Lucene search
K

2789 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44326

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptio...

9.4CVSS5.5AI score0.00311EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.10 views

CVE-2026-44330

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token e.g. Authorization...

10CVSS5.6AI score0.00287EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2026/06/03 12:0 a.m.3 views

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server lies in their deserialization mechanism flaws, which allows attackers to execute arbitrary code.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

9CVSS6.4AI score0.03219EPSS
Exploits3References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 6:5 p.m.6 views

CVE-2026-49120 Medplum < 5.1.14 SSRF via FHIR Subscription Endpoint

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...

8.5CVSS6AI score0.00229EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 6:5 p.m.10 views

EUVD-2026-33998

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...

8.5CVSS6AI score0.00229EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 6:5 p.m.18 views

CVE-2026-49120

Medplum's SSRF flaw (CVE-2026-49120) affects Medplum before 5.1.14 in the subscription worker. An authenticated user can create FHIR Subscription resources with arbitrary endpoint URLs, enabling server-side requests to internal addresses (e.g., metadata services, internal databases, container orc...

8.5CVSS6AI score0.00229EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/02 6:5 p.m.29 views

CVE-2026-49120 Medplum < 5.1.14 SSRF via FHIR Subscription Endpoint

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...

8.5CVSS0.00229EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.15 views

CVE-2026-37234

FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xappids by sending multiple E42SETUPREQUESTs. On disconnect, only the first registered xappid's resources are cleaned up; subsequent xappids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak...

8.2CVSS5.8AI score0.00345EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.15 views

CVE-2026-37226

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert in Debug builds SIGABRT and dereferenced in Release builds SIGSEGV. A remote unauthenticated attacker can crash the iApp...

7.5CVSS6AI score0.00642EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.11 views

CVE-2026-37233

FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eqxappricgenid in src/ric/iApp/xappricid.c compares m0-xappid against itself m0-xappid instead of the other argument m1-xappid, effectively ignoring the xApp identity dimension. A malicio...

7.5CVSS5.8AI score0.00454EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

Medplum 代码问题漏洞

Medplum is an open-source platform for rapid development of medical applications. Versions of Medplum prior to 5.1.14 contained code-related vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability present in subscription workers, which could allow...

8.5CVSS5.7AI score0.00229EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.9 views

PT-2026-45843

Name of the Vulnerable Software and Affected Versions Medplum versions prior to 5.1.14 Description An issue in the subscription worker allows authenticated users to perform unauthorized internal network requests. By creating FHIR Subscription resources with arbitrary endpoint URLs, attackers can...

8.5CVSS6AI score0.00229EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.9 views

CVE-2026-44323

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one...

6.5CVSS5.8AI score0.0035EPSS
Exploits1References1
NVD
NVD
added 2026/06/01 7:16 p.m.23 views

CVE-2026-37226

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert in Debug builds SIGABRT and dereferenced in Release builds SIGSEGV. A remote unauthenticated attacker can crash the iApp...

7.5CVSS0.00642EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/01 6:31 p.m.12 views

EUVD-2026-33699

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

7.5CVSS5.8AI score0.00415EPSS
Exploits0References3
NVD
NVD
added 2026/06/01 5:16 p.m.16 views

CVE-2026-37225

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

7.5CVSS0.00415EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 3:16 p.m.16 views

CVE-2026-37221

FlexRIC v2.0.0 crashes when receiving a RICSUBSCRIPTIONRESPONSE with an unknown ricid that has no corresponding pending event. The near-RT RIC uses assert to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged...

7.5CVSS0.00347EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 10:26 a.m.8 views

Exposure of Sensitive Information Through Metadata

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata in the BrokerInfo component. An attacker can obtain sensitive...

8.2CVSS5.5AI score0.00328EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.14 views

PT-2026-45455

FlexRIC v2.0.0 crashes when the iApp receives an E42 RIC SUBSCRIPTION REQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash th...

5.8AI score0.00415EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 12:0 a.m.19 views

CVE-2026-37234

CVE-2026-37234 affects FlexRIC v2.0.0. A single SCTP connection can bind multiple xapp_ids via multiple E42_SETUP_REQUESTs. Upon disconnect, only the first registered xapp_id’s resources are cleaned up; other xapp_ids and their subscriptions remain as stale entries, allowing a remote attacker to ...

8.2CVSS5.8AI score0.00345EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder