PT-2026-26375

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scripting XSS through FreeScout's email notification templates. Incoming email bodies are stored in the database without sanitization and rendered...

CVE-2025-38014

creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...

CVE-2024-46678

creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...

GHSA-7G27-V5WJ-JR75 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Impact This is a NULL Pointer Dereference vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the UDM service to panic and crash by sending a crafted POST request to the /sdm-subscriptions endpoint with a malformed URL path containing path traversal sequence...

free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Impact This is a NULL Pointer Dereference vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the UDM service to panic and crash by sending a crafted POST request to the /sdm-subscriptions endpoint with a malformed URL path containing path traversal sequence...

MAL-2026-1805 Malicious code in notification-settings-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77ec9a9823eefe0c031995eea2a7f2fc660ebf4843a6aaf365c042a8dbab2cb7 The package notification-settings-layout was found to contain malicious code...

Malicious code in notification-settings-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77ec9a9823eefe0c031995eea2a7f2fc660ebf4843a6aaf365c042a8dbab2cb7 The package notification-settings-layout was found to contain malicious code...

Unspecified Vulnerability in StudioCMS

StudioCMS is StudioCMS open source a content management system . A security vulnerability exists in StudioCMS that can be exploited by an attacker to cause any authenticated user to modify the notification preferences of other users...

EUVD-2026-11758

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: 1 a non-user-bound publicnonce is exposed to unauthenticated users...

EUVD-2026-11739

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and commentid...

CVE-2026-22182

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and commentid...

CVE-2026-3045 Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: 1 a non-user-bound publicnonce is exposed to unauthenticated users...

CVE-2026-22216

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...

CVE-2026-22216

wpDiscuz 7.6.46 and earlier is affected by a missing rate-limiting vulnerability in the wpdAddSubscription handler (class.WpdiscuzHelperAjax.php). Unauthenticated attackers can submit POST requests to subscribe arbitrary email addresses to post notifications, abusing LIKE wildcard matching in the...

CVE-2026-22191

Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by...

CVE-2026-22182

Summary of CVE-2026-22182 : The wpDiscuz plugin is affected by an unauthenticated denial-of-service vulnerability in versions prior to 7.6.47. An anonymous attacker can trigger mass notification emails by abusing checkNotificationType() through repeated calls to wpdiscuz-ajax.php, using arbitrary...

CVE-2026-22182 wpDiscuz before 7.6.47 - Unauthenticated Email Notification Flood via wpdCheckNotificationType

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and commentid...

CVE-2026-22182 wpDiscuz before 7.6.47 - Unauthenticated Email Notification Flood via wpdCheckNotificationType

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and commentid...

PT-2026-25156

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment e.g., to be associated with an issue or a release...

EUVD-2026-11373

StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings...