Lucene search
K

29 matches found

NVD
NVD
added 2026/06/19 8:16 a.m.12 views

CVE-2026-6798

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00299EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/19 6:51 a.m.9 views

CVE-2026-6798

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00299EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/19 6:51 a.m.10 views

EUVD-2026-37996

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00299EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/19 6:51 a.m.34 views

CVE-2026-6798 2Download Connector for 2DL Hosted Checkout <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via 'ToDownload_email' Parameter

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00299EPSS
Exploits0References8
CVE
CVE
added 2026/06/19 6:51 a.m.19 views

CVE-2026-6798

The CVE-2026-6798 entry concerns the WordPress plugin “2Download Connector for 2DL Hosted Checkout.” According to connected sources, all versions up to and including 0.1.5 are vulnerable to unauthorized access due to insufficient authorization checks, enabling unauthenticated attackers to view se...

5.3CVSS6AI score0.00299EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50851

Name of the Vulnerable Software and Affected Versions 2Download Connector for 2DL Hosted Checkout versions prior to 0.1.6 Description The plugin fails to properly verify user authorization before performing specific actions. This allows unauthenticated attackers to access arbitrary customer...

5.3CVSS6AI score0.00299EPSS
Exploits0References14
OSV
OSV
added 2026/06/11 1:25 p.m.5 views

GHSA-6GXQ-GPR8-XGJP free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence

Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather than restricting input ...

7.1CVSS5.9AI score0.00084EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.11 views

CVE-2026-7708

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogsdbisubscriptiondata in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supiid causes denial of service. The attack may be initiated remotely. The exploit has...

5.3CVSS5.2AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.10 views

CVE-2026-44323

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one...

6.5CVSS5.8AI score0.0035EPSS
Exploits1References1
NVD
NVD
added 2026/05/27 5:16 p.m.16 views

CVE-2026-44323

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one...

6.5CVSS0.0035EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:53 p.m.8 views

CVE-2026-42459

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI...

8.7CVSS5.8AI score0.00324EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/05/17 10:16 a.m.16 views

CVE-2026-8744

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogssbisubscriptiondataadd/ogssbinfserviceadd in the library /lib/sbi/context.c of the component NRF. Executing a manipulation can lead to denial of service. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS0.00455EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2026/05/17 9:15 a.m.10 views

CVE-2026-8744

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogssbisubscriptiondataadd/ogssbinfserviceadd in the library /lib/sbi/context.c of the component NRF. Executing a manipulation can lead to denial of service. It is possible to launch the attack remotely. The exploit ha...

5.3CVSS5.4AI score0.00455EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.14 views

PT-2026-41536

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogs sbi subscription data add/ogs sbi nf service add in the library /lib/sbi/context.c of the component NRF. Executing a manipulation can lead to denial of service. It is possible to launch the attack remotely. The...

5.3CVSS5.4AI score0.00455EPSS
Exploits1References10
NVD
NVD
added 2026/05/03 11:16 p.m.10 views

CVE-2026-7708

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogsdbisubscriptiondata in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supiid causes denial of service. The attack may be initiated remotely. The exploit has...

5.3CVSS0.00276EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/03 10:45 p.m.36 views

CVE-2026-7708 Open5GS UDR subscription.c ogs_dbi_subscription_data denial of service

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogsdbisubscriptiondata in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supiid causes denial of service. The attack may be initiated remotely. The exploit has...

5.3CVSS0.00276EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/03 10:45 p.m.5 views

CVE-2026-7708 Open5GS UDR subscription.c ogs_dbi_subscription_data denial of service

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogsdbisubscriptiondata in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supiid causes denial of service. The attack may be initiated remotely. The exploit has...

5.3CVSS5.5AI score0.00276EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/03 10:45 p.m.8 views

CVE-2026-7708

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogsdbisubscriptiondata in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supiid causes denial of service. The attack may be initiated remotely. The exploit has...

5.3CVSS5.5AI score0.00276EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/03 10:45 p.m.8 views

EUVD-2026-26847

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogsdbisubscriptiondata in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supiid causes denial of service. The attack may be initiated remotely. The exploit has...

5.3CVSS5.5AI score0.00276EPSS
Exploits0References5
CVE
CVE
added 2026/05/03 10:45 p.m.20 views

CVE-2026-7708

Summary: CVE-2026-7708 affects Open5GS up to 2.7.7, targeting the UDR component. The vulnerability lies in the function ogs_dbi_subscription_data (library path /lib/dbi/subscription.c), where manipulating the argument supi_id leads to a denial of service. Remote initiation is possible according t...

5.3CVSS5.5AI score0.00276EPSS
Exploits0References5
Rows per page
Query Builder