CVE-2026-31744

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer dereference when perf domain ID is not found devenergymodelnlgetperfdomainsdoit calls emperfdomaingetbyid but does not check the return value before passing it to emnlgetpdsize. When a caller supplies a...

CVE-2026-31744

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer dereference when perf domain ID is not found devenergymodelnlgetperfdomainsdoit calls emperfdomaingetbyid but does not check the return value before passing it to emnlgetpdsize. When a caller supplies a...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference when processing a malformed PFCP SessionReportRequest in the process when ReportType.USAR is set to 1 and the UsageReport omits the mandatory URRID sub-IE. An attacker can cause the service to panic and terminat...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the PFCP SessionReportRequest process when ReportType.USAR is set to 1 and the UsageReport omits the mandatory URRID sub-IE. An attacker can cause the service to crash and terminate by sending a specially...

CVE-2026-26025

CVE-2026-26025 affects free5GC SMF (versions up to and including 1.4.1). A malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface can cause the SMF to panic and terminate. No upstream fix is provided in the available documents. Mitigations described in the sources include ACL/firewa...

CVE-2025-52856 VioStor

An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later...

CVE-2025-33033

CVE-2025-33033 affects QNAP Qsync Central. A path traversal vulnerability allows a remote attacker who has a user account to read unexpected files or system data. The issue is fixed in Qsync Central 4.5.0.7 and later (patch released around 2025-04-23). Affected versions prior to 4.5.0.7 should be...

Ubuntu: Security Advisory (USN-7718-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Measuring and Explaining the Effects of Android App Transformations in Online Malware Detection

It is well known that antivirus engines are vulnerable to evasion techniques e.g., obfuscation that transform malware into its variants. However, it cannot be necessarily attributed to the effectiveness of these evasions, and the limits of engines may also make this unsatisfactory result. In this...

CASCADE: LLM-Powered JavaScript Deobfuscator at Google

Software obfuscation, particularly prevalent in JavaScript, hinders code comprehension and analysis, posing significant challenges to software testing, static analysis, and malware detection. This paper introduces CASCADE, a novel hybrid approach that integrates the advanced coding capabilities o...

PT-2025-1396 · Open5Gs · Open5Gs Mme

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions prior to 2.6.4 Description: The issue allows an attacker to send a malformed ASN.1 packet over the S1AP interface, triggering an assertion that can cause a denial of service. Specifically, an attacker may send an "Initial...

Open5GS 安全漏洞

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a security vulnerability that can be exploited by an attacker to send an "E-RAB Setup Response" message that lacks the required mmeues1apid' field to...

PT-2025-1402 · Open5Gs · Open5Gs Mme

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions = 2.6.4 Description: The issue concerns an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an eNB Status Transfer message missing a required MME UE S1AP ...

PT-2025-1403 · Open5Gs · Open5Gs Mme

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions = 2.6.4 Description: The issue is related to an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a "Handover Required" message missing a required MME UE...

PT-2025-1407 · Open5Gs · Open5Gs Mme

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions = 2.6.4 Description: The issue concerns an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Path Switch Request message missing a required MME UE S1AP I...

PT-2025-1419 · Magma · Magma

Name of the Vulnerable Software and Affected Versions: Magma versions 1.8.0 and earlier Description: The issue allows network-adjacent attackers to crash the Mobile Management Entity MME via an S1AP "E-RAB Modification Indication" packet missing an expected eNB UE S1AP ID field. This is a null...

Sentrifugo SQL注入漏洞

Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A SQL injection vulnerability exists in Sentrifugo version 3.2, which stems from a missing id parameter in the...

CSCMS Music Portal System SQL Injection Vulnerability (CNVD-2022-45898)

CSCMS Music Portal System is a diversified content management system from China Sunshine Network Technology CSCMS, Inc. A SQL injection vulnerability exists in CSCMS Music Portal System, which originates from the missing id parameter of /admin.php/news/admin/news/save validation of external input...

CSCMS Music Portal SystemSQL注入漏洞

CSCMS Music Portal System is a diversified content management system from China Sunshine Network Technology CSCMS, Inc. A SQL injection vulnerability exists in CSCMS Music Portal System, which originates from the missing id parameter of /admin.php/news/admin/topic/save validation of external inpu...

CSCMS Music Portal System SQL注入漏洞

CSCMS Music Portal System is a diversified content management system from China Chongsheng Network Technology CSCMS, Inc. A SQL injection vulnerability exists in CSCMS Music Portal System, which originates from the missing id parameter in /admin.php/pic/admin/lists/zhuan validation of external...