15 matches found
CVE-2026-33191 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...
CVE-2026-27642
free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...
CVE-2025-69251
The CVE-2025-69251 entry affects free5GC UDM (Nudm_UECM service) in versions up to and including 1.4.1. The issue allows remote attackers to inject control characters (e.g., %00) into the ueId parameter, causing internal URL parsing errors (net/url: invalid control character) and exposing system ...
CVE-2025-69251 free5GC has Improper Input Validation in UDM, Leading to Information Exposure
free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the ueId parameter, triggering internal URL parsing errors net/url:...
PT-2026-21580
Name of the Vulnerable Software and Affected Versions free5gc UDM versions up to and including 1.4.1 Description free5gc UDM provides Unified Data Management for free5GC, an open-source 5G mobile core network project. A flaw exists where attackers can inject control characters, such as %00, into...
EUVD-2002-1270
Malware in sbrugna...
EUVD-2016-9995
Malware in sbrugna...
EUVD-2024-0377
Malicious code in bioql PyPI...
EUVD-2025-1771
Malicious code in bioql PyPI...
firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...
Medium: python3.9
Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 A...
GHSA-Q9F5-625G-XM39 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`
Summary URLs starting with // are not parsed properly, and the request REQUESTFILENAME variable contains a wrong value, leading to potential rules bypass. Details If a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI...
CVE-2025-1211
Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery SSRF due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host as 127.0.0.1 which is correct, and hackney...
Apache Knox SSO Cross-Site Scripting Vulnerability
Knox Sso is the Apache Foundation's Web Ui Sso Single Sign-On feature for your cluster. A security vulnerability exists in Apache Knox SSO that stems from a URL parsing error that could craft requests to redirect users to a malicious page. A request containing a specially crafted request paramete...
Google Chrome < 13.0.782.215 Multiple Vulnerabilities (Sep 2011) - Windows
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...