CVE-2026-44318

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/subId handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock via BSFContext.GetSubscriptionsubId, but if t...

EUVD-2026-11753

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...

CVE-2026-22216

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...

Authorization Bypass

github.com/pydio/cells-sync is vulnerable to Authorization Bypass. The vulnerability exists because it does not properly validate the subscription handler, which allows an attacker to bypass and modify sensitive information in the system...

Go package pydio/cells vulnerable to authorization bypass

A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. Upgrading to version 4.2.1 is able to address this issue. I...

GHSA-MV7X-27PC-8C96 Go package pydio/cells vulnerable to authorization bypass

A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. Upgrading to version 4.2.1 is able to address this issue. I...

CVE-2023-2978

A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. The exploit has been disclosed to the public and may be use...

Authorization

A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. The exploit has been disclosed to the public and may be use...

CVE-2023-2978 Abstrium Pydio Cells Change Subscription authorization

A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. The exploit has been disclosed to the public and may be use...

PT-2023-22416 · Abstrium · Abstrium Pydio Cells

Name of the Vulnerable Software and Affected Versions: Abstrium Pydio Cells version 4.2.0 Description: A vulnerability was found in the component Change Subscription Handler, which leads to authorization bypass. The manipulation of this component can be exploited, and it has been disclosed to the...

Seam: XML eXternal Entity (XXE) flaw in remoting

Multiple XML External Entity XXE vulnerabilities in the 1 ExecutionHandler, 2 PollHandler, and 3 SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have oth...