CVE-2026-27474

SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...

CVE-2025-71249

...

GHSA-6PQF-C99P-758V org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted

Impact The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishing attacks or also in the context of a sheet, the attacker could add ...

Zoom X4/X5 ADSL Modem and Router -Unauthenticated Remote Root Command Execution

Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Note: A similar vulnerability was reported several years ag...

Zoom X4 / X5 SQL Injection / Authentication Bypass Vulnerabilities

Zoom X4 and X5 modems suffers from authentication bypass and remote SQL injection vulnerabilities. Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3...