PT-2026-8007

Name of the Vulnerable Software and Affected Versions free5GC version 4.0.1 Description A heap buffer overflow exists in the UPF component of free5GC version 4.0.1. This flaw allows remote attackers to potentially cause a denial of service by sending a specially crafted PFCP Session Modification...

CVE-2025-70122

A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function sdf-filter.go when processing a declared length that...

CVE-2026-2062 Open5GS PGW S5U Address sgwc_sxa_handle_session_modification_response null pointer dereference

A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwcs5chandlemodifybearerresponse/sgwcsxahandlesessionmodificationresponse of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. The attack can be initiated remotely. The explo...

CVE-2026-2062 Open5GS PGW S5U Address sgwc_sxa_handle_session_modification_response null pointer dereference

A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwcs5chandlemodifybearerresponse/sgwcsxahandlesessionmodificationresponse of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. The attack can be initiated remotely. The explo...

CVE-2026-2062

Open5GS up to 2.7.6 is affected by CVE-2026-2062 in the PGW S5U Address Handler, specifically the sgwc_s5c_handle_modify_bearer_response and sgwc_sxa_handle_session_modification_response functions. The issue is a null pointer dereference that can be triggered remotely. Public exploit details exis...

CVE-2025-65561

An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header Local SEID to the PFCP Session Modification Request...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the LocalNode.Sess function when processing a crafted Local SEID header in a PFCP Session Modification Request. An attacker can disrupt service availability or cause other unintended effects by sending speciall...

CVE-2025-65561

An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header Local SEID to the PFCP Session Modification Request...

CVE-2025-65561

An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header Local SEID to the PFCP Session Modification Request...

CVE-2025-65561

The CVE-2025-65561 entry describes a DoS flaw in free5GC 4.1.0 triggered by a crafted Local SEID header in PFCP Session Modification Request, affecting LocalNode.Sess. Red Hat, NVD, OSV, CNNVD, CVE lists, and Snyk corroborate the issue, with practical impact limited to denial of service or other ...

PT-2025-52284

Name of the Vulnerable Software and Affected Versions free5GC version 4.1.0 Description An issue exists in the LocalNode.Sess function that could allow attackers to cause a denial of service or other unspecified impacts. This can occur through a crafted header, specifically the Local SEID, within...

CVE-2025-65561

An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header Local SEID to the PFCP Session Modification Request...

EUVD-2005-2150

Malware in sbrugna...

EUVD-2014-1373

Malware in sbrugna...

CVE-2024-21722

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified...

GHSA-7MX2-7Q8P-PGMW Symfony may allow a user to switch to using another user's identity

Symfony 2.0.6 has just been released. It addresses a security vulnerability in the EntityUserProvider as provided in the Doctrine bridge. If you let your users update their login/username from a form, and if you are using Doctrine as a user provider, then you are vulnerable and you should upgrade...

SUSE CVE-2005-2149

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the nohttpheaders switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks...

SUSE CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

SAP Financial Consolidation 跨站脚本漏洞

SAP Financial Consolidation is a financial statement solution from SAP. The product is designed to automate intercompany reconciliations and offsets, currency conversions, and provide financial statement generation. A cross-site scripting vulnerability exists in SAP Financial Consolidation versio...

Exploit for Authentication Bypass by Spoofing in Zabbix

CVE-2022-23131 Zabbix - SAML SSO Authentication Bypass Des...