PT-2026-45047

Name of the Vulnerable Software and Affected Versions Koel versions prior to 9.3.5 Description Koel fails to validate individual episode enclosure URLs extracted from RSS XML feeds, despite validating the main podcast feed URL. These unvalidated URLs are stored in the database and subsequently...

CVE-2025-34237

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...

PT-2025-37215

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in the ALSA subsystem related to USB audio handling. Specifically, UAC3 cluster segment descriptors require validation to ensure their sizes align with...

changedetection.io path traversal using file URI scheme without supplying hostname

Summary The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. Details The check used for URL protocol, issafeurl, allows file: as ...

PT-2024-1017 · Microsoft · Windows Cryptographic Services +1

Name of the Vulnerable Software and Affected Versions: Windows Cryptographic Services affected versions not specified Description: The issue is related to insufficient input validation in the Cryptographic Services of Windows operating systems. This can allow an attacker to execute arbitrary code...

CVE-2023-33404

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code...

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microsoftware allows a attacker to circumvent security restrictions and execute arbitrary code.

The vulnerability of the HNAP1 protocol implementation in the D-Link DIR-2640-US router microprogramming system is related to insufficient validation of the string entered by the user before it is used to execute system calls when processing the DestNetwork parameter. Exploiting this vulnerabilit...

PT-2022-24489 · Patlite · Patlite Nh-Fb

Name of the Vulnerable Software and Affected Versions: Patlite NH-FB versions 1.46 and below Description: The issue is related to insufficient firmware validation during the upgrade firmware file upload process. This allows authenticated attackers to create and upload their own custom-built...

The vulnerability of the Blink component in Google Chrome allows a hacker to circumvent domain restriction rules and impact the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Blink component in Google Chrome exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to circumvent domain restriction rules and compromise the confidentiality, integrity, and accessibility of protected information...

Cross site scripting

A vulnerability in the web framework of the Cisco Unified Communications Manager Unified CM software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient...