1088 matches found
CVE-2026-33064
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...
CVE-2026-22193
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...
EUVD-2026-15568
Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...
CVE-2026-24372
Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...
CVE-2026-24372 WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability
Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...
CVE-2026-24372
CVE-2026-24372 affects the WordPress plugin Subscriptions for WooCommerce up to version 1.8.10, where an Authentication Bypass by Spoofing plus Input Data Manipulation vulnerability exists. The issue is confirmed across multiple sources (NVD/Red Hat/CVEs lists) with CVSS v3.1 base score 7.5 (HIGH...
WordPress plugin Subscriptions for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-27854
Name of the Vulnerable Software and Affected Versions Subscriptions for WooCommerce versions through 1.8.10 Description An authentication bypass by spoofing issue exists in WP Swings Subscriptions for WooCommerce. This allows for input data manipulation. The issue impacts the Subscriptions for...
CVE-2026-33508 Parse Server: LiveQuery subscription query depth bypass
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and 9.6.0-alpha.45, Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription...
CVE-2026-33508
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and 9.6.0-alpha.45, Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription...
CVE-2026-33508 Parse Server: LiveQuery subscription query depth bypass
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and 9.6.0-alpha.45, Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription...
EUVD-2026-14782
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
CVE-2026-32642
CVE-2026-32642 is an authorization bypass in Apache Artemis/ActiveMQ Artemis OpenWire handling: when an authenticated user with createDurableQueue but without createAddress attempts to create a non-durable JMS topic subscription on a non-existent address and address auto-creation is disabled, a t...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.56 and 9.6.0-alpha.45. These vulnerabilities stemmed from the LiveQuery component no...
Linux Distros Unpatched Vulnerability : CVE-2026-33064
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused ...
GO-2026-4755 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques in github.com/free5gc/udm
free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques in github.com/free5gc/udm...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure due to improper handling of the supi path parameter in the DELETE sdm-subscriptions request. An attacker can cause the service to return an unexpected error response by sending a request with an empty supi parameter...
Information Exposure
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure via the watch parameter in LiveQuery subscriptions targeting protected fields. An attacker can infer...
CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...
CVE-2026-33065 free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...