EUVD-2026-34931

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

CVE-2026-44169

Disclaimer: This data contains information about vulnerable...

GHSA-8H88-GXP3-J7PG openssl-encrypt's unverified key bundle from_dict() + to_identity() path allows encryption to attacker keys

Summary The PublicKeyBundle.fromdict method in opensslencrypt/modules/keybundle.py at lines 329-361 creates bundles from untrusted data without verifying the signature. The docstring warns to call verifysignature after creation, but the toidentity method line 363-391 can convert an unverified...

openssl-encrypt's unverified key bundle from_dict() + to_identity() path allows encryption to attacker keys

Summary The PublicKeyBundle.fromdict method in opensslencrypt/modules/keybundle.py at lines 329-361 creates bundles from untrusted data without verifying the signature. The docstring warns to call verifysignature after creation, but the toidentity method line 363-391 can convert an unverified...

Philips Hue Bridge 安全漏洞

The Philips Hue Bridge is a smart lighting gateway device developed by the Japanese company Philips Hue. There is a security vulnerability in the Philips Hue Bridge, which stems from the lack of verification of the user data length when processing PUT requests for the characteristics endpoint. Th...

Philips Hue Bridge 安全漏洞

The Philips Hue Bridge is a smart lighting gateway device developed by the Japanese company Philips Hue. There is a security vulnerability in the Philips Hue Bridge, which stems from the lack of verification of the user data length in the happairverifyhandler function. This vulnerability may lead...

GStreamer 安全漏洞

GStreamer is a set of open-source frameworks for processing streaming media. GStreamer has a security vulnerability that stems from a lack of verification of the data length provided to users during parsing and decoding operations. This vulnerability may lead to stack buffer overflows and remote...

Santesoft Sante DICOM Viewer Pro 安全漏洞

Santesoft Sante DICOM Viewer Pro is a powerful viewer, anonymizer, converter, and PACS client developed by Santesoft in Cyprus. It is suitable for DICOM files from all formats and manufacturers. Sante DICOM Viewer Pro has a security vulnerability that stems from the lack of verification of the da...

PT-2026-20378

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process paypal sdk payment' function in all versions up to, and including, 6.0.6.9. This...

GPT Academic Code Issues and Vulnerabilities

GPT Academic is an interface developed by binary-husky developers, designed to provide practical interactions for large language models like GPT/GLM. There are code vulnerabilities in GPT Academic; these vulnerabilities stem from the streamdaas function’s lack of verification of data provided by...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unverified data run offset that could lead to post-release reuse or unexpected memory access...

EUVD-2023-44814

Malicious code in bioql PyPI...

The vulnerability of the CORS mechanism in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the CORS mechanism in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to the lack of verification of the reliability of data sources or messages. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the CORS mechanism in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the CORS mechanism in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to the lack of verification of the reliability of data sources or messages. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

WordPress plugin FooGallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2023-35719

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not...

CVE-2022-41580

The HWKEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access...

CVE-2020-14116

An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by the Mi Browser does not verify the validity of the incoming data. Attackers can perform sensitive operations by exploiting this...

CVE-2021-32985

AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid...

The vulnerability of Google Chrome’s Navigation function, which allows a hacker to manipulate the URL bar content

The vulnerability of Google Chrome’s Navigation function is related to a lack of mechanisms for verifying the source of data. Exploiting this vulnerability allows a malicious actor to manipulate the URL field using a specially created HTML page...