#input-validation

[ follow ]
#remote-code-execution #windows-notepad #markdown-links #command-injection #arista-ng-firewall #json-rpc
Information security
fromZero Day Initiative
6 hours ago

Zero Day Initiative - CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad

Remote code execution in Windows Notepad via improper validation of Markdown links can allow arbitrary command execution when a user opens a malicious file.
Information security
fromZero Day Initiative
2 weeks ago

Zero Day Initiative - CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall

Arista NG Firewall's runTroubleshooting() fails to properly validate inputs, enabling command injection by passing unsanitized environment variables to network-troubleshooting.sh.
Information security
fromDroids On Roids
3 weeks ago

When ZeroWidth Isn't Zero: How I Found and Fixed a Vulnerability | Blog

Unicode Variation Selectors can inflate UTF-16 storage size while still passing perceived-length checks, enabling payload injection, performance issues, and possible database crashes.
Information security
fromSecurityWeek
4 months ago

ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities

Multiple high-severity input-validation vulnerabilities in Ivanti Endpoint Manager allow authenticated attackers to achieve remote code execution or local privilege escalation.
[ Load more ]