CVE-2026-44322

The CVE-2026-44322 family describes a nil-pointer dereference panic in free5GC NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} that occurs when upstream UDR calls fail and the consumer wrapper returns err != nil with a nil *ProblemDetails. In the errPfdData br...

CVE-2026-44322 free5GC: NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/afId/transactions/transId/applications/appId handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != nil...

CVE-2026-44324 free5GC: UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does n...

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by...

UBUNTU-CVE-2026-45893

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix & Optimize table creation from possibly unaligned memory Source blob may come from userspace and might be unaligned. Try to optize the copying process by avoiding unaligned memory accesses. - Added Fixes tag - Added...

CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix & Optimize table creation from possibly unaligned memory Source blob may come from userspace and might be unaligned. Try to optize the copying process by avoiding unaligned memory accesses. - Added Fixes tag - Added...

CVE-2026-45893

The CVE-2026-45893 entry concerns the Linux kernel’s apparmor component, where table creation from possibly unaligned user-provided data caused potential unaligned memory accesses. The underlying issue arises when a source blob from userspace may be unaligned, prompting a fix to optimize the copy...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the PCF’s HandleCreateSmPolicyRequest handler, which encountered a null pointer dereferencing when UDR returne...

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained code vulnerabilities. These vulnerabilities stemmed from the NEF patch handler’s inability to handle UDR calls properly, leading to null pointer dereferencing and...

CVE-2025-43451

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data...

CVE-2025-43451

CVE-2025-43451: A permissions issue in macOS Tahoe 26 was fixed by removing the vulnerable code. The advisory states that an app may be able to access sensitive user data. The available connected documents corroborate the fix in macOS Tahoe 26 and do not provide additional exploit details or affe...

CVE-2025-43451

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data...

CVE-2026-42425

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the...

EUVD-2026-31834

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the...

CVE-2026-42425

OpenKM 6.3.12 contains an unrestricted SQL-Execution vulnerability exploitable by authenticated administrators via the DatabaseQuery interface. Attackers can send crafted SQL in the qs parameter to /admin/DatabaseQuery to read sensitive data (e.g., usernames and password hashes from the OKM_USER ...

PT-2026-43192

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performe...

PT-2026-43423

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data...

TOTOLINK CA750-PoE 操作系统命令注入漏洞

TOTOLINK CA750-PoE is a wireless network access device produced by TOTOLINK Corporation. Version 6.2c.510 of TOTOLINK CA750-PoE contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of theFileName parameter in the setUploadUserDat...

CVE-2026-42797

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...

CVE-2026-42797 Apache Syncope: JexlContextBuilder Information Disclosure

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...