162265 matches found
Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
No d...
CRLF Injection
Overview laravel/framework is a PHP framework for web artisans. Affected versions of this package are vulnerable to CRLF Injection in the validateEmail function, and Address.php, which are used by the default email rule. An attacker can modify outbound email contents by injecting malicious string...
HSEC-2026-0008 crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints
crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints The crypton-x509-validation and crypton-x509 libraries did not enforce the X.509 Name Constraints extension during certificate validation. The Name Constraints extension is a critical X.509 extension that restricts the...
CVE-2026-35082
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...
CVE-2026-35079
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35080
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35081
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...
CVE-2026-35076
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35078
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-42789
A flaw was found in Erlang OTP's publickey module. This vulnerability CWE-295, related to improper certificate validation, allows a non-Certificate Authority CA certificate to be accepted as an intermediate issuer. A remote attacker, holding an end-entity certificate issued by a trusted CA, can...
Incomplete message edit validation in matrix-sdk-ui
The message edit validation logic in the matrix-sdk-ui crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator or an actor with equivalent power to impersonate or spo...
RUSTSEC-2026-0158 Incomplete message edit validation in matrix-sdk-ui
The message edit validation logic in the matrix-sdk-ui crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator or an actor with equivalent power to impersonate or spo...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
CVE-2026-35082
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...
CVE-2026-35082 Local file inclusion vulnerability and deletion in ugw-logread method
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...
EUVD-2026-34078
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...
CVE-2026-35082 Local file inclusion vulnerability and deletion in ugw-logread method
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...
CVE-2026-35081
CVE-2026-35081 documents an Arbitrary process termination vulnerability in the ugw-logstop method. A remote attacker with user privileges can terminate arbitrary processes due to insufficient input validation. The Connected documents provide the description and CVSS metrics (CVSSv4.0 base 7.2 HIG...
EUVD-2026-34077
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...
CVE-2026-35081
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...