CVE-2026-42459

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI...

CVE-2026-42459

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the UDM component failing to validate the supi path parameters of the six GET processors in the nudm-sdm...

CVE-2026-41526

A flaw was found in KDE KCoreAddons. The KShell::quoteArgs function, intended to safely quote arguments for shell commands, does not properly handle special characters. This vulnerability allows an attacker to inject control characters, such as \x01, leading to an escape from the shell...

Security update for php-composer2

This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various Composer commands via attacker controlled remote sources. bsc1255768 Patch Instructions: To install this SUSE update use the SUSE recommended...

CVE-2026-27642

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

CVE-2026-27642

In free5GC UDM (Nudm_UEAU), versions up to 1.4.1 are affected. Remote attackers can inject control characters (for example, %00) into the supi parameter, triggering net/url parsing errors and exposing system‑level error details, enabling service fingerprinting. A fix is available via free5gc/udm ...

free5GC 输入验证错误漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC such as 1.4.1 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from the ability to inject control characters in the supi parameter, which could...

free5gc UDM 安全漏洞

free5gc UDM is a core network element of the open-source 5G mobile core network developed by free5GC. Versions of free5gc UDM prior to 1.4.1 contain security vulnerabilities. These vulnerabilities stem from the possibility for remote attackers to inject control characters into the ueId parameter,...

CVE-2026-21439

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...

EUVD-2020-4720

Malware in sbrugna...

EUVD-2025-15956

Malicious code in bioql PyPI...

EUVD-2023-32955

Malicious code in bioql PyPI...

EUVD-2022-50343

Malicious code in bioql PyPI...

EUVD-2025-5465

Malicious code in bioql PyPI...

EUVD-2025-5466

Malicious code in bioql PyPI...

EUVD-2025-5464

Malicious code in bioql PyPI...

CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

Control Character Injection

github.com/cilium/hubble is vulnerable to control character injection. The vulnerability is due to improper sanitization of control characters in the terminal output when monitoring Kafka traffic using Layer 7 Protocol Visibility and allows an attacker to manipulate output, conceal log entries, o...

GO-2025-3700 Character injection in Hubble CLI in github.com/cilium/hubble

Character injection in Hubble CLI in github.com/cilium/hubble...