PT-2026-39258

Name of the Vulnerable Software and Affected Versions free5GC SMF version 4.2.1 Description The SMF mounts the UPI management route group without inbound OAuth2 middleware, allowing unauthenticated access. A flaw in the DeleteUpNodeLink function causes a nil-pointer dereference when processing...

PT-2026-31985

Summary Vikunja's scoped API token enforcement for custom project background routes is method-confused. A token with only projects.background can successfully delete a project background, while a token with only projects.background delete is rejected. This is a scoped-token authorization bypass...

SUSE CVE-2025-38587

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6infousesdev fib6infousesdev seems to rely on RCU without an explicit protection. Like the prior fix in rt6nlmsgsize, we need to make sure fib6delroute or fib6addrt2node have not removed the...

CVE-2024-46086

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/delete/123...

CVE-2021-20773

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege...

Kong Gateway Admin API Remote Code Execution

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kong Gateway Admin API Remote Code Execution', 'Description' = ' This module uses the Kong admin API to create a route...