CVE-2026-27643

CVE-2026-27643 affects free5GC UDR, where the NEF component in versions up to and including 1.4.1 leaks internal parsing error details to remote clients, aiding service fingerprinting. All deployments using the Nnef_PfdManagement service may be affected. A patch is available in free5gc/udr PR #56...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the NnefPfdManagement process. An attacker can obtain internal parsing error details by sending crafted requests that trigger error conditions, which may allow them to fingerprint server software and logic flows...

CVE-2026-27642 free5GC has Improper Input Validation in UDM UEAU Service

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

CVE-2026-27642

In free5GC UDM (Nudm_UEAU), versions up to 1.4.1 are affected. Remote attackers can inject control characters (for example, %00) into the supi parameter, triggering net/url parsing errors and exposing system‑level error details, enabling service fingerprinting. A fix is available via free5gc/udm ...

CVE-2025-69251

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the ueId parameter, triggering internal URL parsing errors net/url:...

CVE-2025-69253 free5GC vulnerable to improper error handling in NEF with information exposure

free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details e.g., invalid character '...

CVE-2025-69253 free5GC vulnerable to improper error handling in NEF with information exposure

free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details e.g., invalid character '...

EUVD-2025-207565

free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details e.g., invalid character '...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC such as 1.4.1 and earlier contain security vulnerabilities. These vulnerabilities stem from improper error handling and information leakage in the user data storage libraries. The NEF component...

PT-2026-21592

Name of the Vulnerable Software and Affected Versions free5gc UDM versions up to and including 1.4.1 Description free5gc UDM provides Unified Data Management for free5GC, an open-source 5G mobile core network project. Remote attackers can inject control characters, such as %00, into the supi...

CVE-2025-69208

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. Versions prior to 1.4.1 contain an Improper Error Handling vulnerability with Information Exposure. All deployments of free5GC using the NnefPfdManagement service may be...

CVE-2025-69208 free5GC UDR's NEF incorrectly returns 500 for missing PFD data (UDR 404) in Nnef_PfdManagement GET request

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. Versions prior to 1.4.1 contain an Improper Error Handling vulnerability with Information Exposure. All deployments of free5GC using the NnefPfdManagement service may be...

CVE-2025-69208 free5GC UDR's NEF incorrectly returns 500 for missing PFD data (UDR 404) in Nnef_PfdManagement GET request

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. Versions prior to 1.4.1 contain an Improper Error Handling vulnerability with Information Exposure. All deployments of free5GC using the NnefPfdManagement service may be...

PT-2026-21562

Name of the Vulnerable Software and Affected Versions free5GC UDR versions prior to 1.4.1 Description The free5GC UDR, a user data repository for the free5GC 5G mobile core network project, contains an Improper Error Handling issue that can lead to Information Exposure. Deployments utilizing the...

MiracleLinux 8 : opensc-0.20.0-2.el8 (AXSA:2021-1113:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1113:01 advisory. opensc: Out-of-bounds access of an ASN.1 Bitstring in decodebitstring in libopensc/asn1.c CVE-2019-15945 opensc: Out-of-bounds access of an ASN.1...

EUVD-2025-204633

In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF Windows and DOS End-of-Record EOR characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause inaccurate parsing and leave personally...

CVE-2025-14591

In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF Windows and DOS End-of-Record EOR characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause inaccurate parsing and leave personally...

php: PHP Hostname Null Character Vulnerability

A flaw was found in PHP. The fsockopen function and related functions fail to validate NULL characters within the provided hostname, potentially leading to unexpected behavior during parsing. This flaw allows a network attacker to supply a specially crafted hostname. This issue can result in a...

EUVD-2025-202928

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json includes user input in the error message, which gets reflected in responses. User input including HTML/JavaScript can be exposed in error...

CVE-2025-66452 LibreChat's lack of JSON parsing error handling can lead to XSS

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json includes user input in the error message, which gets reflected in responses. User input including HTML/JavaScript can be exposed in error...