WordPress Masteriyo LMS plugin <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint vulnerability

Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Masteriyo - LMS versions = 2.1.7...

CVE-2026-5167

The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...

CVE-2026-5167 Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint

The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...

CVE-2026-5167

CVE-2026-5167 affects the Masteriyo LMS WordPress plugin (

CVE-2026-5167 Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint

The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...

freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb

A heap buffer use after free has been discovered in FreeRDP. Asynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion...

CVE-2026-30079

In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a...

freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb

A heap buffer use after free has been discovered in FreeRDP. Asynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion...

CVE-2026-39347

OrangeHRM Open Source vulnerability CVE-2026-39347 affects versions 5.0–5.8 where admin self-appraisal submissions can be modified after being marked completed, compromising integrity of finalized appraisal records. The issue is resolved in 5.8.1. Affected product: OrangeHRM Open Source; vulnerab...

CVE-2026-39347 OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability...

CVE-2026-39347 OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability...

freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb

A heap buffer use after free has been discovered in FreeRDP. Asynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion...

freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb

A heap buffer use after free has been discovered in FreeRDP. Asynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion...

CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb

A heap buffer use after free has been discovered in FreeRDP. Asynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion...

PT-2026-30800

Name of the Vulnerable Software and Affected Versions The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More versions through 1.8.9.7 Description The Charitable – Donation Plugin for WordPress is affected by a flaw due to missing cryptographic verification of...

CVE-2026-34756 vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server

vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...

CVE-2026-34756 vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server

vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...

vLLM 安全漏洞

vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM prior to 0.1.0 to 0.19.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of upper limit validation for the n parameter in the...

CVE-2026-23454

A flaw was found in the Linux kernel's mana network driver. A race condition during the destruction of a hardware completion queue HWC channel can lead to memory being freed while still in use. This use-after-free vulnerability allows an in-flight interrupt handler to dereference freed memory. Th...