CVE-2026-6427 a3 Lazy Load <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Element

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

EUVD-2026-32733

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

CVE-2026-8730 Open5GS NRF context.c ogs_sbi_nf_instance_set_id denial of service

A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogssbinfinstancesetid in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfInstanceId can lead to denial of service. The attack may be performed from remote. The exploit has been...

CVE-2026-4988 Open5GS CCA Message smf_s6b denial of service

A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smfgxccacb/smfgyccacb/smfs6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitabilit...

CVE-2026-4988

Open5GS 2.7.6 contains a denial-of-service vulnerability in the CCA Message Handler, affecting the functions smf_gx_cca_cb, smf_gy_cca_cb, and smf_s6b. The issue can be triggered remotely and stems from the manipulation of the mentioned components. Exploitability is described as difficult, and ex...

PT-2026-25744

A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smf gx cca cb/smf gy cca cb/smf s6b aaa cb/smf s6b sta cb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly...

CVE-2026-1336

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the storedata and getchatgptapikey functions in all versions up to, and including, 2.7.5. This makes it possible for...

CVE-2026-1336 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.5 - Missing Authorization to Unauthenticated API Key Modification

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the storedata and getchatgptapikey functions in all versions up to, and including, 2.7.5. This makes it possible for...

CVE-2026-2522

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be...

CVE-2026-2524

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mmes11handlecreatesessionresponse of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the...

CVE-2026-2522 Open5GS MME esm-build.c memory corruption

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be...

CVE-2026-2522

CVE-2026-2522 affects Open5GS up to 2.7.6: an unknown function in /src/mme/esm-build.c of the MME component allows memory corruption. Attack can be remote; exploit disclosed publicly and may be used. Several sources (NVD, Red Hat, CVE lists, EUVD, AttackersKB) report this with varying CVSS metric...

EUVD-2026-5336

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...

PT-2026-6313

Name of the Vulnerable Software and Affected Versions JinJava versions prior to 2.7.6 JinJava versions prior to 2.8.3 Description JinJava is a Java-based template engine that uses django template syntax to render jinja templates. A flaw exists in the ForTag component that allows for arbitrary Jav...

CVE-2026-1521

A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwcs5chandlebearerresourcefailureindication of the file src/sgwc/s5c-handler.c of the component SGWC. Performing a manipulation results in denial of service. The attack can be initiated remotely. The exploit ha...

Open5GS security vulnerabilities

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from a flaw in the sgwcs11handler.c file, specifically the...

CVE-2025-15528 Open5GS GTPv2 Bearer Response denial of service

A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may...

CVE-2026-0916

CVE-2026-0916 - WordPress Related Posts by Taxonomy (plugin) The vulnerability is a Stored Cross-Site Scripting (XSS) in the Related Posts by Taxonomy plugin for WordPress, exploitable via the shortcode; it affects all versions up to and including 2.7.6 due to insufficient input sanitization and ...

PT-2026-3225

The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'related posts by tax' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Open5GS 安全漏洞

Open5GS is an Open5GS open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS version 2.7.6 and earlier, which stems from an incorrect operation of the function sgwcs5chandlecreatesessionresponse in the file...