13159 matches found
CVE-2025-40842 Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting XSS vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information...
CVE-2025-40842
CVE-2025-40842 concerns Ericsson Indoor Connect 8855. The vulnerability is an Improper Neutralization of Input During Web Page Generation (XSS) in versions prior to 2025.Q3, potentially allowing unauthorized disclosure and modification of information. The CVSS v4.0 score is 8.5 (HIGH), with netwo...
CVE-2025-40841 Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery CSRF vulnerability which, if exploited, can lead to unauthorized modification of certain information...
CVE-2025-40841 Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery CSRF vulnerability which, if exploited, can lead to unauthorized modification of certain information...
CVE-2025-40841
Ericsson Indoor Connect 8855 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in versions prior to 2025.Q3. The issue can allow unauthorized modification of certain information with a CVSS v4.0 base score of 5.1 (MEDIUM). Attack vector is network, with low attack complexity and re...
CVE-2025-40841
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery CSRF vulnerability which, if exploited, can lead to unauthorized modification of certain information...
CVE-2025-27260 Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information...
CVE-2025-27260
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information...
CVE-2025-27260 Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information...
CVE-2025-27260
CVE-2025-27260 affects Ericsson Indoor Connect 8855 (versions before 2025.Q3). It covers an Improper Filtering of Special Elements vulnerability that can lead to unauthorized modification of certain information. CVSSv4 base score 7.2 (HIGH): Attack vector NETWORK, complexity LOW, privileges REQUI...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service (CVE-2026-32874, CVE-2026-32875)
Summary Python module UltraJSON is used by IBM App Connect Enterprise Certified Container by the mapping assistance component. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch...
UBUNTU-CVE-2026-23331
In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. Let's say we bind an UDP socket to the wildcard address with a non-zero port, connect it to an address, and disconnect it from the address. bind sets...
SUSE CVE-2026-28512
Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirecturi values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a...
SUSE CVE-2026-28513
Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, the OIDC token endpoint rejects an authorization code only when both the client ID is wrong and the code is expired. This allows cross-client code exchange and expired code reuse...
SUSE CVE-2026-32245
Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...
SUSE CVE-2026-32246
Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session password verified, TOTP not yet completed to obtain authorization codes. An attacker who knows a user's password but not their TOTP secret can obtain...
PT-2026-27765
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting XSS vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information...
Gitlab -- vulnerabilities
Gitlab reports: Improper Handling of Parameters issue in Jira Connect installations impacts GitLab CE/EE Cross-Site Request Forgery issue in GLQL API impacts GitLab CE/EE HTML Injection in vulnerability report impacts GitLab EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Improper...
Ericsson Indoor Connect 安全漏洞
Ericsson Indoor Connect is a small indoor base station developed by the Swedish company Ericsson. Versions of Ericsson Indoor Connect 8855 prior to 2025.Q3 contained security vulnerabilities. These vulnerabilities were due to susceptibility to cross-site request forgery attacks, which could lead ...
Ericsson Indoor Connect 安全漏洞
Ericsson Indoor Connect is a small indoor base station developed by the Swedish company Ericsson. Versions of Ericsson Indoor Connect prior to 8855 2025.Q3 contained security vulnerabilities. These vulnerabilities were due to improper handling of special elements, which could allow unauthorized...