free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of inbound OAuth2/Bearer-token authorization when the NEF module mounted the 3gpp-traffic-influence...

EUVD-2026-27151

A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udmnudmuecmhandleamfregistrationupdate of the file /src/udm/nudm-handler.c of the component amf-3gpp-access Endpoint. The manipulation leads to denial of service. The attack is possible to be...

CVE-2026-7781 Open5GS amf-3gpp-access Endpoint nudm-handler.c udm_nudm_uecm_handle_amf_registration_update denial of service

A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udmnudmuecmhandleamfregistrationupdate of the file /src/udm/nudm-handler.c of the component amf-3gpp-access Endpoint. The manipulation leads to denial of service. The attack is possible to be...

CVE-2026-7781

Open5GS

MINI-XHJC-HGH3-3GPP

Bulletin has no description...

EUVD-2015-3862

Malware in sbrugna...

EUVD-2017-6801

Malware in sbrugna...

EUVD-2023-37289

Malicious code in bioql PyPI...

EUVD-2023-37285

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-45204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimCboxread at isomedia/boxcode3gpp.c. CVE-2022-45204 Note that...

Linux Distros Unpatched Vulnerability : CVE-2022-45202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimCboxread at isomedia/boxcode3gpp.c. CVE-2022-45202 Note th...

CVE-2023-33096

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16...

CVE-2023-33100

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification...

CVE-2012-6616

The movtextdecodeframe function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service out-of-bounds read and crash via crafted 3GPP TS 26.245 data...

CVE-2024-1794

The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file e.g. 3gpp file in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2024-1794 Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload

The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file e.g. 3gpp file in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2023-33100

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification...

CVE-2023-33100 Improper input validation in Multi-Mode Call Processor

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification...

CVE-2023-33100

CVE-2023-33100 is a DoS issue affecting Qualcomm closed‑source components, arising during processing of DL NAS Transport messages when the 3GPP message ID is not defined. The entry shows a network‑based vulnerability with high impact (Availability impact) and a CVSSv3.1 base score of 7.5. Public ...

CVE-2023-33100 Improper input validation in Multi-Mode Call Processor

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification...