This page collects WhisperX intelligence signals tagged #input-validation. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A high-severity security vulnerability has been reported in the file `server/routes/geometry.ts`. The issue exposes three critical security flaws in the system's geometry route handling. First, a ReDoS (Regular Expression Denial of Service) vulnerability exists where the `POST /api/geometry/rules` endpoint accepts user...
A MEDIUM severity vulnerability has been identified, stemming from a lack of size limits on user-submitted data fields. This security misconfiguration, classified under CWE-770 (Allocation of Resources Without Limits or Throttling) and OWASP A05:2021, creates a direct path for attackers to execute a Denial-of-Service (...
A critical security vulnerability has been identified in a Python-based game, where an unbounded command-line parameter allows an attacker to render the application unusable. The flaw resides in the `main.py` file, which accepts a `paddle_speed` argument, validates it as a positive integer, but crucially fails to enfor...
A critical input validation vulnerability in Apache Superset exposes affected installations to arbitrary file read attacks by authenticated users through specially crafted MariaDB connections. The flaw leverages the LOCAL_INFILE capability—a database feature disabled by default on MariaDB servers but potentially exploi...
A critical input validation vulnerability in yuzu gateway management service allows an operator—or a compromised operator account—to trigger severe resource exhaustion by submitting an unbounded list of agent IDs with no length cap, format validation, or deduplication. The flaw, present in the `send_command` function o...