plunk 数据伪造问题漏洞

Plunk is an open-source email sending and management platform developed by Plunk. Versions of Plunk prior to 0.9.0 contained a data manipulation vulnerability. This vulnerability stems from the /webhooks/sns endpoint accepting Amazon SNS notification payloads without verifying the SNS signature,...

PT-2026-39250

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF in free5GC mounts the 'nnef-callback' route group without inbound OAuth2 or bearer-token authorization. This allows an attacker to reach the SMF-callback handler usi...

CVE-2026-41105

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability

...

CVE-2026-41105

CVE-2026-41105 affects the Azure Monitor Action Group Notification System. The issue is described as a server-side request forgery (SSRF) that allows an authorized attacker to elevate privileges over a network. Documented impact is an Elevation of Privilege (EoP) with high risk (CVSS 3.1: 8.1). C...

CVE-2026-41105

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability

...

CVE-2026-41903

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...

CVE-2026-41903 FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifying any user's notification subscriptions (incomplete fix of CVE-2025-48472)

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...

EUVD-2026-28406

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...

CVE-2026-41903

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...

Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the SNS HTTP/HTTPS notification endpoints due to missing signature verification. An attacker can cause the application to process arbitrary payloads as legitimate notifications, auto-confi...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the SNS HTTP/HTTPS notification endpoints due to missing signature verification. An attacker can cause the application to process arbitrary payloads as legitimate notifications, auto-confi...

PT-2026-38548

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.217 Description A user with the PERM EDIT USERS permission can read and modify the notification subscriptions of any other user, including administrators, by sending a single POST request. This allows a non-admi...

Microsoft Azure Notification Service 代码问题漏洞

Microsoft Azure Notification Service is a notification delivery service provided by Microsoft Corporation in the United States. There is a code vulnerability in Microsoft Azure Notification Service, which stems from server-side request forgery. This vulnerability could allow authorized attackers ...

PT-2026-38584

Name of the Vulnerable Software and Affected Versions Azure Notification Service affected versions not specified Description Server-side request forgery SSRF, a flaw where an attacker can induce the server to make requests to an unintended location, in the Azure Notification Service allows an...

CVE-2026-43249

The CVE-2026-43249 entry describes a race in the Linux kernel 9p/xen frontend: xenwatch and backend change notifications can concurrently call xen_9pfs_front_free, causing a double-free and a general protection fault. The fixes guard the teardown path so only a single caller releases the front-en...

CVE-2026-43189 media: v4l2-async: Fix error handling on steps after finding a match

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-async: Fix error handling on steps after finding a match Once an async connection is found to be matching with an fwnode, a sub-device may be registered in case it wasn't already, its bound operation is called,...

CVE-2026-7457

The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...