1070 matches found
BIT-DISCOURSE-2026-34154 Discourse has a subscription access bypass in its discourse-subscriptions plugin
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in versions 2026.1....
PT-2026-43137
Name of the Vulnerable Software and Affected Versions Autoship Cloud for WooCommerce Subscription Products versions prior to 2.14.1 Description A missing authorization issue exists in the Autoship Cloud for WooCommerce Subscription Products plugin, which allows for the exploitation of incorrectly...
WordPress plugin Autoship Cloud for WooCommerce Subscription Products 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
Denial Of Service (DoS)
@libp2p/gossipsub is vulnerable to Denial of Service DoS. The vulnerability is due to missing limits on subscription entries, unbounded topic handling, and failure to clean up empty topic sets, which allows an attacker to exhaust Node.js heap memory and crash the process through crafted...
Linux Distros Unpatched Vulnerability : CVE-2026-4527
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...
GHSA-4F8R-922H-2VGV js-libp2p: Memory DoS via subscription flood of unique topics
Summary Three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. 1. defaultDecodeRpcLimits.maxSubscriptions = Infinity packages/gossipsub/src/message/decodeRpc.ts:11: no decode-level cap on...
GO-2026-4994 free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions in github.com/free5gc/bsf
free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/subId crashes the BSF process via concurrent map read/write on Subscriptions in github.com/free5gc/bsf...
Astra Linux - уязвимость в wpa, pupnp-1.8
The Open Connectivity Foundation’s UPnP specification prior to April 17, 2020, does not prohibit the acceptance of a subscription request with a delivery URL located in a different network segment than the fully qualified event-subscription URL. This is known as the “CallStranger” issue...
JLSEC-2026-516
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as...
CVE-2026-34154
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...
EUVD-2026-30969
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...
Exposing Fox Tempest: A malware-signing service operation
In this article 1. Fox Tempest’s role and impact 2. Fox Tempest’s malware signing as a service infrastructure 3. Defending against Fox Tempest-enabled attacks 4. Microsoft Defender detections 5. Indicators of compromise Fox Tempest is a financially motivated threat actor that operates a...
PT-2026-41996
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.1.4 Discourse versions prior to 2026.3.1 Discourse versions prior to 2026.4.1 Discourse versions prior to 2026.5.0-latest.1 Description A flaw in the discourse-subscriptions plugin allows users to gain access t...
Discourse 安全漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Versions of Discourse before 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1 contain security vulnerabilities. These vulnerabilities st...
CVE-2026-6342
Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost Advisory ID:...
CVE-2026-6342 Group prefix matching bypass for subscriptions
Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost Advisory ID:...
CVE-2026-6342
Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost Advisory ID:...
CVE-2026-6342
Mattermost plugins vulnerable to a namespace prefix-matching bypass. Affected: Mattermost Plugins versions
CVE-2026-6342 Group prefix matching bypass for subscriptions
Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost Advisory ID:...
EUVD-2026-30745
Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost Advisory ID:...