4329 matches found
WordPress Membership Plugin - Restrict Content plugin <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect vulnerability
WordPress Membership Plugin - Restrict Content plugin = 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcpredirect vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Restrict Content versions = 3.2.24...
CVE-2026-4136 Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcpredirect' parameter. This makes it possible for unauthenticated attacke...
CVE-2026-4136
CVE-2026-4136 concerns the WordPress plugin “Membership Plugin – Restrict Content” and its vulnerability to an unvalidated redirect in the password-reset flow. All versions up to 3.2.24 are affected due to insufficient validation on the redirect URL supplied via the ‘rcp_redirect’ parameter, enab...
CVE-2026-4136
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcpredirect' parameter. This makes it possible for unauthenticated attacke...
CVE-2026-33063
free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service /nausf-auth/v1/ue-authentications endpoint are affected. A remote...
CVE-2026-33063 free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion
free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service /nausf-auth/v1/ue-authentications endpoint are affected. A remote...
CVE-2026-33062 free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter
free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input Validation vulnerability leading to Denial of Service. All deployments of free5GC using the NRF discovery service are affected. The EncodeGroupId function attempts to access array indices 0, 1, 2...
WordPress plugin Membership Plugin – Restrict Content 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-32002 OpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly Bypass
OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image tool that fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing attackers to read out-of-workspace files. Attackers can load restricted mounted images and exfiltrat...
GHSA-7C47-XR7Q-P6HG free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter
Impact This is an Improper Input Validation vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the NRF service to panic and crash by sending a crafted HTTP GET request with a malformed group-id-list parameter. This results in complete denial of service for...
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
Google is testing a new security feature as part of Android Advanced Protection Mode AAPM that prevents certain kinds of apps from using the accessibility services API. The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week. AAPM was introduced by Google ...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Malicious Package
Overview restrict-imports is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in restrict-imports (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f82360676317e6d9c2b69a82034af73f2008890871348fb45bc5b966f6aca03c The package restrict-imports was found to contain malicious code. Source: ghsa-malware e153e68a84a468be42de7a7c49af2d4e73778f4462d854be60a6e8baf03105...
MAL-2026-1353 Malicious code in restrict-imports (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f82360676317e6d9c2b69a82034af73f2008890871348fb45bc5b966f6aca03c The package restrict-imports was found to contain malicious code. Source: ghsa-malware e153e68a84a468be42de7a7c49af2d4e73778f4462d854be60a6e8baf03105...
Schneider Electric EcoStruxure Data Center Expert
GENERAL SECURITY RECOMMENDATIONS Schneider Electric strongly recommends the following industry cybersecurity best practices: Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized...
CVE-2026-1321 Membership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level'
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the rcpsetupregistrationinit function accepting any membership level ID via the rcplevel POST parameter without validating that the leve...
CVE-2026-1321
The CVE-2026-1321 entry affects the WordPress plugin “Membership Plugin – Restrict Content” (Restrict Content) and describes an unauthenticated privilege-escalation in all versions up to 3.2.20. The root cause is that rcp_setup_registration_init() accepts any membership level ID via the rcp_level...