5.1
CVE-2026-27741 - Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints
Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can iβ¦
5.1
CVE-2026-27742 - Bludit <= 3.16.2 Stored XSS in Post Content
Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript iβ¦
6.6
CVE-2025-69248 - free5GC has Array Index Out of Bounds in AMF Leading to Denial of Service
free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. Remote unauthenticated attackers can crash the AMF service by sending a specially crafted NAβ¦
2.7
CVE-2025-69247 - free5GC has Heap Buffer Overflow in UPF Leading to Denial of Service
free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specialβ¦
5.3
CVE-2026-3028 - erzhongxmu JEEWMS JeecgListDemoController.java doAdd cross site scripting
A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. Thβ¦
2.7
CVE-2025-69232 - free5GC hasProtocol Compliance Violation in UPF Leading to SMF Service Disruption
free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote attβ¦
2.7
CVE-2025-69208 - free5GC UDR's NEF incorrectly returns 500 for missing PFD data (UDR 404) in Nnef_PfdManagement GET β¦
free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Versions prior to 1.4.1 contain an Improper Error Handling vulnerability with Information Exposure. All deployments of free5GC using the Nnef_PfdManagement service may β¦
7.3
CVE-2026-25649 - Traccar Vulnerable to Authorization Code Theft via Open Redirect in OIDC Provider Endpoints
Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users can steal OAuth 2.0 authorization codes by exploiting an open redirect vulnerability in two OIDC-related endpoints. The `redirect_uri` parameter is not validated against β¦
5.3
CVE-2026-3027 - erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting
A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched remotely. The exploitβ¦
8.7
CVE-2026-25648 - Traccar Vulnerable to Stored Cross-Site Scripting (XSS) via Malicious SVG File Upload
Versions of the Traccar open-source GPS tracking system starting with 6.11.1 contain an issue in which authenticated users can execute arbitrary JavaScript in the context of other users' browsers by uploading malicious SVG files as device images. The application accepts SVG file uploads without sanβ¦