Monthly
Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows an adjacent-network attacker to degrade telecom packet core service by continuously sending a specially crafted message that triggers improper handling of missing values (CWE-230). The condition persists only while the attack is sustained - the system self-recovers once traffic stops - and no public exploit identified at time of analysis, but the CVSS 4.0 score of 7.1 reflects high availability impact on a carrier-grade network function.
Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows adjacent network attackers to degrade service availability by continuously transmitting specially crafted messages that trigger improper handling of missing values (CWE-230). The affected PCG nodes crash repeatedly under sustained attack but self-recover once traffic stops, so impact is transient yet operationally significant for mobile core networks. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
This is a denial of service vulnerability in Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family caused by improper handling of malformed CAPWAP (Control and Provisioning of Wireless Access Points) packets. The vulnerability affects multiple versions of Cisco IOS XE Software in the 17.14.x through 17.18.x release trains. An unauthenticated remote attacker can exploit this to cause the wireless controller to reload unexpectedly, resulting in complete network disruption with a high severity CVSS score of 8.6.
Simple Membership (WordPress plugin) versions up to 4.7.0 contains a security vulnerability (CVSS 6.5).
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The AppPresser - Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The RegistrationMagic - User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A flaw was found in the 389 Directory Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows an adjacent-network attacker to degrade telecom packet core service by continuously sending a specially crafted message that triggers improper handling of missing values (CWE-230). The condition persists only while the attack is sustained - the system self-recovers once traffic stops - and no public exploit identified at time of analysis, but the CVSS 4.0 score of 7.1 reflects high availability impact on a carrier-grade network function.
Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows adjacent network attackers to degrade service availability by continuously transmitting specially crafted messages that trigger improper handling of missing values (CWE-230). The affected PCG nodes crash repeatedly under sustained attack but self-recover once traffic stops, so impact is transient yet operationally significant for mobile core networks. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
This is a denial of service vulnerability in Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family caused by improper handling of malformed CAPWAP (Control and Provisioning of Wireless Access Points) packets. The vulnerability affects multiple versions of Cisco IOS XE Software in the 17.14.x through 17.18.x release trains. An unauthenticated remote attacker can exploit this to cause the wireless controller to reload unexpectedly, resulting in complete network disruption with a high severity CVSS score of 8.6.
Simple Membership (WordPress plugin) versions up to 4.7.0 contains a security vulnerability (CVSS 6.5).
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The AppPresser - Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The RegistrationMagic - User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A flaw was found in the 389 Directory Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.