CVE-2025-69247 free5GC has Heap Buffer Overflow in UPF Leading to Denial of Service

free5GC go-upf is the User Plane Function UPF implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow CWE-122 vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially...

WordPress Plugin Notes Plus Plugin <= 1.2.7 is vulnerable to Arbitrary Content Deletion

Software Plugin Notes Plus Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A1: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2024-43326 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 048345824ef6 Credits Trương Hữu Phúc...

CVE-2024-5130

An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, which allows unauthenticated users to delete any dataset. The vulnerability is due to the lack of proper authorization checks in the dataset deletion endpoint. Specifically, the endpoint does n...

CVE-2024-3761 Missing Authorization on Delete Datasets in lunary-ai/lunary

In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a datas...