PT-2026-45455

FlexRIC v2.0.0 crashes when the iApp receives an E42 RIC SUBSCRIPTION REQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash th...

PT-2026-45514

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions prior to 3.2.16 Spring Cloud Function versions prior to 4.1.10 Spring Cloud Function versions prior to 4.2.6 Spring Cloud Function versions prior to 4.3.3 Spring Cloud Function versions prior to 5.0.2 Spring Clou...

CVE-2026-37225

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

VMware Spring Cloud Function 安全漏洞

VMware Spring Cloud Function is a Java functional application development framework provided by the American company VMware. There is a security vulnerability in VMware Spring Cloud Function, which stems from infinite recursion at the routing layer, potentially leading to a memory insufficiency...

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from a mismatch in cross-layer verifications: the E42 layer accepts an empty ricEventTriggerDefinition field, while the E2AP encoder asser...

Apache Directory LDAP API 安全漏洞

The Apache Directory LDAP API is a LDAP protocol development framework created by the Apache Foundation in the United States. There were security vulnerabilities in the Apache Directory LDAP API between versions 2.0.0 and 2.1.7. These vulnerabilities stemmed from incomplete TLS server...

PT-2026-45260

Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.x through 2026.3.x OTRS Community Edition version 6.0.x Description Improper input validation in the database layer module allows an unauthenticated SQL injection, which can lead to an authentication bypass. This enables...

web-application-security-testing-tool

web-application-security-testing-tool A Python-based Web Appli...

SUSE CVE-2026-9932

Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID

Summary PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated user from one workspace to access, modify, and delete objects belonging to another workspace by supplying the victim object's global UUID. The affected pattern...

PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API

Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and delete resources in any...

GHSA-GV23-XRM3-8C62 PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API

Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and delete resources in any...

Allocation of Resources Without Limits or Throttling

Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the DNSCache.asyncadd. Any unauthenticated host on the local link can exhaust system...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via host resolution in the CLI authentication layer. An attacker can obtain authentication tokens intended for GitHub or GitHub Enterprise by causing authenticated requests to be sent to external hosts, as the ho...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via host resolution in the CLI authentication layer. An attacker can obtain authentication tokens intended for GitHub or GitHub Enterprise by causing authenticated requests to be sent to external hosts, as the ho...

@bloggrify/bento (>=3.0.0 <=3.0.1), @bloggrify/core (>=3.0.0 <=3.1.2) +22 more potentially affected by CVE-2026-47200 via nuxt (>=4.0.0-rc.0 <=4.4.4)

nuxt NPM version =4.0.0-rc.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.0.3, =10.0.2, =1.1.11, =1.0.4, =0.4.5, =0.0.0, =0.0.1, =1.0.0, =1.1.0, =2.0.1 and more Source cves: CVE-2026-47200 Source advisory: OSV:GHSA-HG3F-28RG-4JXJ...

@bloggrify/bento (>=3.0.0 <=3.0.1), @bloggrify/core (>=3.0.0 <=3.1.2) +22 more potentially affected by CVE-2026-47200 via nuxt (>=4.0.0-rc.0 <=4.4.4)

nuxt NPM version =4.0.0-rc.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.0.3, =10.0.2, =1.1.11, =1.0.4, =0.4.5, =0.0.0, =0.0.1, =1.0.0, =1.1.0, =2.0.1 and more Source cves: CVE-2026-47200 Source advisory: SNYK:JS-NUXT-17111072...

RLSA-2026:19136 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root...

golang-github-openprinting-ipp-usb security update

An update is available for golang-github-openprinting-ipp-usb. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list HTTP reverse proxy, backed by IPP-over-USB...

go-fdo-server security update

An update is available for go-fdo-server. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This package provides a server-side implementation of the FIDO Device...