CVE-2025-14954

A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogspfcppdrfindoradd/ogspfcpfarfindoradd/ogspfcpurrfindoradd/ogspfcpqerfindoradd in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation leads to reachable assertion. It is possible to...

CVE-2025-14954 Open5GS QER/FAR/URR/PDR context.c ogs_pfcp_qer_find_or_add assertion

A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogspfcppdrfindoradd/ogspfcpfarfindoradd/ogspfcpurrfindoradd/ogspfcpqerfindoradd in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation leads to reachable assertion. It is possible to...

EUVD-2025-204569

A vulnerability has been found in Open5GS up to 2.7.5. Affected is the function ogspfcppdrfindoradd/ogspfcpfarfindoradd/ogspfcpurrfindoradd/ogspfcpqerfindoradd in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation leads to reachable assertion. It is possible to...

Authentication Bypass

Node-SAML is vulnerable to an Authentication Bypass. The vulnerability is due to loading assertions from the unsigned original SAML response instead of the signature-verified data, allowing attackers to modify authentication details within a valid assertion, such as altering the username, and...

PT-2025-52484

Name of the Vulnerable Software and Affected Versions Open5GS versions up to 2.7.5 Description A flaw exists in Open5GS related to assertions within the ogs pfcp pdr find or add, ogs pfcp far find or add, ogs pfcp urr find or add, and ogs pfcp qer find or add functions located in the...

Open5GS 安全漏洞

Open5GS is an Open5GS open source C open source implementation of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS version 2.7.5 and earlier, which stems from a misbehavior of the function ogspfcppdrfindoradd in the QER/FAR/URR/PDR component, whi...

CVE-2025-59029

A flaw was found in PowerDNS. This vulnerability allows an attacker to trigger an assertion failure via requesting crafted DNS Domain Name System records, waiting for them to be inserted into the records cache, then sending a query with qtype set to ANY. Mitigation To mitigate this issue, restric...

CVE-2025-54369

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify...

Authentication Bypass

Jenkins SAML Plugin is vulnerable to Authentication Bypass. The vulnerability is due to the absence of a replay cache in the SAML authentication flow, allowing attackers who capture SAML authentication messages to replay them and authenticate to Jenkins as the affected user...

CVE-2025-54369 Node-SAML SAML Authentication Bypass

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify...

SUSE CVE-2025-59029

An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY...

EulerOS 2.0 SP11 : cmake (EulerOS-SA-2025-2457)

According to the versions of the cmake packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file...

CVE-2025-59718

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14,...

github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame

A denial of service flaw has been discovered in the quic-go golang library. A misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during...

CLSA-2025-1765378381 jasper: Fix of CVE-2025-8836

CVE-2025-8836: fix manipulation in function jpcfloorlog2 to prevent reachable assertion...

CVE-2023-53764

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Handle lock during peerid find ath12kpeerfindbyid requires that the caller hold the ab-baselock. Currently the WBM error path does not hold the lock and calling that function, leads to the following lockdepassertin...

EUVD-2025-201911

An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY...

EUVD-2023-60130

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: Reposition and add pcmmutex If paniconwarn is set and compress streamDPCM is started, then kernel panic occurred because card-pcmmutex isn't held appropriately. In the following functions, warning were issued ...

EUVD-2025-202168

SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475...

CVE-2025-59718

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14,...