Skip to main content

CWE-1284

Improper Validation of Specified Quantity in Input

124 CVEs Avg CVSS 6.4 MITRE
8
CRITICAL
45
HIGH
49
MEDIUM
18
LOW
15
POC
0
KEV

Monthly

CVE-2026-55952 HIGH PATCH This Week

Denial of service in the Erlang/OTP ssl application (OTP 22.2 through 29.0.3, and the 28.5.x/27.3.x maintenance branches) lets an unauthenticated remote attacker permanently disable TLS 1.3 session ticket handling on a listener with a single crafted ClientHello. Because the pre-shared key extension's identity list and binder list are not length-checked before being handed to the session ticket handler, a mismatched OfferedPreSharedKeys record crashes that process, causing all subsequent TLS 1.3 handshakes to fail at ticket issuance until the ssl application is restarted. No public exploit identified at time of analysis and it is not on CISA KEV, but the CVSS 4.0 base score of 8.2 reflects the trivial, pre-authentication trigger.

Denial Of Service Otp
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.5%
CVE-2026-57623 CRITICAL Act Now

Unauthenticated arbitrary code execution affects the W3 Total Cache WordPress caching plugin in all versions up to and including 2.9.4, allowing remote attackers to execute code and fully compromise the underlying site without credentials or user interaction. The scope-changing CVSS 9.0 (Critical) rating reflects the plugin's deep hooks into WordPress request handling. There is no public exploit identified at time of analysis and no CISA KEV listing, though the high exploitability of a widely deployed plugin makes it a strong patching priority.

RCE W3 Total Cache
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2026-11906 MEDIUM This Month

Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 allows an authenticated low-privileged user to crash or hang the database server by submitting a crafted SQL query exploiting improper neutralization of special elements in XMLTable-derived column processing logic. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms this is remotely triggerable with minimal privileges, posing a realistic insider-threat or compromised-credential availability risk. No public exploit code or active exploitation has been identified at time of analysis.

Denial Of Service IBM Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2026-56035 HIGH This Week

Information disclosure and related weaknesses in the BitFire Security WordPress firewall plugin (versions 5.0.3 and earlier) let remote unauthenticated attackers extract sensitive data and tamper with limited integrity, per a Patchstack-reported advisory. The CVSS 3.1 base score of 8.6 reflects network-reachable, no-privilege exploitation (AV:N/AC:L/PR:N/UI:N) with high confidentiality impact, ironic for a product whose purpose is to harden WordPress sites. No public exploit code has been identified at time of analysis, and the issue is not on the CISA KEV list; EPSS data was not provided.

Information Disclosure
NVD VulDB
CVSS 3.1
8.6
EPSS
0.3%
CVE-2026-12755 LOW PATCH Monitor

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2 challenge-response, via a crafted DomainName parameter.

Information Disclosure Server
NVD
CVSS 3.1
2.7
EPSS
0.2%
CVE-2026-57062 LOW Monitor

GnuPG's gpgsm component through version 2.5.20 improperly validates AES-GCM authentication tag length during CMS parsing, accepting a 4-byte ICV where the cryptographic standard mandates 12 bytes. This validation failure means gpgsm will process CMS-formatted messages with a truncated integrity check value, undermining the authentication guarantee that AES-GCM is specifically designed to provide. No public exploit has been identified at time of analysis; the low CVSS score of 2.9 reflects constrained attack conditions, though the related CVE-2026-34182 warrants cross-referencing as it may share the same code path.

Information Disclosure Gnupg
NVD
CVSS 3.1
2.9
EPSS
0.1%
CVE-2026-57053 LOW PATCH Monitor

Out-of-bounds reads of uninitialized memory in GNU libidn before version 1.44 are triggerable through the ToUnicode IDNA APIs when malformed internationalized domain name input is processed by the vulnerable function `idna_to_unicode_internal`. Applications statically or dynamically linked against affected libidn versions that pass attacker-influenced hostname strings to these APIs are exposed to integrity and availability disruption. No public exploit has been identified at time of analysis, and the successor library libidn2 is explicitly confirmed unaffected, providing a viable migration path for defenders.

Buffer Overflow Libidn
NVD VulDB
CVSS 3.1
2.5
EPSS
0.1%
CVE-2026-55392 MEDIUM PATCH This Month

NILFS utilities (nilfs-utils) through version 2.3.0 crash when processing crafted NILFS2 filesystem images due to missing bounds validation on the s_log_block_size superblock field before performing bit-shift operations. Tools including nilfs-tune and dumpseg are affected: an attacker who can persuade a user to process a malicious image can trigger undefined behavior - either oversized shift operations or out-of-memory conditions - resulting in a denial of service via tool crash. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Denial Of Service Red Hat Suse Nilfs Utils
NVD GitHub VulDB
CVSS 4.0
6.7
EPSS
0.1%
CVE-2026-55706 MEDIUM PATCH This Month

Authentication bypass in OpenBSD's SPPP Password Authentication Protocol handler (`sppp_pap_input` in `sys/net/if_spppsubr.c`) permits a network-adjacent unauthenticated attacker to obtain a fully authenticated PPP session by sending zero-length credential fields, which trivially pass an upper-bound-only length check. This logic flaw - reportedly present for 27 years - affects all OpenBSD releases prior to commit 076e2b1 and is scoped as Changed in CVSS because a successful bypass grants access to whatever network segment the PPP link protects. No public exploit code has been confirmed and no CISA KEV listing exists, but the Argus Systems research blog suggests the issue has been fully analyzed.

