CVE-2025-46115

An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request...

EUVD-2025-209598

An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request...

PT-2026-36166

An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request...

WOOTdroid: Whole-System Online On-Device Tracing for Android

System auditing on Android faces two problems. First, existing syscall tracers lose events under load, silently overwriting entries faster than a user space reader can drain them. Second, security-relevant application behavior is mediated through Binder, Android's kernel IPC mechanism, and is...

CVE-2025-46115

CVE-2025-46115 affects Open5GS v2.7.3. A crafted PDU Session Modification Request can remotely cause a denial of service. Documented as a network-accessible issue with a high-severity impact (Availability) but no explicit exploit details, affected components, or fixed versions are provided in the...

PT-2026-36186

Name of the Vulnerable Software and Affected Versions SSCMS version 7.4.0 Description An issue exists in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. This allows attackers to submit encrypted payloads to...

Open5GS 输入验证错误漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Version 2.7.3 of Open5GS contains a vulnerability related to input validation errors. This vulnerability stems from specially crafted PDU session modification requests,...

CVE-2025-10503

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

CVE-2026-42513

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

CVE-2026-42513 Authentication Bypass Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

EUVD-2025-209586

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

GHSA-PP79-HQV6-VMC3 FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field

Summary The application fails to validate the nick parameter during a POST request to the EditUser controller. Although the UI prevents editing this field, a user can bypass this restriction using a proxy to rename any account including the Administrator. This leads to Broken Access Control and...

FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field

Summary The application fails to validate the nick parameter during a POST request to the EditUser controller. Although the UI prevents editing this field, a user can bypass this restriction using a proxy to rename any account including the Administrator. This leads to Broken Access Control and...

CVE-2026-3893

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

EUVD-2026-26116

OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channel allowlist writes in the /allowlist endpoint. An authorized non-owner sender can bypass access controls to perform allowlist modifications against different channels, violating the intended trust model...

CVE-2026-3893

The CVE-2026-3893 affects the Carlson VASCO-B GNSS Receiver. The connected PT-Security entry indicates attackers can exploit the absence of authentication to gain unauthenticated remote access, escalate privileges, and move laterally within manufacturing networks, enabling modification of configu...

CVE-2026-3893 Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

EUVD-2026-26081

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

CVE-2026-3893

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

Malicious code in genmedia-izumi-agent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6afd24d0d974a2b6b82c9aa120945d1c531a3ea17e81bbdf526890f2f0e18905 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...