WordPress Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return vulnerability

WordPress Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin = 2.11.1 - Missing Authorization via pmsstripeconnecthandleauthorizationreturn vulnerability discovered by Lucio Sá in WordPress Plugin Paid Member Subscriptions versions = 2.11.1...

Meta confirms it’s working on premium subscription for its apps

Meta plans to test exclusive features that will be incorporated in paid versions of Facebook, Instagram, and WhatsApp. It confirmed these plans to TechCrunch. But these plans are not to be confused with the ad-free subscription options that Meta introduced for Facebook and Instagram in the EU, th...

CVE-2025-68479

Discourse (open source forum platform) is affected by a vulnerability in subscription endpoints where ownership checks could be bypassed. The issue occurs in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 and is patched in 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No public workarou...

CVE-2025-68479 Discourse subscriptions are susceptible to takeover

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds...

SUSE-SU-2026:20182-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issues: Update to version 12.1: - CVE-2025-64718: js-yaml: fixed prototype pollution in merge bsc1255425...

SUSE-SU-2026:20170-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issues: Update to version 12.1: - CVE-2025-64718: js-yaml: fixed prototype pollution in merge bsc1255425...

OPENSUSE-SU-2026:20117-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issues: Update to version 12.1: - CVE-2025-64718: js-yaml: fixed prototype pollution in merge bsc1255425...

EUVD-2026-4210

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription update endpoint lets any authenticated user update another user's push subscription by guessing or obtaining th...

CVE-2026-23964 Mastodon has insufficient access control to push notification settings

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription update endpoint lets any authenticated user update another user's push subscription by guessing or obtaining th...

CVE-2026-23964

Mastodon vendor: Mastodon server (ActivityPub). Vulnerability CVE-2026-23964 is an insecure direct object reference in the web push subscription update endpoint affecting versions &lt; 4.5.5, &lt; 4.4.12, and

CVE-2026-23964 Mastodon has insufficient access control to push notification settings

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription update endpoint lets any authenticated user update another user's push subscription by guessing or obtaining th...

PT-2026-3902

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.5 Mastodon versions prior to 4.4.12 Mastodon versions prior to 4.3.18 Description Mastodon is a social network server. An insecure direct object reference exists in the web push subscription update endpoint. An...

PT-2026-3628

Name of the Vulnerable Software and Affected Versions tinyMQTT versions prior to commit 6226ade15bd4f97be2d196352e64dd10937c1962 Description A memory leak exists because the broker does not validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeat...

MiracleLinux 3 : cups-1.2.4-11.18.3.1AXS3 (AXSA:2008-539:06)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-539:06 advisory. The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. It has been developed by Easy Software Products to promote a...

CVE-2026-21921

A Use After Free vulnerability in the chassis daemon chassisd of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service DoS. When telemetry collectors are frequently subscribing and unsubscribing to sensors...

CVE-2026-21921

A Use After Free vulnerability in the chassis daemon chassisd of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service DoS. When telemetry collectors are frequently subscribing and unsubscribing to sensors...

CVE-2026-21903 Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...

CVE-2026-21903 Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...

EUVD-2026-2692

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...

CVE-2025-68788

An information disclosure flaw was found in the Linux kernel's fsnotify subsystem. When monitoring a parent directory like /dev, users could observe ACCESS and MODIFY events on special files such as /dev/null that they cannot directly read. This creates a side-channel that could potentially be us...