Bit-Flip Vulnerability of Shared KV-Cache Blocks in LLM Serving Systems

Rowhammer on GPU DRAM has enabled adversarial bit flips in model weights; shared KV-cache blocks in LLM serving systems present an analogous but previously unexamined target. In vLLM's Prefix Caching, these blocks exist as a single physical copy without integrity protection. Using software fault...

CVE-2026-30080

OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context c...

CVE-2026-30080

OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context c...

PT-2026-31326

Name of the Vulnerable Software and Affected Versions OpenAirInterface version 2.2.0 Description OpenAirInterface version 2.2.0 allows Security Mode Complete without integrity protection. Despite supporting integrity protection configurations NIA1 and NIA2, the system accepts initial registration...

CVE-2026-30080

OpenAirInterface v2.2.0 is documented to accept Security Mode Complete without integrity protection. The issue arises when a UE’s initial registration request advertises only security capability IA0, yet the system has supported integrity NIA1 and NIA2. In this scenario, the downgrade of the secu...

CVE-2026-30080

OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context c...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the processing of a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings. An attacker can cause the process to crash and disrupt...

PT-2026-25087

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.5.1 Description Ella Core is a 5G core designed for private networks. Prior to version 1.5.1, the software experiences a panic when processing a malformed integrity-protected NGAP/NAS message with a length less th...

CVE-2026-23767

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection...

EUVD-2026-9594

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection...

CVE-2026-23767

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection...

CVE-2026-23767

CVE-2026-23767 affects ESC/POS, the printer control language from Seiko Epson. The description states there are no user authentication or command authorization mechanisms, no controls to restrict network sources/destinations, and that commands are transmitted without encryption or integrity prote...

CVE-2026-23767

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection...

CVE-2026-23767

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection...

PT-2026-23215

Name of the Vulnerable Software and Affected Versions ESC/POS affected versions not specified Description ESC/POS, a printer control language developed by Seiko Epson Corporation, does not include user authentication or command authorization features. It also lacks controls to limit network...

EPSON ESC/POS 访问控制错误漏洞

EPSON ESC/POS is a protocol used by the Japanese company EPSON for controlling POS printers. EPSON ESC/POS has a vulnerability related to access control. This vulnerability stems from the lack of user authentication and command authorization mechanisms, no control over network communication sourc...

Impact of 5G SA Logical Vulnerabilities on UAV Communications: Threat Models and Testbed Evaluation

This paper examines how logical vulnerabilities in 5G Standalone networks affect UAV command and control communication. The study looks at three attacker positions in the architecture: a malicious user equipment UE connected to the same logical network as the UAV, an attacker with access to the 5...

GHSA-C7PH-F7JM-XV4W rPGP's integrity protection of encrypted data was not always checked

Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...

rPGP's integrity protection of encrypted data was not always checked

Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...

CVE-2018-19205

Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigmadrivergnupg.php...