge, which stems from the lack of verification of the user data length in the happairverifyhandler function. This vulnerability may lead...

Philips Hue Bridge 安全漏洞

The Philips Hue Bridge is a smart lighting gateway device developed by the Japanese company Philips Hue. There is a security vulnerability in the Philips Hue Bridge, which stems from the lack of verification of the user data length when processing PUT requests for the characteristics endpoint. Th...

GStreamer 安全漏洞

GStreamer is a set of open-source frameworks for processing streaming media. GStreamer has a security vulnerability that stems from a lack of verification of the data length provided to users during parsing and decoding operations. This vulnerability may lead to stack buffer overflows and remote...

Santesoft Sante DICOM Viewer Pro 安全漏洞

Santesoft Sante DICOM Viewer Pro is a powerful viewer, anonymizer, converter, and PACS client developed by Santesoft in Cyprus. It is suitable for DICOM files from all formats and manufacturers. Sante DICOM Viewer Pro has a security vulnerability that stems from the lack of verification of the da...

PT-2026-20378

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process paypal sdk payment' function in all versions up to, and including, 6.0.6.9. This...

GPT Academic Code Issues and Vulnerabilities

GPT Academic is an interface developed by binary-husky developers, designed to provide practical interactions for large language models like GPT/GLM. There are code vulnerabilities in GPT Academic; these vulnerabilities stem from the streamdaas function’s lack of verification of data provided by...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unverified data run offset that could lead to post-release reuse or unexpected memory access...

EUVD-2023-44814

Malicious code in bioql PyPI...

WordPress plugin FooGallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2023-35719

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not...

CVE-2022-41580

The HWKEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access...

CVE-2020-14116

An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by the Mi Browser does not verify the validity of the incoming data. Attackers can perform sensitive operations by exploiting this...

CVE-2021-32985

AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid...

Tor Browser 日志信息泄露漏洞

Tor Browser is a browser used to anonymously access the Internet. Tor Browser suffers from a log information disclosure vulnerability that arises from a network system or product that does not adequately verify the origin or authenticity of data. An attacker could exploit the falsified data to...

Contiki-NG 缓冲区错误漏洞

Contiki-NG is an open source cross-platform operating system for next-generation IoT devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. The vulnerability stems from unverified TCP data offsets. An attacker could exploit this vulnerability to cause a denial of...

Cisco NX-OS Software Data Forgery Issue Vulnerability

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. A data forgery vulnerability exists in the Image Signature Verification feature in Cisco NX-OS Software. The vulnerability arises from a network system or product that does...

Logic flaw vulnerability exists in UsualToolCMS of Chengdu Comfidonte Network Technology Co.

UsualToolCMS UTCMS is a content management system and rapid site building framework. A logic flaw vulnerability exists in UsualToolCMS v8.0 build 190101. The vulnerability stems from the program not verifying the identity of the data passed by the processing user. An attacker could overstep his/h...