CVE-2026-33907 Ella Core Panics during NAS Authentication Response/Failure with missing IEs

Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all...

CVE-2026-33721

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

CVE-2026-33721

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

PT-2026-28581

Name of the Vulnerable Software and Affected Versions Express XSS Sanitizer versions prior to 2.0.2 Express XSS Sanitizer versions 4.x and 5.x Description Express XSS Sanitizer, middleware for Express 4.x and 5.x, sanitizes user input data in req.body, req.query, req.headers, and req.params to...

GHSA-55Q8-2GWX-29PC Ella Core Panics during NAS Authentication Response/Failure with missing IEs

Summary Ella Core panics when processing Authentication Response and Authentication Failure NAS message missing IEs. Impact An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Fi...

Ella Core Panics during NAS Authentication Response/Failure with missing IEs

Summary Ella Core panics when processing Authentication Response and Authentication Failure NAS message missing IEs. Impact An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Fi...

CVE-2026-23979

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through = 2.2.1...

CVE-2025-27260

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information...

CVE-2026-30884

mdjnelson/moodle-modcustomcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate elements...

Dell Integrated Dell Remote Access Controller Code Execution Vulnerability

Dell Integrated Dell Remote Access Controller is an embedded controller for remote management and monitoring of servers from Dell USA. A code execution vulnerability exists in Dell Integrated Dell Remote Access Controller. The vulnerability stems from the application failing to properly filter...

PT-2026-28565

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0 Description Ella Core, a 5G core designed for private networks, experiences a panic when processing Authentication Response and Authentication Failure NAS messages lacking Information Elements IEs. An attacker...

EUVD-2026-15551

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through = 2.2.1...

CVE-2026-25377

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through = 3.0...

CVE-2026-23979

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through = 2.2.1...

CVE-2026-23979 WordPress Gyan Elements plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through = 2.2.1...

CVE-2026-23979 WordPress Gyan Elements plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through = 2.2.1...

CVE-2026-23979

CVE-2026-23979 affects Softwebmedia Gyan Elements (WordPress plugin) versions n/a through 2.2.1. The root cause is improper neutralization of input during web page generation, enabling reflected XSS. Impact is reflected XSS in affected pages; exploitation details are not provided in the documents...

EUVD-2025-208979

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information...

CVE-2025-27260

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information...

CVE-2026-23351

A flaw was found in the Linux kernel's netfilter component, specifically within the nftsetpipapo module. A local attacker could exploit a use-after-free vulnerability when a large number of expired elements are present. This can cause the garbage collection GC process to run for an extended perio...