Lucene search
K

4 matches found

NVD
NVD
added 2026/05/27 5:16 p.m.27 views

CVE-2026-42081

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the...

7.1CVSS0.00266EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/27 3:43 p.m.9 views

CVE-2026-44325 free5GC: NRF POST /oauth2/token structured-form parser type-confusion panic family (Reflect.Set on incompatible types)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq,...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References4
Patchstack
Patchstack
added 2025/12/16 12:37 a.m.6 views

WordPress Auto Featured Image plugin <= 4.2.1 - Missing Authorization to Authenticated (Contributor+) Post Thumbnail Modification vulnerability

Missing Authorization to Authenticated Contributor+ Post Thumbnail Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Auto Featured Image Auto Post Thumbnail versions = 4.2.1...

4.3CVSS6.7AI score0.00287EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/26 3:15 p.m.15 views

AZL-31719 CVE-2023-46234 affecting package reaper for versions less than 3.1.1-9

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

7.5CVSS6.5AI score0.00508EPSS
Exploits0References1
Rows per page
Query Builder