5316 matches found
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via the CookieJar process. An attacker can access or manipulate cookies belonging to other hosts by exploiting improper domain matching for IP-address or bare-numeric domains. Remediation Upgrade guzzlehttp/guzzl...
CVE-2026-53173
Summary (concrete details from provided docs): The Linux kernel component accel/ethosu contains an OOB write in ethosu_gem_cmdstream_copy_and_validate(). A local user can trigger by supplying a crafted command stream, causing memory corruption and potential instability. The issue arises in a pars...
CVE-2026-8172
The CVE-2026-8172 entry concerns the WordPress plugin Simple Basic Contact Form (through 20250114). The issue is a Reflected Cross-Site Scripting vulnerability caused by not escaping user-supplied input before reflecting it in the contact form output on validation errors. Impact described: unauth...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via insufficient validation of the Origin header and improper handling of request paths in the local HTTP server. An attacker can access and exfiltrate arbitrary local files by sending crafted requests from a...
Origin Validation Error
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Origin Validation Error via the actionResourceJs process. An attacker can execute arbitrary JavaScript in the context of an administrator's browser and potentially achieve remote code executi...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error in the JWT validation process. An attacker can gain unauthorized access by presenting a validly signed token from a trusted issuer, originally intended for a different service, to the authentication system. This ...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error in the JWT validation process. An attacker can gain unauthorized access by presenting a validly signed token from a trusted issuer, originally intended for a different service, to the authentication system. This ...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error in the JWT validation process. An attacker can gain unauthorized access by presenting a validly signed token from a trusted issuer, originally intended for a different service, to the authentication system. This ...
Origin Validation Error
Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to unintended origins b...
Origin Validation Error
Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to...
webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to a validation issue with improper logic...
EUVD-2026-36603
An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...
CVE-2026-54396 MISP AuthKey edit endpoint allows authenticated user email enumeration
An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.userid value from the submitted request data. An authenticated user with...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation for untrusted inputs in the Network component. It could allow remote...
CVE-2026-40376
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...
NETGEAR 多款产品输入验证错误漏洞
NETGEAR is a router product from the American company NETGEAR. It is a hardware device used to connect two or more networks, acting as a gateway between them. Several NETGEAR products have a vulnerability related to input validation. This vulnerability allows attackers to intercept and tamper wit...
ROS-20260609-73-0004
The vulnerability of the RDP client FreeRDP is related to the escape of operations beyond the buffer in memory due to incorrect validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
Adobe CAI Content Credentials 输入验证错误漏洞
Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 contain a...
Microsoft Visual Studio Code 输入验证错误漏洞
Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. Microsoft Visual Studio Code has a vulnerability related to input validation. Attackers can exploit this vulnerability to gain higher privileges...
CVE-2026-43972
A flaw was found in gun. A malicious or compromised HTTP/2 server can exploit an Origin Validation Error vulnerability by injecting unvalidated HTTP/2 PUSHPROMISE authority. This allows the server to plant cookies scoped to arbitrary third-party domains into the client's shared cookie store. This...