Lucene search
+L

62 matches found

nvd
nvd
added 2026/06/26 3:16 p.m.6 views

CVE-2026-57313

Subscriber Cross Site Scripting XSS in SureCart = 4.2.2 versions...

6.5CVSS0.00211EPSS
Exploits0References1
astralinux
astralinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, there was a heap buffer overflow vulnerability in the ReadYUVImage function coders/yuv.c, when processing malicious YUV 4:2:2 NoInterlace images. This...

9.8CVSS7.4AI score0.00461EPSS
Exploits0References3
osv
osv
added 2026/06/12 8:54 a.m.3 views

CVE-2026-49875 Apache CXF: XML External Entity (XXE) Injection in W3CMultiSchemaFactory and EndpointReferenceUtils

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band OOB external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue...

6.5CVSS5.9AI score0.00527EPSS
Exploits0References10
osv
osv
added 2026/06/12 8:52 a.m.4 views

CVE-2026-50623 Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService

An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint /services/oauth2/introspect can be accessed by any unauthenticated network attacker. However note that th...

4.8CVSS5.9AI score0.00371EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.27 views

PT-2026-48850

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

5.2AI score0.00294EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:16 p.m.17 views

CVE-2026-42083

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF NpcfSMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer, the smPolicyGroup route group is created and routes are...

8.2CVSS5.5AI score0.00323EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/05 7:12 p.m.12 views

CVE-2026-44328

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/upNodeRef handler unconditionally dereferences upNode.UPF after the type-guarded...

8.2CVSS5.5AI score0.00324EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/05/28 8:13 p.m.11 views

CVE-2026-44324

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does n...

6.5CVSS6AI score0.0042EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/05/28 8:12 p.m.10 views

CVE-2026-44319

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications, the notifier calls NnefPFDmanagementNotify... and on any delivery error...

7.5CVSS5.8AI score0.00404EPSS
Exploits1References1
nvd
nvd
added 2026/05/27 5:16 p.m.18 views

CVE-2026-44329

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and...

10CVSS0.00331EPSS
Exploits1References4
nvd
nvd
added 2026/05/27 5:16 p.m.34 views

CVE-2026-44321

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...

7.5CVSS0.00364EPSS
Exploits1References4
nvd
nvd
added 2026/05/27 5:16 p.m.23 views

CVE-2026-42083

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF NpcfSMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer, the smPolicyGroup route group is created and routes are...

8.2CVSS0.00323EPSS
Exploits1References4
euvd
euvd
added 2026/05/27 3:52 p.m.14 views

EUVD-2026-32552

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the...

7.5CVSS5.8AI score0.00404EPSS
Exploits1References4
osv
osv
added 2026/05/27 3:52 p.m.2 views

CVE-2026-44316 free5GC: PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the...

7.5CVSS6AI score0.00404EPSS
Exploits1References6
osv
osv
added 2026/05/27 3:50 p.m.3 views

CVE-2026-44317 free5GC: PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" enabling traffic-routing feature negotiation and whose medComponents...

6.5CVSS6AI score0.0035EPSS
Exploits1References6
euvd
euvd
added 2026/05/27 3:48 p.m.15 views

EUVD-2026-32578

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback...

7.3CVSS5.9AI score0.00241EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/05/27 3:46 p.m.15 views

CVE-2026-44322

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/afId/transactions/transId/applications/appId handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != nil...

7.5CVSS5.8AI score0.0039EPSS
Exploits1References5Affected Software1
cve
cve
added 2026/05/27 3:45 p.m.23 views

CVE-2026-44323

This CVE-2026-44323 affects free5GC UDR in the v4.2.1 timeframe, where the DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler dereferences a nil map entry after a missing subsId, causing a nil-pointer panic (HTTP 500) on an authenticated request. ...

6.5CVSS5.8AI score0.0035EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2026/05/27 3:44 p.m.8 views

CVE-2026-44324

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does n...

6.5CVSS6AI score0.0042EPSS
Exploits1References5Affected Software1
cve
cve
added 2026/05/27 3:43 p.m.32 views

CVE-2026-44325

CVE-2026-44325 affects free5GC NRF (v4.2.1) where POST /oauth2/token parses form data with a reflective type-confusion in api_accesstoken.go. The handler reflects over NrfAccessTokenAccessTokenReq, incorrectly treating most fields as a *models.PlmnId and assigns it to various destination fields, ...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder