PT-2026-23759

Name of the Vulnerable Software and Affected Versions Mercurius versions prior to 16.8.0 Description Mercurius does not properly enforce the configured queryDepth limit on GraphQL subscription queries received over WebSocket connections. The depth check functions as expected for HTTP queries and...

Telegram Increasingly Used to Sell Access, Malware and Stolen Logs

Cybercriminals are now increasingly using Telegram to sell corporate access, malware subscriptions, and stealer logs, turning the messaging app into a fast cybercrime hub...

BIT-MASTODON-2026-27468 Mastodon may allow unconfirmed FASP to make subscriptions

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...

CVE-2026-27792

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other...

cockpit-subscriptions-14.4-4.1 on GA media (moderate)

cockpit-subscriptions-14.4-4.1 on GA media Announcement ID: openSUSE-SU-2026:10253-1 Rating: moderate Cross-References: CVE-2026-25547 CVSS scores: CVE-2026-25547 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25547 SUSE : 8.7...

OPENSUSE-SU-2026:10253-1 cockpit-subscriptions-14.4-4.1 on GA media

These are all security issues fixed in the cockpit-subscriptions-14.4-4.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-27468

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...

CVE-2026-27468

CVE-2026-27468 (Mastodon) affects Mastodon servers that have enabled the experimental FASP feature via EXPERIMENTAL_FEATURES including “fasp”. In versions 4.4.0–4.4.13 and 4.5.0–4.5.6, actions by a FASP to subscribe to account/content lifecycle events or to backfill content did not verify adminis...

Mastodon 安全漏洞

Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. Vulnerabilities exist in versions 4.4.0 to 4.4.13 and 4.5.0 to 4.5.6 of Mastodon. These vulnerabilities stem from FASP failing to properly check whether subscription account content lifecycle events o...

CVE-2025-68514

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through = 2.16.8...

CVE-2025-68514

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through = 2.16.8...

CVE-2025-68514 WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through = 2.16.8...

CVE-2025-68514 WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through = 2.16.8...

CVE-2025-68514

CVE-2025-68514: WordPress Paid Membership Subscriptions (Cozmoslabs)

WordPress plugin Paid Member Subscriptions 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-21088

Name of the Vulnerable Software and Affected Versions Cozmoslabs Paid Member Subscriptions versions n/a through 2.16.8 Description An authorization bypass exists due to incorrectly configured access control security levels in Cozmoslabs Paid Member Subscriptions. The issue allows exploitation...

WordPress plugin Popup Builder – Create highly converting, mobile friendly marketing popups 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin Simple Membership 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

SUSE: Security Advisory (SUSE-SU-2026:20336-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GitLab 16.7 < 18.3.6 / 18.4 < 18.4.4 / 18.5 < 18.5.2 (CVE-2025-2615)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive...