WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of user ownership in the plugin/PayPalYPT/agreementCancel.json.php file...

Zen 输入验证错误漏洞

Zen is an open-source productivity browser based on Firefox. Versions of Zen prior to 1.19.12b contained a vulnerability related to input validation errors. This vulnerability stemmed from project links in RSS subscriptions not being restricted by http or https, which could lead to security risks...

PT-2026-39858

Name of the Vulnerable Software and Affected Versions Outline versions 0.84.0 through 1.7.0 Description The 'subscriptions.create' API endpoint in 'server/routes/api/subscriptions/subscriptions.ts' contains a broken authorization pattern. When both collectionId and documentId are provided in a...

CVE-2026-41903

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...

GHSA-RWWW-X45W-P52W free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions

Summary free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token to read PFD application data via GET...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the 3gpp-traffic-influence API route group, which lacks inbound authorization checks. An attacker can create, read, modify, or delete traffic-influence subscriptions by sending unauthenticated or forged requests...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the 3gpp-traffic-influence API route group, which lacks inbound authorization checks. An attacker can create, read, modify, or delete traffic-influence subscriptions by sending unauthenticated or forged requests...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the 3gpp-traffic-influence API route group, which lacks inbound authorization checks. An attacker can create, read, modify, or delete traffic-influence subscriptions by sending unauthenticated or forged requests...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through improper handling of missing user identifiers in the RemoveAmfSubscriptionsInfoProcedure process. An attacker can cause the application to panic and return a 500 Internal Serv...

free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks , ok =...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the RemoveAmfSubscriptionsInfoProcedure process. An attacker can cause the application to panic and disrupt service availability by sending a crafted DELETE request with a nonexistent subsId after creating a...

GHSA-4RQF-GRM6-VF75 free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks , ok =...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the nnef-callback route group, which lacks inbound authentication and authorization checks. An attacker can access sensitive business logic and potentially manipulate subscription state by submitting forged...

Missing Synchronization

Overview Affected versions of this package are vulnerable to Missing Synchronization through unsynchronized access to the Subscriptions map in the PUT /nbsf-management/v1/subscriptions/subId handler. An attacker can cause the process to terminate unexpectedly by sending concurrent authenticated P...

free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions

Summary free5GC's BSF PUT /nbsf-management/v1/subscriptions/subId handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock via BSFContext.GetSubscriptionsubId, but if the subscription does not exist, ReplaceIndividualSubcription writes back ...

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps hav...

PT-2026-39256

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF mounts the '3gpp-traffic-influence' API without requiring inbound OAuth2 or bearer-token authorization. A network attacker with access to the NEF on the Service Base...

PT-2026-39253

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The UDR nudr-dr handler for the endpoint "DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions" contains a nil-pointer dereference. This occurs when a request is mad...

CVE-2026-41903

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...

CVE-2026-41903 FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifying any user's notification subscriptions (incomplete fix of CVE-2025-48472)

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...