378 matches found
CVE-2026-44475
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with...
CVE-2026-44474
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending and vice versa. Concurrent...
EUVD-2026-32563
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection,...
CVE-2026-44473
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection,...
CVE-2026-44475
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with...
CVE-2026-44475 Ella Core: UE Security Capability bypass on NGAP PathSwitchRequest
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with...
CVE-2026-44474
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending and vice versa. Concurrent...
Ella Core 安全漏洞
Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of whether the...
WordPress Deliciosa theme <= 1.10.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Deliciosa versions = 1.10.0...
WordPress Nexio theme <= 1.10.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Nexio versions = 1.10.0...
EUVD-2026-31706
A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...
CVE-2026-9473
A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...
CVE-2026-9473
CVE-2026-9473 affects c-rick jimeng-mcp 1.10.0. The vulnerability lies in src/api.ts functions getFileContent, uploadCoverFile, generateImage, and generateVideo where manipulating the argument filePath enables path traversal. The attack could be remote; exploit has been disclosed publicly and the...
CVE-2026-9473 c-rick jimeng-mcp api.ts generateVideo path traversal
A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...
CVE-2026-9473 c-rick jimeng-mcp api.ts generateVideo path traversal
A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...
Jimeng MCP 路径遍历漏洞
Jimeng MCP is an MCP server for cc individual developers that integrates i.e. Dream AI image and video generation. Jimeng MCP version 1.10.0 has a path traversal vulnerability , the vulnerability stems from the file src/api.ts function getFileContent/uploadCoverFile/generateImage/generateVideo on...
PT-2026-43088
A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...
@antv/f2-react (>=5.0.19 <=5.14.0), @antv/f2-site (=5.0.0-alpha.1) potentially affected by unknown CVE via @antv/f-react (=1.10.0)
@antv/f-react NPM version =1.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/f-react and may be impacted: - @antv/f2-react =5.0.19, =5.14.0 - @antv/f2-site =5.0.0-alpha.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3885...
@abhishekbarve/react-components (>=1.0.1 <=1.0.8), @adpush/start (>=1.87.15 <=1.87.16) +148 more potentially affected by unknown CVE via @tanstack/router-generator (>=1.10.0 <=1.166.42)
@tanstack/router-generator NPM version =1.10.0, =1.0.1, =1.87.15, =0.1.0, =0.0.2-canary.11, =1.0.0, =0.0.1, =0.5.2, =0.1.1, =0.0.4, =0.1.0, =1.0.0, =0.2.0, =0.2.0, =0.2.12 - @dauphaihau/react-template =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3476...
Astra Linux - уязвимость в subversion
Subversion’s moddavsvn is vulnerable to memory corruption. When checking path-based authorization rules, moddavsvn servers may attempt to use memory that has already been freed. Affected Subversion moddavsvn servers include versions 1.10.0 through 1.14.1 including those versions. Servers that do...