PT-2026-22024

Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions prior to 6.15.16 Description The Events Calendar plugin for WordPress is susceptible to unauthorized modification and potential loss of data. This is due to an insufficient capability check...

Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability

Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system...

CVE-2025-69247

free5GC go-upf is the User Plane Function UPF implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow CWE-122 vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially...

CVE-2026-2459

A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so...

CVE-2026-2460

A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so...

CVE-2026-2460

A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so...

EUVD-2026-8463

A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so...

CVE-2026-2459

CVE-2026-2459 affects REB500. The vulnerability allows an authenticated user with the Installer role to access and alter directory contents beyond what the role is authorized to do, indicating unauthorized disclosure/modification risk for the affected directories. The provided metrics list CVSS v...

CVE-2026-2964

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible t...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the PFCP Session Modification Request process. An attacker can cause the service to crash and disrupt connectivity for all connected users by sending a specially crafted request with an invalid SDF Filter...

PT-2026-21688

Name of the Vulnerable Software and Affected Versions REB500 affected versions not specified Description An authenticated user with low-level privileges can access and modify the content of directories using the DAC protocol, despite lacking the necessary authorization. Recommendations At the...

PT-2026-21687

Name of the Vulnerable Software and Affected Versions REB500 affected versions not specified Description An authenticated user with Installer role can access and modify the contents of directories they are not authorized to access or alter. Recommendations At the moment, there is no information...

PT-2026-21765

Name of the Vulnerable Software and Affected Versions Finka-FK versions prior to 18.5 Finka-KPR versions prior to 16.6 Finka-Płace versions prior to 13.4 Finka-Faktura versions prior to 18.3 Finka-Magazyn versions prior to 8.3 Finka-STW versions prior to 12.3 Description The Finka software suite...

CVE-2025-69247

free5GC go-upf is the User Plane Function UPF implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow CWE-122 vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially...

CVE-2025-69247

The CVE-2025-69247 entry concerns free5GC’s go-upf UPF implementation. Affected component: go-upf (UPF) in free5GC prior to version 1.2.8. Root cause: a heap-based buffer overflow (CWE-122) triggered by a crafted PFCP Session Modification Request with an invalid SDF Filter length field, leading t...

CVE-2025-69247 free5GC has Heap Buffer Overflow in UPF Leading to Denial of Service

free5GC go-upf is the User Plane Function UPF implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow CWE-122 vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially...

CVE-2025-69247 free5GC has Heap Buffer Overflow in UPF Leading to Denial of Service

free5GC go-upf is the User Plane Function UPF implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow CWE-122 vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially...

GO-2026-4499 Gogs has an Authorization Bypass Allows Cross-Repository Label Modification in Gogs in gogs.io/gogs

Gogs has an Authorization Bypass Allows Cross-Repository Label Modification in Gogs in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

CVE-2026-2964

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible t...

WebAudioRecorder.js 安全漏洞

WebAudioRecorder.js is a JavaScript library developed by Yuji Miyane. Versions 0.1 and 0.1.1 of WebAudioRecorder.js contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the extend function in the Dynamic Config Handling component’s lib/WebAudioRecorder.js...