CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/03/06 7:29 a.m.•4 views

CVE-2026-28799

A flaw was found in PJSIP. A remote attacker can exploit a heap use-after-free vulnerability within the event subscription framework by sending a specially crafted message during presence unsubscription. This can lead to a denial of service, making the affected system unavailable. Mitigation...

OSV•added 2026/03/06 7:16 a.m.•4 views

Exploits0References5

UBUNTU-CVE-2026-28799

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework evsub.c that is triggered during presence unsubscription SUBSCRIBE with Expires=0. This issue has been patched i...

OSV•added 2026/03/06 7:16 a.m.•4 views

Exploits0References4

ALPINE-CVE-2026-28799

7.5CVSS5.3AI score0.00285EPSS

Exploits0References1

OSV•added 2026/03/06 7:16 a.m.•4 views

DEBIAN-CVE-2026-28799

7.5CVSS5.3AI score0.00285EPSS

Exploits0References1

AlpineLinux•added 2026/03/06 6:36 a.m.•3 views

CVE-2026-28799

8.7CVSS5.4AI score0.00285EPSS

EUVD•added 2026/03/06 6:36 a.m.•7 views

EUVD-2026-10006

Debian CVE•added 2026/03/06 6:36 a.m.•3 views

CVE-2026-28799

8.7CVSS5.3AI score0.00285EPSS

CVE•added 2026/03/06 6:36 a.m.•19 views

CVE-2026-28799

CVE-2026-28799 affects the PJSIP multimedia library (up to version 2.16). A heap use-after-free flaw exists in PJSIP’s event subscription framework (evsub.c) and is triggered during presence unsubscription with SubSCRIBE and Expires=0. The issue can impact availability (high impact) with negligib...

8.7CVSS5.8AI score0.00285EPSS

Exploits0References2Affected Software1

OSV•added 2026/03/06 6:36 a.m.•3 views

CVE-2026-28799 PJSIP: Heap use-after-free in PJSIP presence subscription termination handler

Positive Technologies•added 2026/03/06 12:0 a.m.•5 views

Exploits0References4

PT-2026-23652

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.17 Description PJSIP, a multimedia communication library written in C, contains a heap use-after-free issue within its event subscription framework, specifically in the evsub.c file. This issue is triggered by a...

8.7CVSS5.8AI score0.00285EPSS

Exploits0References9

Cvelist•added 2026/01/20 1:22 a.m.•18 views

CVE-2026-1051 Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

4.3CVSS0.00104EPSS

Patchstack•added 2026/01/19 9:53 p.m.•4 views

WordPress Newsletter - Send awesome emails from WordPress plugin <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription vulnerability

WordPress Newsletter - Send awesome emails from WordPress plugin = 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription vulnerability discovered by WordFence in WordPress Plugin Newsletter versions = 9.1.0...

4.3CVSS5.5AI score0.00104EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/09/24 4:34 p.m.•3 views

CVE-2025-59413

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the forceunsubscribe parameter in the POST request to 1, an attacker can...

6.5CVSS6.7AI score0.00365EPSS

Exploits1References1

Vulnrichment•added 2025/09/22 4:15 p.m.•2 views

CVE-2025-59413 CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter

6.5CVSS6.4AI score0.00365EPSS

Exploits1References4

Vulnrichment•added 2024/09/25 2:5 a.m.•10 views

CVE-2024-7491 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...

5.3CVSS6.5AI score0.00275EPSS

BDU FSTEC•added 2024/04/04 12:0 a.m.•3 views

The vulnerability of the asynchronous messaging library ZeroMQ, related to the occurrence of stack buffer overflows on the server, allows attackers to compromise the confidentiality, integrity, and accessibility of the system.

The vulnerability of the asynchronous messaging library ZeroMQ relates to the invocation of a buffer overflow on the server. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the system by sending specially crafted subscription...

10CVSS8.1AI score0.01602EPSS

Exploits0References5Affected Software3

Hacker One•added 2024/02/04 7:56 p.m.•7 views

Mars: unsubscribe anyone from all ████████ emails @ █████

The vulnerability allowed for the unsubscription of arbitrary users from all Banfield emails by manipulating the subscriber ID sid parameter in the unsubscribe URL. This issue was classified under CWE-284: Improper Access Control. The predictable nature of the sid parameter enabled potential mass...

7.2AI score

Huntr•added 2021/12/14 6:18 p.m.•8 views

Cross-Site Request Forgery (CSRF) in laravelio/laravel.io

Description This CSRF is capable of making a user unintentionally subscribe and unsubscribe to a thread. Proof of Concept Visit https://laravel.io/forum/storing-sessions-as-in-a-storage-bucket/subscribe Visit https://laravel.io/forum/storing-sessions-as-in-a-storage-bucket/unsubscribe Impact One...

6.9AI score