649 matches found
CVE-2026-48736
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.0 to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, NoPrivateNetworkHttpClient and IpUtils::PRIVATESUBNETS omitted IPv6 transition prefixes such as 6to4, NAT64, Teredo, and IPv4-compatible IPv6, allowi...
CVE-2026-55187 Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms (follow-up to CVE-2026-27808)
Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms...
CVE-2026-55187
Mailpit contains an SSRF protection gap in Link Check API prior to v1.30.2. The internal IsInternalIP deny-list only blocks common IPv4 private/local addresses and CGNAT, and does not recognize several IPv6 forms that embed IPv4 destinations or IPv6 prefixes outside standard private ranges. Bypas...
CVE-2026-48955
An improper access check allows unauthorized users to access workflow stage and transition information...
CVE-2026-48955
An improper access check allows unauthorized users to access workflow stage and transition information...
CVE-2026-48955
An improper access check allows unauthorized users to access workflow stage and transition information...
CVE-2026-48955 Joomla! Core - [20260709] - Incorrect Access Control in com_workflow
An improper access check allows unauthorized users to access workflow stage and transition information...
EUVD-2026-42066
An improper access check allows unauthorized users to access workflow stage and transition information...
PT-2026-56228
Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check allows unauthorized users to access workflow stage and transition information within the com workflow component. Recommendations At the moment, there is no...
GHSA-794R-5RP2-FPG8 flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf
Summary flyto-core's SSRF protection validateurlssrf / isprivateip in src/core/utils.py blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded PRIVATEIPRANGES list. That list contains only the native RFC 1918 / loopback / link-loc...
CVE-2026-48206
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minute...
PT-2026-56088
Name of the Vulnerable Software and Affected Versions flyto-core affected versions not specified Description An issue exists in the Server-Side Request Forgery SSRF protection mechanism within src/core/utils.py. The is private ip function and validate url ssrf guard only check for native RFC 1918...
Improper Resource Shutdown or Release
Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...
Improper Resource Shutdown or Release
Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...
Improper Resource Shutdown or Release
Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...
CVE-2026-14623
A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclos...
CVE-2026-14623 omec-project amf NGAP Message RRCInactiveTransitionReport denial of service
A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclos...
CVE-2026-14623
CVE-2026-14623 affects omec-project amf up to 2.1.1. The vulnerability lies in the NGAP Message Handler function RRCInactiveTransitionReport, where manipulation can cause a remote denial of service. Exploit code maturity is shown as PROOF-OF-CONCEPT, and a public exploit has been disclosed. A pat...
CVE-2026-14623
A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclos...
CVE-2026-14623 omec-project amf NGAP Message RRCInactiveTransitionReport denial of service
A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclos...