Lucene search
K

70 matches found

Snyk
Snyk
added 2026/06/26 8:30 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the GetPolicyByIDQueries process. An attacker can access policy data belonging to other teams by sending requests to the global policy read endpoint with valid credentials for any team, thereby bypassing...

5.3CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-40343

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

6.9CVSS5.5AI score0.09955EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 3:36 p.m.50 views

CVE-2026-44330 free5GC: NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token e.g. Authorization...

10CVSS0.00287EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/06 4:15 p.m.7 views

CVE-2026-20193 Cisco Identity Services Engine Authentication Bypass Vulnerability

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/22 5:6 p.m.8 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the PolicyDataSubsToNotifyPost process. An attacker can create unintended notification subscriptions with invalid, empty, or partially processed input by sending malformed or...

6.9CVSS5.8AI score0.09955EPSS
Exploits0References2
NVD
NVD
added 2026/04/22 12:16 a.m.7 views

CVE-2026-40343

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

6.9CVSS0.09955EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC 1.4.2 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the UDR service, where open-ended failure request handling was flawed. As a result, the POST handler...

6.9CVSS5.9AI score0.09955EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 11:47 p.m.3 views

CVE-2026-40343 free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

6.9CVSS5.9AI score0.09955EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 11:47 p.m.4 views

CVE-2026-40343

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

6.9CVSS5.8AI score0.09955EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/21 11:47 p.m.46 views

CVE-2026-40343 free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

6.9CVSS0.09955EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 11:47 p.m.5 views

CVE-2026-40343 free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

6.9CVSS5.8AI score0.09955EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 7:5 p.m.4 views

EUVD-2026-24555

free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation...

6.9CVSS5.7AI score0.09955EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 7:5 p.m.10 views

GHSA-JWCH-W7WH-GQJM free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation

Summary A fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue processing requests even after request body retrieval or deserialization errors. This may allow unintended creation of Policy Data notification subscriptions wit...

6.9CVSS6AI score0.09955EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/21 7:5 p.m.15 views

free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation

Summary A fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue processing requests even after request body retrieval or deserialization errors. This may allow unintended creation of Policy Data notification subscriptions wit...

6.9CVSS6AI score0.09955EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/18 7:22 a.m.6 views

CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

6.9CVSS6AI score0.00321EPSS
Exploits1References1
NVD
NVD
added 2026/04/16 10:16 p.m.6 views

CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

6.9CVSS0.00321EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/16 9:59 p.m.3 views

CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

6.9CVSS6AI score0.00321EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/16 9:59 p.m.15 views

CVE-2026-40249

CVE-2026-40249 affects free5GC UDR (versions 4.2.1 and earlier). The PUT handler for /nudr-dr/v2/policy-data/subs-to-notify/{subsId} may continue processing after request body read or deserialization errors, invoking the processor with an uninitialized/partially initialized PolicyDataSubscription...

6.9CVSS6AI score0.00321EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/16 9:59 p.m.8 views

CVE-2026-40249 free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

6.9CVSS6AI score0.00321EPSS
Exploits1References1
OSV
OSV
added 2026/04/16 9:59 p.m.2 views

CVE-2026-40249 free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

6.9CVSS6.1AI score0.00321EPSS
Exploits1References3
Rows per page
Query Builder