Advisory ROSA-SA-2026-3150

Software: libsndfile 1.0.28 OS: ROSA Virtualization 3.1 unaffected versions = libsndfile-1.0.28-16.0.2.rv31 affected versions libsndfile-1.0.28-16.0.2.rv31 CVE-ID: CVE-2017-14634 BDU-ID: 2021-03755 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the double64init function of the libsndfile library ...

CVE-2026-2543 vichan-devel vichan Password Change pages.php unverified password change

A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be initiated remotely. T...

EUVD-2026-6124

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched...

EUVD-2026-6138

A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

EUVD-2026-6137

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mmes11handlecreatesessionresponse of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the...

CVE-2026-2531

CVE-2026-2531 affects MindsDB up to version 25.14.1, targeting the clear_filename function in mindsdb/utilities/security.py (File Upload). The vulnerability enables server-side request forgery (SSRF) from remote attackers. Public disclosure and exploits exist. The patch referenced is 74d6f0fd4b63...

CVE-2026-2525 Free5GC PFCP UDP Endpoint denial of service

A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2026-2524

CVE-2026-2524 affects Open5GS 2.7.6, specifically the MME function mme_s11_handle_create_session_response. The issue is a manipulation in this function that leads to a denial of service, with remote exploitation reported. Exploit code has been published and may be used. The affected project (Open...

CVE-2026-2524

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mmes11handlecreatesessionresponse of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the...

ROS-20260216-73-0040

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause...

ROS-20260216-73-0025

A vulnerability in the Zabbix IT infrastructure monitoring system is related to insufficient server-side request validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...

ROS-20260216-73-0014

Vulnerability in avahi related to a flaw in the use of assert. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2026-2517

A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogsgtp2parsetft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf0.content.length results in denial of service. The attack is possible to be carri...

CVE-2026-2517 Open5GS SMF types.c ogs_gtp2_parse_tft denial of service

A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogsgtp2parsetft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf0.content.length results in denial of service. The attack is possible to be carri...

PT-2026-8284

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be...

CVE-2019-25338

A flaw was found in DokuWiki. This vulnerability, identified as a username enumeration, resides in the password reset functionality. A remote attacker can exploit this by submitting various usernames to the password reset endpoint. By observing the server's differing error responses, the attacker...

CVE-2026-2443

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...

SUSE CVE-2026-2319

Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. Chromium security severity: Medium...

CVE-2025-70122

CVE-2025-70122 affects free5GC v4.0.1 UPF. The root cause is a heap buffer overflow in SDFFilterFields.UnmarshalBinary (sdf-filter.go) triggered when a declared length exceeds the actual buffer capacity, causing a runtime panic and UPF crash. Documents indicate remote exploitation over the networ...

CVE-2019-25337

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user...