Aggregator

A vulnerability classified as problematic was found in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation results in denial of service. This vulnerability is cataloged as CVE-2026-8248. The attack may be launched remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #808279 / VDB-362551

Submit #808277 / VDB-362550

Submit #808482 / VDB-362549

Submit #808480 / VDB-362548

Submit #808476 / VDB-362547

Submit #808473 / VDB-362546

Submit #808472 / VDB-362545

欧盟考虑制定规则，限制成员国政府使用美国云平台处理敏感数据。欧盟委员会预计将于 5 月 27 日公布技术主权计划 Tech Sovereignty Package，该计划包含了一系列措施加强在数字领域的战略自主性。欧盟委员会内部讨论了限制敏感公共部门数据暴露于非欧盟云平台的问题。包括美国在内的云服务商可能会受到影响。欧盟委员会没有完全禁止非欧盟云平台竞标政府合同，而是根据敏感程度限制非欧盟云平台处理敏感数据。它讨论的敏感数据主要与金融、司法和医疗数据相关。

Submit #802837 / VDB-325131

Исследователь безопасности нашел одинаковый root-пароль у тысяч роботов Yarbo и доказал, что проблема затрагивает всю линейку устройств.

German authorities have shut down a relaunch version of the criminal marketplace 'Crimenetwork' that generated more than 3.6 million euros, and arrested its operator. [...]

A vulnerability classified as problematic has been found in OpenCart 3.0.3.6. Impacted is an unknown function of the file /account/edit of the component Account Information Handler. The manipulation leads to cross-site request forgery. This vulnerability is listed as CVE-2021-47946. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as problematic has been identified in Getaawp AAWP Plugin 3.16 on WordPress. This issue affects some unknown processing of the component Setting Handler. Executing a manipulation of the argument tab can lead to cross site scripting. This vulnerability is tracked as CVE-2022-50970. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as problematic has been reported in Argus Surveillance DVR 4.0. This vulnerability affects unknown code of the component DVRWatchdog Service. Performing a manipulation results in unquoted search path. This vulnerability is identified as CVE-2021-47945. The attack is only possible with local access. Additionally, an exploit exists.

A vulnerability labeled as problematic has been found in uBidAuction 2.0.1. This affects the function filter of the file auctions/manage of the component GET Handler. Such manipulation of the argument date_created/date_from/date_to/created_at leads to cross site scripting. This vulnerability is referenced as CVE-2022-50968. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability identified as problematic has been detected in uBidAuction 2.0.1. Affected by this issue is the function filter of the file backend/mailingLog/manage of the component GET Handler. This manipulation of the argument date_created/date_from/date_to/created_at causes cross site scripting. The identification of this vulnerability is CVE-2022-50969. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as problematic has been discovered in uBidAuction 2.0.1. Affected by this vulnerability is the function filter of the file tickets/manage of the component GET Handler. The manipulation of the argument date_created/date_from/date_to/created_at results in cross site scripting. This vulnerability was named CVE-2022-50967. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in uBidAuction 2.0.1. It has been rated as problematic. Affected is the function filter of the file news/manage of the component GET Handler. The manipulation of the argument date_created/date_from/date_to/created_at leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-50966. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in uBidAuction 2.0.1. It has been declared as problematic. This impacts the function filter of the component GET Handler. Executing a manipulation of the argument date_created/date_from/date_to/created_at can lead to cross site scripting. This vulnerability is handled as CVE-2022-50965. The attack can be executed remotely. Additionally, an exploit exists.