CVE-2025-40842 Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting XSS vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information...

CVE-2025-27260 Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information...

CVE-2025-27260

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information...

CVE-2025-27260

CVE-2025-27260 affects Ericsson Indoor Connect 8855 (versions before 2025.Q3). It covers an Improper Filtering of Special Elements vulnerability that can lead to unauthorized modification of certain information. CVSSv4 base score 7.2 (HIGH): Attack vector NETWORK, complexity LOW, privileges REQUI...

CVE-2025-27260 Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information...

Malicious code in linting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cb47704e5a0d8d5d241dd382567f85027854c50652bb5889cde58c2b6db00a7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in sonic-platform-common (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0b7ad70e46087b1ffe41c3d0670c24c58b38e72344c958458af49a25541778b4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

PT-2026-27765

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting XSS vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information...

Ericsson Indoor Connect 安全漏洞

Ericsson Indoor Connect is a small indoor base station developed by the Swedish company Ericsson. Versions of Ericsson Indoor Connect 8855 prior to 2025.Q3 contained security vulnerabilities. These vulnerabilities were due to susceptibility to cross-site request forgery attacks, which could lead ...

PT-2026-27764

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery CSRF vulnerability which, if exploited, can lead to unauthorized modification of certain information...

Ericsson Indoor Connect 安全漏洞

Ericsson Indoor Connect is a small indoor base station developed by the Swedish company Ericsson. Versions of Ericsson Indoor Connect prior to 8855 2025.Q3 contained security vulnerabilities. These vulnerabilities were due to improper handling of special elements, which could allow unauthorized...

PT-2026-27763

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information...

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 have a SQL injection vulnerability. This vulnerability stems from the Data Table Get node, which may lead to data modification or deletion...

CVE-2026-33170

A flaw was found in Active Support, a toolkit of support libraries for the Rails framework. When a SafeBuffer is modified in place and subsequently formatted with untrusted input, the @htmlunsafe flag is not correctly propagated. This improper handling causes the buffer to incorrectly report as...

CVE-2026-4056

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions 5.0.1 through 5.1.4. This is due to the checkpermissions method only checking for editposts...

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

Injection dompurify Dependency in Confluence Data Center

This High severity Injection vulnerability was introduced in versions 9.0.1, 9.0.3, 9.1.0, 9.2.14, and 10.2.3 of Confluence Data Center. This Injection vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L allows an unauthenticated attacker to...

CVE-2026-4056 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions 5.0.1 through 5.1.4. This is due to the checkpermissions method only checking for editposts...

CVE-2026-4056

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions 5.0.1 through 5.1.4. This is due to the checkpermissions method only checking for editposts...

CVE-2026-4056

The CVE-2026-4056 entry concerns the WordPress plugin “User Registration & Membership.” The vulnerability arises from a missing capability check in the Content Access Rules REST API endpoints, where the code path only validates the edit_posts permission instead of an administrator-level capabilit...