CVE-2021-22127

An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious...

EUVD-2021-10382

Malware in sbrugna...

CVE-2025-1516 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service...

CVE-2023-5118

The application is vulnerable to Stored Cross-Site Scripting XSS in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the injection of malicious...

GHSA-WFXG-V3J4-7QMJ Memos Server-Side Request Forgery (SSRF)

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...

CVE-2022-24845

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of .returnsint128 is not validated to fall within the bounds of int128. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0,...

Code Execution

Send is vulnerable to untrusted code execution. The vulnerability is due to the failure to properly validate or sanitize user input before passing it to SendStream.redirect, which allows an attacker to execute arbitrary code on the server...

GO-2023-1993 Helm Improper Certificate Validation in helm.sh/helm

Helm Improper Certificate Validation in helm.sh/helm...

PT-2023-32364 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: anything-llm versions prior to 0.1.0 Description: The issue is related to improper input validation in the GitHub repository mintplex-labs/anything-llm. Recommendations: For versions prior to 0.1.0, update to version 0.1.0 or later to resolve...

Prevent logging invalid header values

Impact What kind of vulnerability is it? Apollo Server can log sensitive information Studio API keys if they are passed incorrectly with leading/trailing whitespace or if they have any characters that are invalid as part of a header value. Who is impacted? Users who all of the below: use either t...

Server-Side Request Forgery (SSRF)

dubbo-compatible is vulnerable to server side request forgery. The function parseURL does not properly validate white host, allowing open redirect or SSRF...

GHSA-JFGC-5VH4-8RH5 trytond Incorrect Authorization vulnerability

trytond 2.4: ModelView.button fails to validate authorization...

GHSA-7GF7-7WX4-MXMW Mercurial Improper Certificate Validation vulnerability

Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack...

ROS-2-1982

2.1982 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

Sydent DoS (via resource exhaustion) due to improper input validation

Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Patches Fixed by 3175fd3. For more information If you have any questions or comments about this advisory,...

CVE-2020-6638

Grin through 2.1.1 has Insufficient Validation...

CVE-2018-4439

A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9...

CVE-2017-1000456

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations...

CVE-2016-5016

Pivotal Cloud Foundry 239 and earlier, UAA aka User Account and Authentication Server 3.4.1 and earlier, UAA release 12.2 and earlier, PCF aka Pivotal Cloud Foundry Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired...

Command Injection Vulnerability in Multiple Cisco TelePresence Products

A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this...