GHSA-5RVC-5CWX-G5X8 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Impact This is an Improper Error Handling vulnerability with Information Exposure implications, combined with an HTTP Method Translation issue. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with ...

free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Impact This is an Improper Error Handling vulnerability with Information Exposure implications, combined with an HTTP Method Translation issue. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with ...

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

BIT-LIBPYTHON-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

CVE-2026-31938 jsPDF has HTML Injection in New Window paths

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the options argument of the output function allows attackers to inject arbitrary HTML such as scripts into the browser context the created PDF is opened in. The vulnerability can be exploited in the followi...

Rocket.Chat: Unauthenticated file deletion via deleteFileMessage DDP method allows permanent destruction of any uploaded file

Vulnerability description not provided...

UBUNTU-CVE-2026-3633

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the soupmessagenew function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF Carriage Return Line Feed injection, occurs because the method value is not properly...

CVE-2026-3633

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the soupmessagenew function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF Carriage Return Line Feed injection, occurs because the method value is not properly...

CVE-2026-3633

Summary: CVE-2026-3633 affects libsoup and enables CRLF/header/http request injection by an attacker who can control the method parameter in soup_message_new(). The flaw arises from inadequate escaping of the method value during request line construction, potentially allowing arbitrary headers or...

CVE-2026-3633 Libsoup: libsoup: header and http request injection via crlf injection

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the soupmessagenew function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF Carriage Return Line Feed injection, occurs because the method value is not properly...

CVE-2026-3633

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the soupmessagenew function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF Carriage Return Line Feed injection, occurs because the method value is not properly...

CVE-2026-3633

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the soupmessagenew function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF Carriage Return Line Feed injection, occurs because the method value is not properly...

Path Traversal

github.com/weaviate/weaviate is vulnerable to path traversal. The vulnerability is due to insufficient validation of the fileName field in the transfer logic, which allows an attacker who can call the GetFile method while a shard is in the “Pause file activity” state and the FileReplicationServic...

CVE-2026-30707

An issue was discovered in SpeedExam Online Examination System SaaS after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The...

SpeedExam Online Examination System 安全漏洞

The SpeedExam Online Examination System is an online examination and assessment system developed by the Indian company SpeedExam. Versions of the SpeedExam Online Examination System after v.FEV2026 have security vulnerabilities. These vulnerabilities stem from access control flaws in the...

CVE-2026-30707

An issue was discovered in SpeedExam Online Examination System SaaS after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The...

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Authenticated Subscriber+ License Deactivation via deactivatelicense vulnerability discovered by Legion Hunter in WordPress Plugin NEX-Forms versions = 9.1.9...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the fullTextSearchBlock handler in kernel/api/search.go. An attacker can execute unauthorized SQL statements, including reading, modifying, or deleting database contents, by sending method=2 with a crafte...