Lucene search
K

612 matches found

Snyk
Snyk
added 2026/03/27 11:24 p.m.3 views

Deadlock

Overview Affected versions of this package are vulnerable to Deadlock via the SCTP notification handler process. An attacker can cause the control plane to become unresponsive by sending specially crafted SCTP notifications to the N2 interface, resulting in service disruption for all subscribers...

7.1CVSS5.9AI score0.00165EPSS
Exploits0References2
NVD
NVD
added 2026/03/27 9:17 p.m.8 views

CVE-2026-33904

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...

6.5CVSS0.00165EPSS
Exploits0References3
CVE
CVE
added 2026/03/27 8:55 p.m.14 views

CVE-2026-33904

Ella Core is a 5G private-network core. In versions prior to 1.7.0, a deadlock in the AMF SCTP notification handler causes the entire AMF control plane to hang, enabling a denial of service when an attacker with access to the N2 interface sends crafted SCTP notifications. Version 1.7.0 adds defer...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:55 p.m.2 views

CVE-2026-33904

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 8:55 p.m.7 views

CVE-2026-33904 Ella Core has a Denial of Service via SCTP connection cleanup deadlock

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/27 5:12 p.m.5 views

EUVD-2026-16464

Incus vulnerable to denial of source through crafted bucket backup file...

6.5CVSS5.9AI score0.00385EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-33743

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access t...

6.5CVSS5.8AI score0.00385EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 11:26 p.m.4 views

CVE-2026-33743

A flaw was found in Incus, a system container and virtual machine manager. A user with access to Incus' storage bucket feature can exploit this vulnerability by using a specially crafted storage bucket backup. This can cause the Incus daemon to crash, leading to a denial of service of the control...

6.5CVSS5.7AI score0.00385EPSS
Exploits1References4
NVD
NVD
added 2026/03/26 11:16 p.m.6 views

CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS0.00385EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 11:16 p.m.5 views

UBUNTU-CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS5.8AI score0.00385EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2026/03/26 10:40 p.m.7 views

CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS5.8AI score0.00385EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/26 10:40 p.m.21 views

CVE-2026-33743 Incus vulnerable to denial of source through crafted bucket backup file

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS0.00385EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/03/26 10:40 p.m.3 views

CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS5.3AI score0.00385EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/03/26 10:13 p.m.8 views

Ella Core has a Denial of Service via SCTP connection cleanup deadlock

Summary A deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. Impact An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denial of service for all subscribers. Fix Add deferred Radio cleanu...

6.5CVSS5.8AI score0.00165EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.3 views

CVE-2026-32025

OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a malicious webpage and perform password brute-forc...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.11 views

PT-2026-28563

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0 Description A deadlock in the AMF's SCTP notification handler can cause the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to...

7.5CVSS5.9AI score0.60368EPSS
Exploits18References46
Microsoft Secure
Microsoft Secure
added 2026/03/25 4:0 p.m.7 views

Identity security is the new pressure point for modern cyberattacks

Identity attacks no longer hinge on who a cyberattacker compromises, but on what that identity can access. As organizations manage growing numbers of human, non-human, and agentic identities, their access fabric multiplies across apps, resources, and environments, which increases both operational...

5.9AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2026/03/24 12:0 a.m.8 views

(0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the azure-cli-mcp component. The issue results from the lack of proper validation of a...

9.8CVSS6.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/23 9:36 p.m.3 views

CVE-2026-27646

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat conte...

5.8CVSS5.3AI score0.00104EPSS
Exploits0References4
Veracode
Veracode
added 2026/03/23 6:43 a.m.8 views

Server-Side Request Forgery (SSRF)

kube-controller-manager is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of requests in the in-tree Portworx StorageClass, which allows an attacker to leak sensitive information from internal or unprotected endpoints within the control plane’s hos...

5.8CVSS7.2AI score0.00355EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder