Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

666 matches found

AstraLinux
AstraLinuxadded 4 days ago4 views

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

10CVSS8.9AI score0.02074EPSS
Exploits1References2
AstraLinux
AstraLinuxadded 4 days ago3 views

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

10CVSS8.9AI score0.02186EPSS
Exploits1References2
AstraLinux
AstraLinuxadded 4 days ago9 views

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

10CVSS8.9AI score0.02191EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/06/05 7:12 p.m.7 views

CVE-2026-44320

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback...

7.3CVSS5.6AI score0.00232EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:12 p.m.8 views

CVE-2026-44315

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a...

9.4CVSS5.6AI score0.00287EPSS
Exploits1References1
NVD
NVDadded 2026/05/27 5:16 p.m.12 views

CVE-2026-44327

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handl...

10CVSS0.00287EPSS
Exploits1References3
NVD
NVDadded 2026/05/27 5:16 p.m.15 views

CVE-2026-44330

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token e.g. Authorization...

10CVSS0.00238EPSS
Exploits1References1
NVD
NVDadded 2026/05/27 5:16 p.m.12 views

CVE-2026-44320

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback...

7.3CVSS0.00232EPSS
Exploits1References3
NVD
NVDadded 2026/05/27 5:16 p.m.15 views

CVE-2026-44322

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/afId/transactions/transId/applications/appId handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != nil...

7.5CVSS0.00364EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/27 3:52 p.m.6 views

CVE-2026-44315

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a...

9.4CVSS5.9AI score0.00287EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/27 3:49 p.m.5 views

CVE-2026-44319

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications, the notifier calls NnefPFDmanagementNotify... and on any delivery error...

7.5CVSS5.8AI score0.00385EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2026/05/27 3:49 p.m.14 views

CVE-2026-44319

Summary (fact-grounded): CVE-2026-44319 affects free5GC NEF prior to version 4.2.2, where an attacker-controlled PFD notifyUri can trigger asynchronous delivery failures that cause NEF to call Fatal and exit, resulting in a complete availability outage until restart. The vulnerability occurs in P...

7.5CVSS5.8AI score0.00385EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2026/05/27 3:49 p.m.44 views

CVE-2026-44319 free5GC: NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications, the notifier calls NnefPFDmanagementNotify... and on any delivery error...

7.5CVSS0.00385EPSS
Exploits1References4
EUVD
EUVDadded 2026/05/27 3:49 p.m.10 views

EUVD-2026-32579

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications, the notifier calls NnefPFDmanagementNotify... and on any delivery error...

7.5CVSS5.8AI score0.00385EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/05/27 3:48 p.m.39 views

CVE-2026-44320 free5GC: NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback...

7.3CVSS0.00232EPSS
Exploits1References3
EUVD
EUVDadded 2026/05/27 3:46 p.m.9 views

EUVD-2026-32576

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/afId/transactions/transId/applications/appId handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != nil...

7.5CVSS5.8AI score0.00364EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/27 3:41 p.m.8 views

CVE-2026-44326

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptio...

9.4CVSS5.8AI score0.00287EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2026/05/27 3:41 p.m.14 views

CVE-2026-44326

CVE-2026-44326 affects free5gc NEF 3gpp-traffic-influence API. Prior to version 4.2.2, the NEF mounts the 3gpp-traffic-influence endpoint without inbound OAuth2/bearer-token authorization. An unauthenticated or forged-token request reachable on the SBI can create, read, patch, and delete traffic-...

9.4CVSS5.8AI score0.00287EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/27 3:40 p.m.5 views

CVE-2026-44327 free5GC: NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handl...

10CVSS5.8AI score0.00287EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/05/27 3:36 p.m.8 views

CVE-2026-44330

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token e.g. Authorization...

10CVSS5.9AI score0.00238EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder