127 matches found
CVE-2020-16227
Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execut...
CVE-2020-0471
In reassembleanddispatch of packetfragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution...
CVE-2020-3954
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...
CVE-2020-11890
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration...
CVE-2019-7345
Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'options' options.php does no input validation for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php...
CVE-2024-25010 Ericsson RAN Compute and Site Controller 6610 - Improper Input Validation Vulnerability
Ericsson RAN Compute and Site Controller 6610 contains in certain configurations a high severity vulnerability where improper input validation could be exploited leading to arbitrary code execution...
CVE-2019-14047
While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...
Tenda FH451 Buffer Overflow Vulnerability
The Tenda FH451 is a router from the Chinese company Tenda. The Tenda FH451 suffers from a buffer overflow vulnerability that stems from the failure of function.frmL7ImForm to correctly validate the length and size of input data, no details of the vulnerability are available at this time...
Information Disclosure
moodle/moodle is vulnerable to an Information Disclosure. The vulnerability is due to inadequate input validation and authorization checks within the messaging web service, allows users to access data they are not authorized to view, such as other users' names and online statuses...
PT-2025-17430 · Unknown · Ova Based Connect
Name of the Vulnerable Software and Affected Versions: VMware End of Life OVA Connect versions prior to the end of support in January 2024 Description: An improper input validation vulnerability is identified in the End of Life EOL OVA based connect component, which is deployed for installation...
PT-2025-17427 · Gobgp +4 · Gobgp +4
Name of the Vulnerable Software and Affected Versions: GoBGP versions prior to 3.35.0 Description: An issue was discovered where the input length for an RTR message is not properly verified, potentially leading to issues when not all bytes are available for the message. This affects the...
PT-2025-16141 · Mediawiki · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - Extension:SimpleCalendar versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability that allows Cross-Site Scripting XSS in the Mediawiki - Extension:SimpleCalendar. Recommendations:...
PT-2025-15489 · Microsoft · Windows Dwm Core Library +1
Name of the Vulnerable Software and Affected Versions: Windows DWM Core Library affected versions not specified Description: The issue is related to improper input validation, which allows an authorized attacker to elevate privileges locally. This can affect the system, potentially leading to...
CVE-2024-9773
An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicio...
CVE-2025-27434 Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI)
Due to insufficient input validation, SAP Commerce Swagger UI allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting XSS attack. This could lead to a high impact on the confidentiality, integrity...
CVE-2025-20051 Arbitrary file read via block duplication in Mattermost Boards
Mattermost versions 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards...
CVE-2025-0815
CVE-2025-0815 concerns Schneider Electric Enerlin’X IFE/eIFE devices, with an improper input validation (CWE-20) flaw that can cause a Denial-of-Service when malicious ICMPv6 packets are received. Public sources describe impact on IEC61850 services and device availability, without detailing explo...
Browsershot Path Traversal
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...
CVE-2025-1022
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...
CVE-2025-1022
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...