Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

434 matches found

RedhatCVE
RedhatCVEadded 5 days ago8 views

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

7.5CVSS5.5AI score0.00107EPSS
Exploits0References1
NVD
NVDadded 2026/06/01 3:16 p.m.10 views

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

7.5CVSS0.00107EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/01 12:0 a.m.7 views

CVE-2026-37229

FlexRIC v2.0.0 contains a reachable assertion in e2apcreatepdu triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence e.g., a single 0x00 byte over SCTP to the near-RT RIC port 36421 or iApp port 36422 to crash the process via SIGABRT. The...

5.8AI score0.00184EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/06/01 12:0 a.m.26 views

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

0.00107EPSS
Exploits0References2
CVE
CVEadded 2026/06/01 12:0 a.m.13 views

CVE-2026-37234

CVE-2026-37234 affects FlexRIC v2.0.0. A single SCTP connection can bind multiple xapp_ids via multiple E42_SETUP_REQUESTs. Upon disconnect, only the first registered xapp_id’s resources are cleaned up; other xapp_ids and their subscriptions remain as stale entries, allowing a remote attacker to ...

8.2CVSS5.8AI score0.00155EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2026/06/01 12:0 a.m.5 views

FlexRIC security vulnerabilities

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability arises from the use of the assert function to enforce mapping relationships before sending the E2SETUPREQUEST message. This could allow remote...

7.5CVSS5.8AI score0.00107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/06/01 12:0 a.m.8 views

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

5.8AI score0.00107EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/06/01 12:0 a.m.11 views

PT-2026-45430

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2 SETUP REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 364...

5.8AI score0.00107EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/06/01 12:0 a.m.8 views

PT-2026-45507

FlexRIC v2.0.0 contains a reachable assertion in e2ap recv sctp msg src/lib/ep/e2ap ep.c. The function allocates a fixed 32KB receive buffer and enforces assertrc = 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. No valid E2AP PDU is required. All four SCTP...

6.1AI score0.00247EPSS
Exploits1References3
CVE
CVEadded 2026/06/01 12:0 a.m.11 views

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a persistent SCTP↔E2 node mapping in the cleanup path and enforces this with an assert(), enabling a remote unauthenticated attacker to crash the near-RT RIC (port 36421) by compl...

7.5CVSS5.8AI score0.00107EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/01 12:0 a.m.10 views

EUVD-2026-33659

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

7.5CVSS5.8AI score0.00107EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2026/05/29 1:14 a.m.10 views

SUSE CVE-2026-46227

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

7CVSS5.7AI score0.00013EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/05/28 12:35 p.m.12 views

CVE-2026-46227

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...

7.8CVSS6.1AI score0.00013EPSS
Exploits0References4
NVD
NVDadded 2026/05/28 10:16 a.m.13 views

CVE-2026-46227

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

7.8CVSS0.00013EPSS
Exploits0References8
EUVD
EUVDadded 2026/05/28 9:40 a.m.8 views

EUVD-2026-32854

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

5.8AI score0.00013EPSS
Exploits0References5
Debian CVE
Debian CVEadded 2026/05/28 9:40 a.m.9 views

CVE-2026-46227

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

7.8CVSS5.7AI score0.00013EPSS
Exploits0
Cvelist
Cvelistadded 2026/05/28 9:40 a.m.31 views

CVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

7.8CVSS0.00013EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/05/28 9:40 a.m.5 views

CVE-2026-46227

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

7.8CVSS5.7AI score0.00013EPSS
Exploits0References9Affected Software1
CNNVD
CNNVDadded 2026/05/28 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the SCTPSENDALL path, where sctpsendmsgtoasoc may release the socket lock, causing other threads ...

7.8CVSS5.8AI score0.00013EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/05/27 12:0 a.m.10 views

Ella Core 安全漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of whether the...

7.1CVSS5.8AI score0.00022EPSS
Exploits0References2
Rows per page
Query Builder