CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1070 matches found

Snyk•added 2026/04/14 8:0 p.m.•3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through improper validation of the influenceId path parameter in the DELETE endpoint. An attacker can remove arbitrary Traffic Influence Subscriptions by sending a crafted request with an invalid influenceId value...

8.7CVSS5.9AI score0.00034EPSS

Exploits1References2

Snyk•added 2026/04/14 8:0 p.m.•3 views

Improper Authorization

Overview github.com/free5gc/udr/internal/sbi is a None Affected versions of this package are vulnerable to Improper Authorization. through improper validation of the influenceId path parameter in the DELETE endpoint. An attacker can remove arbitrary Traffic Influence Subscriptions by sending a...

8.7CVSS5.9AI score0.00034EPSS

Exploits1References2

OSV•added 2026/04/14 8:0 p.m.•1 views

GHSA-WRWH-RPQ4-87HF free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication

Summary An information disclosure vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to retrieve stored subscriber identifiers SUPI/IMSI with a single HTTP GET request requiring no parameters or credentials. Details The endpoint...

7.5CVSS5.8AI score0.00047EPSS

Exploits1References3

OSV•added 2026/04/14 12:16 p.m.•2 views

SUSE-SU-2026:21191-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string bsc1258637...

8.7CVSS5.8AI score0.00026EPSS

Exploits1References3

OSV•added 2026/04/14 12:16 p.m.•2 views

SUSE-SU-2026:21111-1 Security update for cockpit-subscriptions

8.7CVSS5.8AI score0.00026EPSS

Exploits1References3

OSV•added 2026/04/14 12:13 p.m.•3 views

OPENSUSE-SU-2026:20532-1 Security update for cockpit-subscriptions

8.7CVSS5.8AI score0.00026EPSS

Exploits1References2

Positive Technologies•added 2026/04/14 12:0 a.m.•3 views

PT-2026-32973

Name of the Vulnerable Software and Affected Versions free5GC versions 1.4.2 and earlier Description An improper path validation issue exists in the UDR service. An unauthenticated attacker with access to the 5G Service Based Interface can delete arbitrary Traffic Influence Subscriptions by...

8.7CVSS6.1AI score0.00034EPSS

Exploits1References5

Positive Technologies•added 2026/04/14 12:0 a.m.•3 views

PT-2026-32975

Name of the Vulnerable Software and Affected Versions free5GC UDR service versions prior to 4.2.1 Description An improper path validation issue exists in the UDR service. The handler for creating or updating Traffic Influence Subscriptions checks if the influenceId path segment equals...

8.7CVSS6AI score0.00042EPSS

Exploits1References5

Positive Technologies•added 2026/04/14 12:0 a.m.•1 views

PT-2026-32974

Name of the Vulnerable Software and Affected Versions free5GC versions 4.2.1 and earlier Description An improper path validation issue exists in the UDR service. The endpoint 'GET /nudr-dr/v2/application-data/influenceData/influenceId/subscriptionId' is designed to operate only when the influence...

8.7CVSS6AI score0.00043EPSS

Exploits1References5

CNVD•added 2026/04/10 12:0 a.m.•2 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17250)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse has an information leakage vulnerability , the vulnerability stems from the discourse-subscriptions plugin leaks stripe API key...

5.3CVSS5.6AI score0.00048EPSS

Exploits0

RedhatCVE•added 2026/04/08 7:34 p.m.•3 views

CVE-2026-35526

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...

7.5CVSS5.9AI score0.00069EPSS

Exploits0References1

Positive Technologies•added 2026/04/08 12:0 a.m.•5 views

PT-2026-31444

Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.5, a glitch in the HWID device registration logic allows an authenticated user to bypass the configured limit for HWID devices and register more devices than expected, allowing them to resell...

5CVSS5.9AI score0.00012EPSS

Exploits1References2

NVD•added 2026/04/07 8:16 p.m.•0 views

CVE-2026-39366

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...

6.5CVSS0.00018EPSS

Exploits0References2

OSV•added 2026/04/07 5:16 p.m.•0 views

ALPINE-CVE-2026-39316

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler cupsd when temporary printers are automatically deleted. cupsdDeleteTemporaryPrinters in...

6.2CVSS5.7AI score0.00022EPSS

Exploits1References1

PyPA•added 2026/04/07 5:16 p.m.•5 views

PYSEC-2026-133

Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connectioninit handshake has been completed before...

7.5CVSS5.7AI score0.00106EPSS

Exploits0References1Affected Software1

OSV•added 2026/04/07 5:16 p.m.•3 views

PYSEC-2026-133

7.5CVSS5.7AI score0.00106EPSS

Exploits0References1