54 matches found
CVE-2025-52606
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expecte...
CVE-2025-52606 HCL iControl was affected by Weak Input Validation vulnerability. .
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expecte...
EUVD-2025-210062
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expecte...
PT-2026-46183
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expecte...
CVE-2026-45214
CVE-2026-45214 : SQL injection vulnerability in the WordPress plugin “Xpro Elementor Addons” (xpro-elementor-addons) up to version
CVE-2026-5437 Out-of-Bounds Read in DicomStreamReader
An out-of-bounds read vulnerability exists in DicomStreamReader during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly ...
Cisco Finesse XSS (cisco-sa-cc-xss-MrNAH5Jh)
According to its self-reported version, Cisco Finesse is affected by a cross-site scripting vulnerability in the web-based management interface due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could exploit this vulnerability by persuading a user of the...
PT-2026-23111
Name of the Vulnerable Software and Affected Versions Drupal Calculation Fields versions prior to 1.0.4 Description The Calculation Fields module for Drupal does not properly validate user-supplied input, potentially allowing for Information Disclosure or Cross-Site Scripting XSS attacks. This...
CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
CVE-2020-37167 ClamAV ClamBC < 0.103.0-rc - 'ClamBC' Executable Regular Expression Error
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
CVE-2025-57792
Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue is exploitable without authentication,...
CVE-2026-0403
An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections...
CVE-2026-0403
An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections...
PT-2025-50600
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote...
Exploit for CVE-2025-12973
S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image G...
PT-2025-45353
Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS issue via the NetworksController.addNetworkAction function. Insufficient validation or escapi...
EUVD-2025-37882
Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...
CVE-2024-14003 Nagios XI < 2024R1.2 RCE via NRDP Server Plugins
Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution RCE through its NRDP Nagios Remote Data Processor server plugins. Insufficient validation of inbound NRDP request parameters allows crafted input to reach command execution paths, enabling attackers to execute arbitrary...
EUVD-2020-27174
Malware in sbrugna...
CVE-2025-20342
Cisco IMC vKVM stored XSS (CVE-2025-20342) arises from insufficient input validation in the web-based management interface. An authenticated user with vKVM privileges can inject code via a data field, potentially executing script in the interface context or exposing browser data. Affected product...