Authentication Bypass Openbsd
NVD GitHub VulDB
CVSS 3.1
5.8
EPSS
0.2%
CVE-2026-53540 PyPI LOW PATCH GHSA Monitor

Memory exhaustion in python-multipart's parse_form() function allows a remote attacker to force unbounded body buffering by supplying a negative Content-Length header, degrading server availability under concurrent load. Affected deployments are narrowly scoped: only bespoke WSGI or http.server handlers that pass raw, unvalidated client-supplied Content-Length values directly into parse_form(). Mainstream consumers such as Starlette, FastAPI, and Werkzeug are not affected. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog, consistent with the low CVSS base score of 3.7.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.2%
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Denial of service in the Erlang/OTP ssl application (OTP 22.2 through 29.0.3, and the 28.5.x/27.3.x maintenance branches) lets an unauthenticated remote attacker permanently disable TLS 1.3 session ticket handling on a listener with a single crafted ClientHello. Because the pre-shared key extension's identity list and binder list are not length-checked before being handed to the session ticket handler, a mismatched OfferedPreSharedKeys record crashes that process, causing all subsequent TLS 1.3 handshakes to fail at ticket issuance until the ssl application is restarted. No public exploit identified at time of analysis and it is not on CISA KEV, but the CVSS 4.0 base score of 8.2 reflects the trivial, pre-authentication trigger.

Denial Of Service Otp
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

Unauthenticated arbitrary code execution affects the W3 Total Cache WordPress caching plugin in all versions up to and including 2.9.4, allowing remote attackers to execute code and fully compromise the underlying site without credentials or user interaction. The scope-changing CVSS 9.0 (Critical) rating reflects the plugin's deep hooks into WordPress request handling. There is no public exploit identified at time of analysis and no CISA KEV listing, though the high exploitability of a widely deployed plugin makes it a strong patching priority.

RCE W3 Total Cache
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 allows an authenticated low-privileged user to crash or hang the database server by submitting a crafted SQL query exploiting improper neutralization of special elements in XMLTable-derived column processing logic. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms this is remotely triggerable with minimal privileges, posing a realistic insider-threat or compromised-credential availability risk. No public exploit code or active exploitation has been identified at time of analysis.

Denial Of Service IBM Microsoft +1
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Information disclosure and related weaknesses in the BitFire Security WordPress firewall plugin (versions 5.0.3 and earlier) let remote unauthenticated attackers extract sensitive data and tamper with limited integrity, per a Patchstack-reported advisory. The CVSS 3.1 base score of 8.6 reflects network-reachable, no-privilege exploitation (AV:N/AC:L/PR:N/UI:N) with high confidentiality impact, ironic for a product whose purpose is to harden WordPress sites. No public exploit code has been identified at time of analysis, and the issue is not on the CISA KEV list; EPSS data was not provided.

Information Disclosure
NVD VulDB
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2 challenge-response, via a crafted DomainName parameter.

Information Disclosure Server
NVD
EPSS 0% CVSS 2.9
LOW Monitor

GnuPG's gpgsm component through version 2.5.20 improperly validates AES-GCM authentication tag length during CMS parsing, accepting a 4-byte ICV where the cryptographic standard mandates 12 bytes. This validation failure means gpgsm will process CMS-formatted messages with a truncated integrity check value, undermining the authentication guarantee that AES-GCM is specifically designed to provide. No public exploit has been identified at time of analysis; the low CVSS score of 2.9 reflects constrained attack conditions, though the related CVE-2026-34182 warrants cross-referencing as it may share the same code path.

Information Disclosure Gnupg
NVD
EPSS 0% CVSS 2.5
LOW PATCH Monitor

Out-of-bounds reads of uninitialized memory in GNU libidn before version 1.44 are triggerable through the ToUnicode IDNA APIs when malformed internationalized domain name input is processed by the vulnerable function `idna_to_unicode_internal`. Applications statically or dynamically linked against affected libidn versions that pass attacker-influenced hostname strings to these APIs are exposed to integrity and availability disruption. No public exploit has been identified at time of analysis, and the successor library libidn2 is explicitly confirmed unaffected, providing a viable migration path for defenders.

Buffer Overflow Libidn
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

NILFS utilities (nilfs-utils) through version 2.3.0 crash when processing crafted NILFS2 filesystem images due to missing bounds validation on the s_log_block_size superblock field before performing bit-shift operations. Tools including nilfs-tune and dumpseg are affected: an attacker who can persuade a user to process a malicious image can trigger undefined behavior - either oversized shift operations or out-of-memory conditions - resulting in a denial of service via tool crash. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Denial Of Service Red Hat Suse +1
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Authentication bypass in OpenBSD's SPPP Password Authentication Protocol handler (`sppp_pap_input` in `sys/net/if_spppsubr.c`) permits a network-adjacent unauthenticated attacker to obtain a fully authenticated PPP session by sending zero-length credential fields, which trivially pass an upper-bound-only length check. This logic flaw - reportedly present for 27 years - affects all OpenBSD releases prior to commit 076e2b1 and is scoped as Changed in CVSS because a successful bypass grants access to whatever network segment the PPP link protects. No public exploit code has been confirmed and no CISA KEV listing exists, but the Argus Systems research blog suggests the issue has been fully analyzed.

Authentication Bypass Openbsd
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Memory exhaustion in python-multipart's parse_form() function allows a remote attacker to force unbounded body buffering by supplying a negative Content-Length header, degrading server availability under concurrent load. Affected deployments are narrowly scoped: only bespoke WSGI or http.server handlers that pass raw, unvalidated client-supplied Content-Length values directly into parse_form(). Mainstream consumers such as Starlette, FastAPI, and Werkzeug are not affected. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog, consistent with the low CVSS base score of 3.7.

Denial Of Service
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy