CVE-2026-32647

A flaw was found in NGINX's ngxhttpmp4module. This Out-of-Bounds Read/Write vulnerability occurs due to improper handling of specially crafted MP4 files. A local authenticated attacker, by supplying a malicious MP4 file, can trigger a buffer over-read or overwrite in worker memory. This can lead ...

CVE-2026-32546

CVE-2026-32546 concerns the WordPress plugin Membership Plugin – Restrict Content (restrict-content). Wordfence’s vulnerability report confirms a Missing Authorization vulnerability affecting the Restrict Content plugin up to version 3.2.22 (the range is listed as n/a through

CVE-2026-32546 WordPress Restrict Content plugin <= 3.2.22 - Broken Access Control vulnerability

Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through = 3.2.22...

CVE-2026-32546

Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through = 3.2.22...

CVE-2026-32546 WordPress Restrict Content plugin <= 3.2.22 - Broken Access Control vulnerability

Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through = 3.2.22...

CVE-2026-31788

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...

PT-2026-28059

Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through = 3.2.22...

WordPress plugin Restrict Content 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

NATS has pre-auth server panic via leafnode handling

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server allows hub/spoke topologies using "leafnode" connections by other nats-servers. Problem Description A client which can conne...

PT-2026-27615

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6 Description NATS-Server is a high-performance server for NATS.io, a cloud and edge native messaging system. A client connected to the leafnode port can crash the server...

WordPress Restrict Content plugin <= 3.2.22 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Restrict Content versions = 3.2.22...

WordPress Membership Plugin - Restrict Content plugin <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect vulnerability

WordPress Membership Plugin - Restrict Content plugin = 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcpredirect vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Restrict Content versions = 3.2.24...

CVE-2026-4136

CVE-2026-4136 concerns the WordPress plugin “Membership Plugin – Restrict Content” and its vulnerability to an unvalidated redirect in the password-reset flow. All versions up to 3.2.24 are affected due to insufficient validation on the redirect URL supplied via the ‘rcp_redirect’ parameter, enab...

CVE-2026-4136

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcpredirect' parameter. This makes it possible for unauthenticated attacke...

CVE-2026-4136 Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcpredirect' parameter. This makes it possible for unauthenticated attacke...

CVE-2026-33063

free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service /nausf-auth/v1/ue-authentications endpoint are affected. A remote...

CVE-2026-33063 free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion

free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service /nausf-auth/v1/ue-authentications endpoint are affected. A remote...

CVE-2026-33062 free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter

free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input Validation vulnerability leading to Denial of Service. All deployments of free5GC using the NRF discovery service are affected. The EncodeGroupId function attempts to access array indices 0, 1, 2...

WordPress plugin Membership Plugin – Restrict Content 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-32002

OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image tool that fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing attackers to read out-of-workspace files. Attackers can load restricted mounted images and exfiltrat...