CVE-2025-14513 Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...

EUVD-2026-11034

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7. This is due to missing or incorrect nonce validation on the reloadpreview function. This makes it possible for...

CVE-2025-61616

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

PT-2026-24604

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

GHSA-6W48-2G9J-V9Q5 Apache IoTDB has an Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

CVE-2025-69279

CVE-2025-69279 concerns a vulnerability in the nr modem where improper input validation can cause a system crash, enabling remote denial of service without requiring privileges. Multiple sources (NVD, Red Hat, EUVD, CVE list, etc.) describe the issue consistently, identifying the affected compone...

SUSE CVE-2026-25679

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

Security update for python-tornado

This update for python-tornado fixes the following issue: CVE-2025-67724: missing validation of the supplied reason phrase bsc1254903. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

SUSE-SU-2026:0831-1 Security update for openvpn

This update for openvpn fixes the following issues: - Updated to version 2.6.10 that fixes: CVE-2025-13086: improper validation of IP addresses that can cause denial of service bsc1254486...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to jetty-server

Summary IBM webMethods BPM uses jetty-server as a transitive dependency brought in by the WebMethods Integration Server is-server dependency. The Integration Server runtime uses Jetty internally for its web server infrastructure. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists...

CVE-2025-40894

CVE-2025-40894 describes a Stored HTML Injection in the Alerted Nodes Dashboard due to improper input validation. A logged-in user with required privileges can edit a node label to inject HTML, which may render in a victim’s browser if alerts exist for that node, enabling phishing and potentially...

CVE-2026-0014

In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48587

CVE-2025-48587 is linked to Google Android and involves multiple functions in ProfilingService.java where improper input validation can cause a persistent local denial of service without user interaction or extra privileges. The condition is confirmed across CVE/NVD entries and mirrored in relate...

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (February 2026)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2025-69277 DESCRIPTION: libsodium before ad3004e, in atypical use cases...

CVE-2026-26934

Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...

PT-2026-22162

Name of the Vulnerable Software and Affected Versions Packetbeat affected versions not specified Description A flaw exists in the PostgreSQL protocol parser within Packetbeat that allows for Denial of Service through manipulation of input data. Specifically, improper validation of an array index...

PT-2026-22139

Name of the Vulnerable Software and Affected Versions Dokuzsoft Technology Ltd. E-Commerce Product versions through 10122025 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a Reflected Cross-site Scripting XSS condition. The issue...

PT-2026-21827

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users. Version 8.0.0 fixes the issue...

CVE-2025-70044

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3...

CVE-2025-67972

Technical details about CVE-2025-67972 are not provided in the connected documents. Public details in the set pertain to other products (e.g., Prague plugin) and do not confirm affected vendor/version/root-cause for Zoho ZeptoMail. Monitor for updates.