WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Paid Member Subscriptions versions = 2.16.8...

openSUSE 16 Security Update : cockpit-subscriptions (openSUSE-SU-2026:20181-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20181-1 advisory. - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global prototypes bsc1257324. Tenable has...

SUSE-SU-2026:20236-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issues: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global prototypes bsc1257324...

SUSE-SU-2026:20336-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issues: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global prototypes bsc1257324...

OPENSUSE-SU-2026:20181-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issues: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global prototypes bsc1257324...

CVE-2025-68699

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions $share/. A malformed SUBSCRIBE topic such as $share/ab missing the second / is not strictly validated during the...

cockpit-subscriptions-14.4-2.1 on GA media (moderate)

cockpit-subscriptions-14.4-2.1 on GA media Announcement ID: openSUSE-SU-2026:10150-1 Rating: moderate Cross-References: CVE-2025-13465 CVSS scores: CVE-2025-13465 SUSE : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2025-13465 SUSE : 8.8...

SUSE: Security Advisory (SUSE-SU-2026:20182-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2026:10150-1 cockpit-subscriptions-14.4-2.1 on GA media

These are all security issues fixed in the cockpit-subscriptions-14.4-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-68699 NanoMQ $share/ Subscription Validation and Forwarding Parsing Inconsistency: NULL Pointer Increment Causes Crash

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions $share/. A malformed SUBSCRIBE topic such as $share/ab missing the second / is not strictly validated during the...

EUVD-2025-206782

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions $share/. A malformed SUBSCRIBE topic such as $share/ab missing the second / is not strictly validated during the...

CVE-2025-68699

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions $share/. A malformed SUBSCRIBE topic such as $share/ab missing the second / is not strictly validated during the...

CVE-2025-68699

CVE-2025-68699 affects NanoMQ NanoMQ 0.24.6 where a malformed $share/ SUBSCRIBE topic (e.g., $share/ab) is not strictly validated, allowing an invalid topic filter to be stored. When a PUBLISH matches, nmq_pipe_send_start_v4/v5 re-parses the topic using strchr(); if the second strchr() returns NU...

CVE-2025-68699 NanoMQ $share/ Subscription Validation and Forwarding Parsing Inconsistency: NULL Pointer Increment Causes Crash

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions $share/. A malformed SUBSCRIBE topic such as $share/ab missing the second / is not strictly validated during the...

NanoMQ 代码问题漏洞

NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Version 0.24.6 of NanoMQ contains a code vulnerability that stems from inconsistent protocol parsing or forwarding during the handling of shared subscriptions. This vulnerability may lead to remote crashes...

WordPress Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return vulnerability

WordPress Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin = 2.11.1 - Missing Authorization via pmsstripeconnecthandleauthorizationreturn vulnerability discovered by Lucio Sá in WordPress Plugin Paid Member Subscriptions versions = 2.11.1...

Meta confirms it’s working on premium subscription for its apps

Meta plans to test exclusive features that will be incorporated in paid versions of Facebook, Instagram, and WhatsApp. It confirmed these plans to TechCrunch. But these plans are not to be confused with the ad-free subscription options that Meta introduced for Facebook and Instagram in the EU, th...

CVE-2025-68479

Discourse (open source forum platform) is affected by a vulnerability in subscription endpoints where ownership checks could be bypassed. The issue occurs in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 and is patched in 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No public workarou...

CVE-2025-68479 Discourse subscriptions are susceptible to takeover

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds...

SUSE-SU-2026:20182-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issues: Update to version 12.1: - CVE-2025-64718: js-yaml: fixed prototype pollution in merge bsc1255425...