CVE-2026-8781 omec-project amf handler.go RANConfiguration null pointer dereference

A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and ma...

PT-2026-41630

A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2026-34072

CVE-2026-34072: cronmaster middleware auth bypass (pre-2.2.0). The issue occurs in Cronjob management UI cronmaster before version 2.2.0, where a failure in the middleware session-validation fetch allows an invalid session cookie to be treated as valid, enabling unauthenticated requests to access...

CVE-2026-0558

The CVE-2026-0558 issue affects parisneo/lollms up to 2.2.0, where the /api/files/extract-text endpoint accepts file uploads without authentication, lacking the Depends(get_current_active_user) check. This exposes unauthenticated users to DoS via resource exhaustion and potential information disc...

CVE-2026-24616

Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through = 2.2.0.5...

CVE-2025-62081

Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through =...

EUVD-2025-31051

Malicious code in bioql PyPI...

CVE-2025-59827

Flag Forge is a Capture The Flag CTF platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges e.g., Staff to themselves. This could lead to privilege escalation and impersonation of administrative...

CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

PT-2024-11774 · Fdupes +1 · Fdupes +1

Name of the Vulnerable Software and Affected Versions: FDUPES versions prior to 2.2.0 Description: A TOCTOU race condition in the deletefiles function allows for arbitrary file deletion via a symlink. Recommendations: For FDUPES versions prior to 2.2.0, update to version 2.2.0 or later to resolve...

CVE-2023-45003

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin = 2.2.0 versions...

CVE-2023-38679

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 All versions V2201.0008, Tecnomatix Plant Simulation V2302 All versions V2302.0002. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. Thi...

GHSA-JQWH-JRPG-5J3H Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery

Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification...

Code Execution Vulnerability in LeShang Mall System v2.2.0

LeShang mall system is a based on THINKPHP5.0 as the core development of a free open source professional mall system. Code execution vulnerability exists in LeShang Mall System v2.2.0. An attacker can exploit the vulnerability to write arbitrary files and gain server privileges...

Wireshark Denial of Service Vulnerability (CNVD-2018-07444)

Wireshark formerly Ethereal is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.LWAPP dissector is one of the lightweight access point protocol parsers. A security...