CVE-2026-44502

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

CVE-2026-44502

Bugsink (self-hosted error tracking) has an SSRF bypass vulnerability in the webhook URL validation (validate_webhook_url) affecting versions before 2.1.3. The root cause is a mismatch between Python URL parsing (urllib.parse.urlparse) and the HTTP client stack (requests/urllib3) for malformed in...

CVE-2026-44502

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

CVE-2026-44502 Bugsink: SSRF bypass in `validate_webhook_url`

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

GHSA-6V92-PH9P-HRPC AMF Vulnerable to Improper Resource Shutdown or Release

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...

CVE-2026-8783

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...

CVE-2026-8782

A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made...

amf 安全漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the RANConfiguration function in the file ngap/handler.go, which allows null pointer...

Server-side Request Forgery (SSRF)

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the validatewebhookurl process. An attacker can cause the application to send outbound HTTP POST requests to unintended hosts, including internal or...

CVE-2026-39387

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

PT-2026-32961

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

BoidCMS 安全漏洞

BoidCMS is an open-source, free CMS for flat files. It’s used to build simple websites and blogs. It’s developed using PHP and JSON as the database. Versions of BoidCMS prior to 2.1.3 had security vulnerabilities. These vulnerabilities stemmed from insufficient cleanup of tpl parameters, which...

Sena Parani M10 Motorcycle Intercom 安全漏洞

Sena Parani M10 Motorcycle Intercom is a motorcycle helmet communication system from South Korea’s Sena company, capable of supporting connections with multiple devices. Version 2.1.3 of Sena Parani M10 Motorcycle Intercom contains a security vulnerability. This vulnerability stems from issues wi...

PT-2026-32094

Name of the Vulnerable Software and Affected Versions Parani M10 Motorcycle Intercom version 2.1.3 Description A Bluetooth Classic RFCOMM service is exposed without enforcing secure authentication or proper access control. This allows unauthorized attackers to cause a Denial of Service DoS by...

CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...

CVE-2026-32462

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through = 2.1.3...

EUVD-2026-15423

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...

CVE-2026-1917

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...

CVE-2026-1917

The Drupal Login Disable module is reported to allow login without the required access key via the HTTP request login route: the module does not check the access key on that route, enabling login without the key. This vulnerability is described in OSV-DRUPAL-CONTRIB-2026-008 and PT-2026-6544; no ...

CVE-2026-1917 Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...