367714 matches found
CVE-2026-4392
CVE-2026-4392 affects TeamSpeak 3 Server versions up to 3.13.7, involving the Handshake Handler component. The issue arises from manipulation of the argument proof, which results in a reachable assertion. The advisory states that remote exploitation is possible. A fix is available in TeamSpeak 3 ...
CVE-2026-48149
CVE-2026-48149 affects Budibase prior to version 3.39.0, where the Budibase Text component in Markdown mode rendered markdown by assigning marked.parse(markdown) directly to innerHTML without sanitization (MarkdownViewer.svelte:22). This creates a stored-XSS sink in any column bound to a Text com...
CVE-2026-48150
Budibase CVE-2026-48150 describes a privilege-escalation flaw in the /api/public/v1/roles/assign endpoint prior to 3.39.0. The builderOrAdmin middleware trusts the x-budibase-app-id header to identify the app’s builder, and then the controller propagates the request body to the SDK, which can gra...
CVE-2026-48151
Budibase (open-source low-code platform) contains an authorization bypass in the webhook schema-building endpoint prior to 3.39.0. The endpoint under builderRoutes allowed an unauthenticated caller to update the body schema for a known webhook and mutate the associated automation trigger output s...
CVE-2026-45162
The CVE-2026-45162 entry is linked to concrete, public advisories for Pimcore in Pimcore v11 that expose unsafe PHP deserialization in multiple locations without allowed_classes. The vulnerabilities occur when data sourced from databases (tmp_store, sites, custom_layouts) or filesystem (WebDAV de...
CVE-2026-48152
Budibase (open-source low-code) prior to 3.39.0 exposes a vulnerability where a Basic app user (mapped to WRITE permissions) can read an existing REST datasource, obtain redacted authConfigs, and update only the config.url. During update, mergeConfigs() restores the original secret when it detect...
CVE-2026-48153
Budibase: CVE-2026-48153 affects Budibase before 3.39.0. The OAuth2 SDK’s fetchToken makes a POST to a builder-supplied URL using plain node-fetch and bypasses the isBlacklisted outbound-fetch path check, and the OAuth2 URL Joi schema has no scheme/host restrictions. This enables SSRF to reach in...
CVE-2026-45061
CVE-2026-45061 : Budibase (open-source low-code platform) remains vulnerable to SSRF due to a trivial substring URL check in the Plugin URL upload endpoint (/api/plugin). Before 3.35.10, the code validates only that the URL contains “.tar.gz” anywhere in the string (path, query, or fragment). The...
CVE-2026-4391
CVE-2026-4391 affects TeamSpeak 3 Server up to version 3.13.7. The issue is in an unknown code path of the ECC Key Parser, causing a heap-based buffer overflow that could be triggered remotely. A fixed version is 3.13.8, which upgrades the affected component. If exploiting details are not provide...
CVE-2026-44460
FileRise (self-hosted web-based file manager) contains a vulnerability in /api/totp_setup.php prior to version 3.12.0. If a session has passed password check (state pending_login_user) and the target account already has TOTP configured, the endpoint decrypts and returns the existing TOTP secret i...
CVE-2026-45047
The CVE affects the Go project bird-lg-go. Before version 1.4.5, apiHandler (and webHandlerTelegramBot) directly decode user-provided JSON via json.NewDecoder(r.Body).Decode(&request) without a maximum read size, enabling an unauthenticated attacker to stream a very large or endless JSON payload ...
CVE-2026-44378
Botan (C++ cryptography library) is affected prior to version 3.12.0. Indefinite-length BER encodings could trigger quadratic parser behavior, even in structures that must be DER, leading to denial of service. The issue is fixed in 3.12.0. There are no explicit exploit details or in-the-wild expl...
CVE-2026-42328
CVE-2026-42328 : go-ipld-prime prior to 0.23.0 had unbounded recursion in the DAG-CBOR and DAG-JSON decoders when processing deeply nested maps/lists. Each nesting level increases the goroutine stack, potentially causing a fatal stack overflow. The issue is resolved by a fix in version 0.23.0 . I...
CVE-2026-4390
CVE-2026-4390 affects TeamSpeak 3 Server (up to version 3.13.7). The vulnerability is in the process_resend_queue function of the Connection State Management component, where a manipulation leads to a use-after-free condition. The issue permits remote initiation of an attack under NETWORK, with L...
CVE-2026-42081
CVE-2026-42081 — free5GC AMF UE Security Capabilities bypass (NGAP PathSwitchRequest) Affected software: free5GC AMF (prior to 4.2.2). What is vulnerable: The AMF does not verify UE security capabilities received in NGAP PathSwitchRequest against locally stored values, allowing a malicious gNB to...
CVE-2026-42082
Free5GC AMF prior to v4.2.2 is vulnerable to missing concurrent NAS SMC validation during NGAP handover. The vulnerability arises because the AMF does not enforce the cross-procedure rules in 3GPP TS 33.501 §6.9.5.1, allowing a NAS Security Mode Command (SMC) to be issued while an N2 handover pro...
