2789 matches found
Astra Linux – Vulnerability in Zeromq3
A flaw was discovered in the ZeroMQ server in versions prior to 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The greatest threat posed by this vulnerability is to confidentiality,...
CVE-2026-6798
The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
CVE-2026-6798
The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
EUVD-2026-37996
The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
CVE-2026-6798
The CVE-2026-6798 entry concerns the WordPress plugin “2Download Connector for 2DL Hosted Checkout.” According to connected sources, all versions up to and including 0.1.5 are vulnerable to unauthorized access due to insufficient authorization checks, enabling unauthenticated attackers to view se...
CVE-2026-6798 2Download Connector for 2DL Hosted Checkout <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via 'ToDownload_email' Parameter
The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
PT-2026-50851
Name of the Vulnerable Software and Affected Versions 2Download Connector for 2DL Hosted Checkout versions prior to 0.1.6 Description The plugin fails to properly verify user authorization before performing specific actions. This allows unauthenticated attackers to access arbitrary customer...
WordPress 2Download Connector for 2DL Hosted Checkout plugin <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability
Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability discovered by Mohamed Haidar in WordPress Plugin 2Download Connector for 2DL Hosted Checkout versions = 0.1.5...
CVE-2026-48783
Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...
CVE-2026-48783
CVE-2026-48783 affects Postiz prior to version 2.21.8. An unauthenticated endpoint (/public/modify-subscription) accepted a signed token and applied subscription-enforcement side effects to the organization in the token’s claims without verifying the token’s intended purpose. The endpoint could n...
CVE-2026-48783 Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription
Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...
PT-2026-50122
Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...
PT-2026-49831
Name of the Vulnerable Software and Affected Versions Real Testimonials Pro affected versions not specified Product Slider Pro for WooCommerce affected versions not specified Smart Post Show Pro affected versions not specified Description A supply chain compromise occurred where attackers...
Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...
Cyber-Arena
CyberArena - Cybersecurity Challenge Platform CyberArena is a...
CVE-2026-7368
The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...
GHSA-6GXQ-GPR8-XGJP free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence
Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather than restricting input ...
VRChat says reported data breach never happened
A data breach notice has been filed with the Maine Attorney General, saying more than 2.4 million users of VRChat have had their data breached. The question is, was it VRChat who filed the breach notice, or did someone pretending to represent the company post it instead? On Reddit, a VRChat...
PT-2026-48680
Name of the Vulnerable Software and Affected Versions free5GC UDR affected versions not specified Description Improper input validation exists in the EE subscription handlers of the free5GC UDR. The system uses a regular expression to validate the ueId variable that includes a catch-all...
CVE-2026-46679
CVE-2026-46679 affects the JS implementation of libp2p gossipsub. Three omissions in the default gossipsub logic allow an unauthenticated peer to flood subscriptions and exhaust the Node.js heap, causing memory DoS and potential OOM. The issue arises from an unbounded this.topics map, unbounded p...