PT-2026-38811

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated...

CVE-2026-7518

A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amfnamfcallbackhandlesdmdatachangenotify of the file /namf-callback/v1/id/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The...

CVE-2026-7518

A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amfnamfcallbackhandlesdmdatachangenotify of the file /namf-callback/v1/id/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The...

EUVD-2026-26466

A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amfnamfcallbackhandlesdmdatachangenotify of the file /namf-callback/v1/id/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The...

CVE-2026-7518 Open5GS AMF SBI Endpoint sdmsubscription-notify amf_namf_callback_handle_sdm_data_change_notify denial of service

A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amfnamfcallbackhandlesdmdatachangenotify of the file /namf-callback/v1/id/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The...

CVE-2026-7518

Open5GS AMF SBI Endpoint (named path /namf-callback/v1/{id}/sdmsubscription-notify) is affected up to version 2.7.7. The vulnerability arises in amf_namf_callback_handle_sdm_data_change_notify where manipulation of changeItem.newValue leads to denial of service. The issue can be triggered remotel...

Missing Default Case in Switch Statement

Overview Affected versions of this package are vulnerable to Missing Default Case in Switch Statement in the DataChangeNotification process due to a nil pointer dereference. An attacker can cause a panic and disrupt service availability by triggering this process with crafted input. Remediation...

GO-2026-4757 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference in github.com/free5gc/udm

free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference in github.com/free5gc/udm...

CVE-2026-33064 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

CVE-2026-33064 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

CVE-2026-33064 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

GHSA-7G27-V5WJ-JR75 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Impact This is a NULL Pointer Dereference vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the UDM service to panic and crash by sending a crafted POST request to the /sdm-subscriptions endpoint with a malformed URL path containing path traversal sequence...

free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Impact This is a NULL Pointer Dereference vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the UDM service to panic and crash by sending a crafted POST request to the /sdm-subscriptions endpoint with a malformed URL path containing path traversal sequence...

CVE-2026-1981

The Winston AI WordPress plugin (HUMN-1 AI Website Scanner & Human Certification)

CVE-2025-15516 All-in-One Video Gallery 4.1.0 - 4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

PT-2026-4592

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax callback store user meta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2026-1000

The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration function. This makes it possible for authenticated attackers, wi...

CVE-2025-13149

The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the "saveFutureActionData" function in all versions up to, and including,...

MAL-2025-173088 Malicious code in bafai-sunabi-cumigau (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2de4a2241b2f53ddcff0912b23c9030a5a0e39dc6e5babb99036cd1bea83d672 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mahiyaa-sutiayanu-gandofi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4d7967de0e5d42dc44d53f42174283a413f20edc99b4be625fae38b3e1120bf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...