CVE-2026-42083
CVE-2026-42083 affects free5GC PCF Npcf_SMPolicyControl where missing router authorization middleware in the smPolicyGroup allowed unauthenticated access to SM policy endpoints (e.g., POST /npcf-smpolicycontrol/v1/sm-policies, GET /sm-policies/{id}, POST /sm-policies/{id}/update, POST /sm-policie...
CVE-2026-42459
CVE-2026-42459 documents an improper input validation flaw in free5GC UDM: the SDM (nudm-sdm) service does not validate the SUPI parameter in six GET handlers, allowing an unauthenticated attacker to inject control characters into SUPI. This can cause UDM to forward a malformed URL to UDR and ret...
CVE-2026-44315
The CVE describes a vulnerability in free5GC NEF where the 3gpp-pfd-management API is mounted without inbound OAuth2/bearer-token authorization prior to version 4.2.2. An attacker reachable on the SBI can forge Bearer tokens to create, read, and delete PFD-management transactions, with these acti...
CVE-2026-44316
The CVE describes a nil-pointer dereference in free5GC PCF (POST /npcf-smpolicycontrol/v1/sm-policies) HandleCreateSmPolicyRequest. When a downstream OpenAPI (UDR) lookup returns 404 and the wrapper returns err != nil with a nil response, the code logs the error but does not return, then derefere...
CVE-2026-44317
Summary of findings (CVE-2026-44317) : In free5GC’s PCF component, the POST /npcf-policyauthorization/v1/app-sessions handler can panic on a single authenticated request when ascReqData.suppFeat == "1" (traffic-routing feature negotiation) and medComponents includes an AfAppId but no AfRoutReq. T...
CVE-2026-48027
Summary: CVE-2026-48027 affects Nx Console, a UI for Nx & Lerna. A malicious copy of Nx Console version 18.95.0 was published briefly in Visual Studio Marketplace (and OpenVSX) around 12:30–12:48 UTC (≈18 minutes) and 12:33–13:09 UTC (≈36 minutes) respectively. The compromised package allowed cod...
CVE-2026-44319
Summary (fact-grounded): CVE-2026-44319 affects free5GC NEF prior to version 4.2.2, where an attacker-controlled PFD notifyUri can trigger asynchronous delivery failures that cause NEF to call Fatal and exit, resulting in a complete availability outage until restart. The vulnerability occurs in P...
CVE-2026-44320
Summary: CVE-2026-44320 affects free5GC’s NEF, specifically the nnef-callback route group, which mounts without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token can reach the SMF-callback handler, allowing the callback body to be parsed and dispatched into NEF busines...
CVE-2026-44321
The CVE concerns free5GC SMF (v4.2.x) where the UPI route group lacked inbound OAuth middleware, allowing an unauthenticated POST to /upi/v1/upNodesLinks to trigger a validation failure that calls Fatalf, terminating the entire SMF process. Specifically, an attacker-controlled JSON payload can tr...
CVE-2026-44322
The CVE-2026-44322 family describes a nil-pointer dereference panic in free5GC NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} that occurs when upstream UDR calls fail and the consumer wrapper returns err != nil with a nil *ProblemDetails. In the errPfdData br...
CVE-2026-44323
This CVE-2026-44323 affects free5GC UDR in the v4.2.1 timeframe, where the DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler dereferences a nil map entry after a missing subsId, causing a nil-pointer panic (HTTP 500) on an authenticated request. ...
CVE-2026-44324
Summary (concrete details available) CVE-2026-44324 affects free5GC’s UDR component (v4.2.1 and prior). The vulnerable handler is the nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions. When ueId is missing from UESubsCollection, the code sets a 4...
CVE-2026-44325
CVE-2026-44325 affects free5GC NRF (v4.2.1) where POST /oauth2/token parses form data with a reflective type-confusion in api_accesstoken.go. The handler reflects over NrfAccessTokenAccessTokenReq, incorrectly treating most fields as a *models.PlmnId and assigns it to various destination fields, ...
CVE-2026-44326
CVE-2026-44326 affects free5gc NEF 3gpp-traffic-influence API. Prior to version 4.2.2, the NEF mounts the 3gpp-traffic-influence endpoint without inbound OAuth2/bearer-token authorization. An unauthenticated or forged-token request reachable on the SBI can create, read, patch, and delete traffic-...
CVE-2026-44327
CVE-2026-44327 affects free5GC NEF (nnef-oam route group). Prior to v4.2.2, the OAM route group was mounted without inbound OAuth2/bearer-token authorization, allowing unauthenticated requests to hit OAM endpoints via the SBI. The OAM handler is a stub returning null, but the defect is route-grou...
CVE-2026-44328
Summary: CVE-2026-44328 affects free5GC SMF 4.2.1 and is fixed in 4.2.2 via upstream patch PR#199. The SMBI UPI route group was left without inbound OAuth2 middleware, allowing unauthenticated access to delete endpoints. The DELETE /upi/v1/upNodesLinks/{upNodeRef} handler unconditionally derefere...
