612 matches found
Deadlock
Overview Affected versions of this package are vulnerable to Deadlock via the SCTP notification handler process. An attacker can cause the control plane to become unresponsive by sending specially crafted SCTP notifications to the N2 interface, resulting in service disruption for all subscribers...
CVE-2026-33904
Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...
CVE-2026-33904
Ella Core is a 5G private-network core. In versions prior to 1.7.0, a deadlock in the AMF SCTP notification handler causes the entire AMF control plane to hang, enabling a denial of service when an attacker with access to the N2 interface sends crafted SCTP notifications. Version 1.7.0 adds defer...
CVE-2026-33904
Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...
CVE-2026-33904 Ella Core has a Denial of Service via SCTP connection cleanup deadlock
Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...
EUVD-2026-16464
Incus vulnerable to denial of source through crafted bucket backup file...
Linux Distros Unpatched Vulnerability : CVE-2026-33743
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access t...
CVE-2026-33743
A flaw was found in Incus, a system container and virtual machine manager. A user with access to Incus' storage bucket feature can exploit this vulnerability by using a specially crafted storage bucket backup. This can cause the Incus daemon to crash, leading to a denial of service of the control...
CVE-2026-33743
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...
UBUNTU-CVE-2026-33743
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...
CVE-2026-33743
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...
CVE-2026-33743 Incus vulnerable to denial of source through crafted bucket backup file
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...
CVE-2026-33743
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...
Ella Core has a Denial of Service via SCTP connection cleanup deadlock
Summary A deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. Impact An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denial of service for all subscribers. Fix Add deferred Radio cleanu...
CVE-2026-32025
OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a malicious webpage and perform password brute-forc...
PT-2026-28563
Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0 Description A deadlock in the AMF's SCTP notification handler can cause the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to...
Identity security is the new pressure point for modern cyberattacks
Identity attacks no longer hinge on who a cyberattacker compromises, but on what that identity can access. As organizations manage growing numbers of human, non-human, and agentic identities, their access fabric multiplies across apps, resources, and environments, which increases both operational...
(0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the azure-cli-mcp component. The issue results from the lack of proper validation of a...
CVE-2026-27646
OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat conte...
Server-Side Request Forgery (SSRF)
kube-controller-manager is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of requests in the in-tree Portworx StorageClass, which allows an attacker to leak sensitive information from internal or unprotected endpoints within the control plane’s hos...