373 matches found
PT-2026-28565
Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0 Description Ella Core, a 5G core designed for private networks, experiences a panic when processing Authentication Response and Authentication Failure NAS messages lacking Information Elements IEs. An attacker...
Secomea GateManager 安全漏洞
Secomea GateManager is a remote access server product developed by the Danish company Secomea. Version 11.4.0 of Secomea GateManager contains a security vulnerability. This vulnerability stems from improper authentication procedures, which may lead to authentication bypass...
Ella Core vulnerable to Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload
Summary Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. Impact An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required...
CVE-2026-26228
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
CVE-2026-26227
VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...
EUVD-2026-8871
VideoLAN VLC for Android prior to version 3.7.0 contain an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockout...
EUVD-2026-8858
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
CVE-2026-26227
VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...
CVE-2026-26227 VLC for Android < 3.7.0 Remote Access OTP Authentication Bypass
VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...
CVE-2026-26227 VLC for Android < 3.7.0 Remote Access OTP Authentication Bypass
VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...
CVE-2026-26227
VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...
CVE-2026-26227 VLC for Android < 3.7.0 Remote Access OTP Authentication Bypass
VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...
CVE-2026-26228
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
CVE-2026-26228
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
CVE-2026-26228
VLC for Android prior to 3.7.0 is affected by a path traversal vulnerability in the Remote Access Server’s GET /download endpoint. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalization or directory containment checks, allo...
CVE-2026-26228 VLC for Android < 3.7.0 Remote Access Path Traversal
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
CVE-2026-26228 VLC for Android < 3.7.0 Remote Access Path Traversal
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
PT-2026-22170
Name of the Vulnerable Software and Affected Versions VideoLAN VLC for Android versions prior to 3.7.0 Description The Remote Access Server feature in VideoLAN VLC for Android has an authentication bypass due to inadequate rate limiting on one-time password OTP verification. The server utilizes a...
PT-2026-22155
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
CVE-2025-59439
An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling of Exceptional Conditions...