CVE-2026-44329
CVE-2026-44329 affects free5GC SMF v4.2.1 where the UPI management route group is mounted without OAuth2/bearer-token auth. Consequently, unauthenticated requests to /upi/v1/upNodesLinks (GET, POST with attacker-controlled payload, DELETE /upi/v1/upNodesLinks/{nodeID}) can reach SMF business hand...
CVE-2026-44330
Summary (CVE-2026-44330): free5GC NEF’s nnef-pfdmanagement route group was found to be mounted without inbound OAuth2/bearer-token authorization, exposing read and write access to PFD data and subscriptions. Affected: free5GC v4.2.1 (NEF). Impact: an attacker who can reach the NEF SBI can read PF...
CVE-2026-44318
Summary: The vulnerability CVE-2026-44318 affects free5GC BSF before 4.2.2, where PUT /nbsf-management/v1/subscriptions/{subId} unsafely writes to the global Subscriptions map without proper locking in the create-if-absent path. A concurrent authenticated PUT can cause a race between a read (RLoc...
CVE-2022-41656
CVE-2022-41656 describes a Missing Authorization vulnerability in the WordPress plugin Account Manager for WooCommerce . Affected versions are up to 2.1.2 (per CVE notices) with a broken access control that allows exploiting incorrectly configured access levels. The core issue is missing authoriz...
CVE-2026-45335
WeGIA is vulnerable to an Open Redirect in the /WeGIA/controle/control.php endpoint prior to version 3.7.3. The vulnerability arises via the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle, where the application fails to validate or restrict nextPage. This ...
CVE-2026-45027
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, login.php hashes the submitted password with PHP hash(…, 'SHA-256') and no salt, and the password-change flow uses the same pattern. SHA-256 is a fast general-purpose hash, not ideal for password storage, so identical...
CVE-2026-44483
RVF prototype pollution risk in form handling : The issue is in the set-get component used by @rvf/core’s preprocessFormData. Vulnerable in @rvf/set-get versions < 6.0.4 (6.x) and
CVE-2026-44473
CVE-2026-44473 affects Ella Core (5G core for private networks). Before v1.10.0, a radio with a valid NG Setup could send a forged PDUSessionResourceSetupResponse containing another UE’s AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE’s NG-co...
CVE-2026-44475
CVE-2026-44475 affects Ella Core (private 5G core). Prior to version 1.10.0, the PathSwitchRequest handling does not verify UE Security Capabilities against locally stored values, allowing a malicious gNB to overwrite a UE’s security capabilities with arbitrary values via a crafted PathSwitchRequ...
CVE-2026-44474
Ella Core (5G private-net Core) is affected prior to version 1.10.0 by a race in security procedures: it did not enforce TS 33.501 §6.9.5.1 when Security Mode Command and N2 handover run concurrently. This can cause a KgNB mismatch between the UE and target gNB, leading to handover failure. The i...
CVE-2026-49054
CVE-2026-49054 concerns WordPress plugin The Post Grid (versions up to 7.9.2). The issue is a Missing Authorization / Broken Access Control vulnerability caused by misconfigured access control logic, allowing unauthorized access where restrictions should apply. Public sources in the connected rec...
CVE-2026-44353
CVE-2026-44353 affects Streamlink (CLI) prior to 8.4.0. The HLS/DASH parsers do not validate the URI scheme of segment entries, so a remote .m3u8 or .mpd manifest can reference file:// URIs. Streamlink may read local files and write their contents to the output stream, enabling potential disclosu...
CVE-2026-42790
Erlang OTP has a vulnerability (CVE-2026-42790) in the public_key module (pubkey_cert and public_key) where DNS nameConstraints can be bypassed via CommonName fallback in TLS hostname verification. The issue occurs because pubkey_cert:validate_names/6 only checks SAN DNS entries against nameConst...
CVE-2026-44839
RabbitMQ vulnerability (CVE-2026-44839) affects the RabbitMQ server management UI due to unsanitized vhost names, enabling cross-site scripting. Affected versions are 3.7.0 up to but not including 4.1.2 and 4.0.13. The issue is fixed in 4.1.2 and 4.0.13. No exploitation status is provided in the ...
CVE-2026-44838
RabbitMQ MQTT plugin contains a permission bypass vulnerability: topic-level authorization uses user-supplied client_id substituted into a regex pattern without escaping. From 4.2.0 up to before 4.2.4, an authenticated MQTT user could inject regex operators to bypass topic restrictions. The issue...
CVE-2026-48545
CVE-2026-48545 : Gradio before 6.15.0 is affected by a cookie injection vulnerability due to a shared module‑level HTTP client used by the reverse proxy endpoint. Attackers controlling any HF Space can return a parent‑domain cookie that the shared client stores and automatically replays into subs...
CVE-2026-45570
Technical details beyond the initial description are not present in the connected documents; monitor for updates.
CVE-2026-49053
CVE-2026-49053 applies to the WordPress plugin ElementsKit Elementor addons Lite (versions