CVE-2025-50028

Missing Authorization vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Push Notifications: from n/a through = 1.2.0...

CVE-2025-50028

Missing Authorization vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Push Notifications: from n/a through = 1.2.0...

PT-2025-29810 · Unknown · Codesolz Ultimate Push Notifications

Name of the Vulnerable Software and Affected Versions: CodeSolz Ultimate Push Notifications versions through 1.1.9 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations: Update CodeSolz Ultimate Push...

WordPress plugin Ultimate Push Notifications 安全漏洞

WordPress Ultimate Push Notifications is a plugin that is mainly used to implement real-time push functionality in WordPress websites, supporting sending desktop and mobile device notifications to users. WordPress Ultimate Push Notifications suffers from a lack of authorization vulnerability, no...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: CVE-2024-12224: idna: Fixed improper validation in punycode bsc1243861 Update to version 0.2.7+70: builddeps: bump wiremock from 0.6.2 to 0.6.3 builddeps: bump uuid from 1.16.0 to 1.17.0 lib: Introduce AgentIdentity structure gitignore: Add...

SUSE CVE-2025-38251

In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref in clippush Blamed commit missed that vccdestroysocket calls clippush with a NULL skb. If clipdevs is NULL, clippush then crashes when reading skb-truesize...

SQL Injection

Overview z-push/z-push-dev is an open-source application to synchronize ActiveSync compatible devices Affected versions of this package are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field ...

AZL-64868 CVE-2025-38251 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref in clippush Blamed commit missed that vccdestroysocket calls clippush with a NULL skb. If clipdevs is NULL, clippush then crashes when reading skb-truesize...

AZL-72790 CVE-2025-38251 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref in clippush Blamed commit missed that vccdestroysocket calls clippush with a NULL skb. If clipdevs is NULL, clippush then crashes when reading skb-truesize...

PT-2025-28879

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in the atm subsystem, specifically within the clip push function. A missing check allows clip push to be called with a NULL socket buffer skb by vcc...

CVE-2025-53604

The web-push crate before 0.10.3 for Rust allows a denial of service memory consumption in the built-in clients via a large integer in a Content-Length header...

CVE-2025-5924

The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpnbrodcastnotificationmessage function. This makes it possible for unauthenticated attacker...

Rust Web Push is vulnerable to a DoS attack via a large integer in a Content-Length header

The web-push crate before 0.10.4 for Rust allows a denial of service memory consumption in the built-in clients via a large integer in a Content-Length header. The patch was initially made available in version 0.10.3, but version 0.10.3 has since been yanked...

GHSA-287X-9RFF-QVCG Rust Web Push is vulnerable to a DoS attack via a large integer in a Content-Length header

The web-push crate before 0.10.4 for Rust allows a denial of service memory consumption in the built-in clients via a large integer in a Content-Length header. The patch was initially made available in version 0.10.3, but version 0.10.3 has since been yanked...

CVE-2025-53604

The web-push crate before 0.10.3 for Rust allows a denial of service memory consumption in the built-in clients via a large integer in a Content-Length header...

CVE-2025-53604

The web-push crate before 0.10.3 for Rust allows a denial of service memory consumption in the built-in clients via a large integer in a Content-Length header...

CVE-2025-53604

The vulnerability CVE-2025-53604 affects the Rust crate web-push prior to version 0.10.3 . The built-in clients are susceptible to a denial-of-service caused by memory consumption when handling a large integer in a Content-Length header. Impact is described as DoS via memory exhaustion in affecte...

CVE-2025-53604

The web-push crate before 0.10.3 for Rust allows a denial of service memory consumption in the built-in clients via a large integer in a Content-Length header...

CVE-2025-53604

The web-push crate before 0.10.3 for Rust allows a denial of service memory consumption in the built-in clients via a large integer in a Content-Length header...

PT-2025-28030 · Web-Push · Web-Push

Name of the Vulnerable Software and Affected Versions: web-push crate versions prior to 0.10.3 Description: The issue allows an attacker to cause a denial of service condition through excessive memory consumption in the built-in clients of the web-push crate via a large integer in a Content-Lengt...