1070 matches found
CLSA-2026-1776767380 cups: Fix of 3 CVEs
CVE-2026-34980: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job - CVE-2026-39314: range check job-password-supported to prevent integer underflow in ppdCreateFromIPP - CVE-2026-39316: expire per-printer subscriptions before deleting the...
CVE-2026-39320
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the...
CVE-2026-39320 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the...
CVE-2026-39320
The Signal K Server CVE-2026-39320 affects versions prior to 2.25.0, where an unauthenticated Regular Expression Denial of Service (ReDoS) can be triggered via WebSocket subscription handling. The root cause is injection of unescaped regex metacharacters into the context parameter of a stream sub...
CVE-2026-39320 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the...
Signal K Server 安全漏洞
The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.25.0 contained a security vulnerability. This vulnerability stemmed from improper validation of the context parameter in the WebSocket subscription processing logic, which...
Security update for cockpit-subscriptions (important)
openSUSE security update: security update for cockpit-subscriptions ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20532-1 Rating: important References: bsc1258637 Cross-References: CVE-2026-26996 CVSS scores: CVE-2026-26996 SUSE : 7.5...
PT-2026-34214
Name of the Vulnerable Software and Affected Versions free5GC UDR versions prior to 1.4.3 Description A fail-open request handling flaw exists in the UDR service. The POST handler for the endpoint '/nudr-dr/v2/policy-data/subs-to-notify' continues to process requests even after encountering error...
CVE-2026-40248
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...
WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by loris4py in WordPress Plugin Paid Member Subscriptions versions = 2.17.3...
CVE-2026-40249
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...
CVE-2026-40246
free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization in the handler for creating or updating Traffic Influence Subscriptions due to improper validation of the influenceId path segment. An attacker can create or overwrite arbitrary Traffic Influence Subscriptions,...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization in the handler responsible for reading Traffic Influence Subscriptions. An attacker can access sensitive subscription data, including SUPIs/IMSIs, DNNs, S-NSSAIs, and callback URIs, by supplying arbitrary values f...
CVE-2026-40246
free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...
CVE-2026-40247
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...
CVE-2026-40249
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...
CVE-2026-40248
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...
CVE-2026-40249
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...
CVE-2026-40249 free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...