CVE-2026-3051 DataLinkDC dinky Project Name GitRepository.java getProjectDir path traversal

A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the component Project Name Handler. Such manipulation of the argument projectName leads to path traversal...

CVE-2026-27643

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details e.g., invalid character 'n' after top-level value to remote clients...

CVE-2026-27643 free5GC has improper error handling in NEF with information exposure

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details e.g., invalid character 'n' after top-level value to remote clients...

EUVD-2026-7462

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details e.g., invalid character 'n' after top-level value to remote clients...

CVE-2025-69253

Summary: CVE-2025-69253 affects free5GC UDR (versions up to 1.4.1) with improper error handling in NEF that exposes internal parsing error details to remote clients, enabling service fingerprinting. The vulnerability specifically impacts deployments using the Nnef_PfdManagement service. The root ...

CVE-2025-69253 free5GC vulnerable to improper error handling in NEF with information exposure

free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details e.g., invalid character '...

ImageMagick 代码问题漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 7.1.2-15 and 6.9.13-40 contained code vulnerabilities. These vulnerabilities stemmed from...

PT-2026-21582

free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details e.g., invalid character '...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC UDR 1.4.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the NEF component leaking internal parsing error details, which may facilitate service fingerprint recogniti...

CVE-2025-69208 free5GC UDR's NEF incorrectly returns 500 for missing PFD data (UDR 404) in Nnef_PfdManagement GET request

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. Versions prior to 1.4.1 contain an Improper Error Handling vulnerability with Information Exposure. All deployments of free5GC using the NnefPfdManagement service may be...

CVE-2025-69208 free5GC UDR's NEF incorrectly returns 500 for missing PFD data (UDR 404) in Nnef_PfdManagement GET request

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. Versions prior to 1.4.1 contain an Improper Error Handling vulnerability with Information Exposure. All deployments of free5GC using the NnefPfdManagement service may be...

GO-2026-4505 Libredesk has a SSRF Vulnerability in Webhooks in github.com/abhinavxd/libredesk

Libredesk has a SSRF Vulnerability in Webhooks in github.com/abhinavxd/libredesk...

GO-2026-4499 Gogs has an Authorization Bypass Allows Cross-Repository Label Modification in Gogs in gogs.io/gogs

Gogs has an Authorization Bypass Allows Cross-Repository Label Modification in Gogs in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2026-4501 Gogs Allows Cross-Repository Comment Deletion via DeleteComment in gogs.io/gogs

Gogs Allows Cross-Repository Comment Deletion via DeleteComment in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

CVE-2026-21420

Dell Repository Manager DRM, versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges...

CVE-2026-21420

Dell Repository Manager DRM, versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges...

CVE-2026-21420

Dell Repository Manager DRM, versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges...

CVE-2026-21420

Dell Repository Manager DRM, versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges...

CVE-2026-21420

Dell Repository Manager (DRM) v3.4.7 and earlier is affected by an Uncontrolled Search Path Element, enabling a local, low-privilege attacker to potentially execute arbitrary code and escalate privileges. Root cause is improper handling of search paths in DRM prior to 3.4.8. Impact includes high ...

CVE-2026-25747 Apache Camel LevelDB: Deserialization of Untrusted Data in Camel LevelDB

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...