CVE-2026-42081

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the...

PT-2025-52942

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the Ceph subsystem related to capability trimming. Specifically, a use-after-free condition can occur when trimming capabilities after releasing t...

SUSE-SU-2025:03662-1 Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122266 fixes several issues. The following security issues were fixed: - CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free bsc1250302. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. -...

CVE-2022-21707 Incorrect Authorization in wasmCloud

wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly WASM actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations, b...

CVE-2015-5623

WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...

PT-2008-4369 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.22 Description: The issue concerns the do change type function in fs/namespace.c, which does not properly verify the caller's capabilities. This allows local users to potentially gain privileges or cause a...