Lucene search
+L

373 matches found

Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.11 views

PT-2026-28565

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0 Description Ella Core, a 5G core designed for private networks, experiences a panic when processing Authentication Response and Authentication Failure NAS messages lacking Information Elements IEs. An attacker...

7.5CVSS5.9AI score0.02709EPSS
Exploits2References48
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.8 views

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product developed by the Danish company Secomea. Version 11.4.0 of Secomea GateManager contains a security vulnerability. This vulnerability stems from improper authentication procedures, which may lead to authentication bypass...

6.5CVSS5.8AI score0.00351EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/12 8:33 p.m.10 views

Ella Core vulnerable to Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload

Summary Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. Impact An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required...

7.5CVSS5.8AI score0.00306EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/27 7:45 p.m.7 views

CVE-2026-26228

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

4.9CVSS5.9AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/27 7:45 p.m.7 views

CVE-2026-26227

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

6.3CVSS6AI score0.003EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 6:31 p.m.5 views

EUVD-2026-8871

VideoLAN VLC for Android prior to version 3.7.0 contain an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockout...

6.3CVSS5.5AI score0.003EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/26 6:31 p.m.6 views

EUVD-2026-8858

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

2.3CVSS5.5AI score0.00275EPSS
Exploits0References3
NVD
NVD
added 2026/02/26 6:23 p.m.12 views

CVE-2026-26227

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

6.3CVSS0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/26 5:37 p.m.27 views

CVE-2026-26227 VLC for Android < 3.7.0 Remote Access OTP Authentication Bypass

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

6.3CVSS0.003EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/26 5:37 p.m.5 views

CVE-2026-26227 VLC for Android < 3.7.0 Remote Access OTP Authentication Bypass

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

6.3CVSS6AI score0.003EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/26 5:37 p.m.4 views

CVE-2026-26227

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

6.3CVSS5.8AI score0.003EPSS
Exploits0References4
OSV
OSV
added 2026/02/26 5:37 p.m.4 views

CVE-2026-26227 VLC for Android < 3.7.0 Remote Access OTP Authentication Bypass

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

6.3CVSS6AI score0.003EPSS
Exploits0References6
NVD
NVD
added 2026/02/26 4:24 p.m.9 views

CVE-2026-26228

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

4.9CVSS0.00275EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/26 3:21 p.m.6 views

CVE-2026-26228

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

4.9CVSS5.5AI score0.00275EPSS
Exploits0References4
CVE
CVE
added 2026/02/26 3:21 p.m.31 views

CVE-2026-26228

VLC for Android prior to 3.7.0 is affected by a path traversal vulnerability in the Remote Access Server’s GET /download endpoint. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalization or directory containment checks, allo...

4.9CVSS5.5AI score0.00275EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/26 3:21 p.m.25 views

CVE-2026-26228 VLC for Android < 3.7.0 Remote Access Path Traversal

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

4.9CVSS0.00275EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 3:21 p.m.7 views

CVE-2026-26228 VLC for Android < 3.7.0 Remote Access Path Traversal

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

2.3CVSS6AI score0.00275EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.10 views

PT-2026-22170

Name of the Vulnerable Software and Affected Versions VideoLAN VLC for Android versions prior to 3.7.0 Description The Remote Access Server feature in VideoLAN VLC for Android has an authentication bypass due to inadequate rate limiting on one-time password OTP verification. The server utilizes a...

6.3CVSS5.4AI score0.003EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.12 views

PT-2026-22155

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

2.3CVSS5.5AI score0.00275EPSS
Exploits0References3
NVD
NVD
added 2026/02/03 6:16 p.m.8 views

CVE-2025-59439

An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling of Exceptional Conditions...

7.5CVSS0.00428EPSS
Exploits0References2
Rows per page
Query Builder