CVE-2026-49111

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

PT-2026-49004

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.1.x Description The getRedirectURL function in oauth2.go constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path without validating the Host header. This allows...

EUVD-2026-31860

Bugsink: Project scoping missing in sourcemap and debug-file lookup...

EUVD-2026-31862

Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known...

PT-2026-49061

Summary In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number of custom i.e. supplied by an attacker tags can therefore make ingestion spend more time than intended writing tag rows. Bugsink uses a single-writer database...

CVE-2026-33398

NamelessMC 2.2.4 is affected by an insecure access control in modules/Forum/pages/forum/get_quotes.php, which only checks that a caller is logged in and reads a post by an attacker-controlled post ID. The backend helper in modules/Forum/classes/Forum.php does not enforce forum or topic ACLs, allo...

CVE-2026-4071 BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.28.0 Release.

Red Hat OpenShift Dev Spaces 3.28.0 has been released. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.28 release is based on...

CVE-2026-42729

CVE-2026-42729 documents a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress PropertyHive plugin, specifically in versions &lt;= 2.2.2. The root cause is described as improper neutralization of input during web page generation. Affected product: PropertyHive (WordPress plugin); ...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the UERadioCapabilityCheckResponse function in the dispatcher.go file. An attacker can cause a denial of service by sending specially crafted remote requests that trigger a null pointer dereference...

CVE-2026-8783

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and may be us...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and may be us...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds via the NGSetupRequest function in the ngap/handler.go file when processing the InformationElement argument. An attacker can cause memory corruption by sending specially crafted requests remotely. Remediation Upgrade...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds via the NGSetupRequest function in the ngap/handler.go file when processing the InformationElement argument. An attacker can cause memory corruption by sending specially crafted requests remotely. Remediation Upgrade...

AMF Improperly Restricts Operations within the Bounds of a Memory Buffer

A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly availabl...

CVE-2026-8781

A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and ma...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in the NGAP Message Handler component. An attacker can cause memory corruption by sending specially crafted NGAP messages remotely with low privileges. Remediation Upgrade github.com/omec-project/amf/ngap to version 2.2.0 ...

CVE-2026-41161

Summary: CVE-2026-41161 affects Sync-in Server before version 2.2.0. The /api/auth/login endpoint exposes a timing-based flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring response times. This is confirmed in the GitHub advisory and CVE descriptions, which...