CVE-2026-42459

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI...

CVE-2026-42459

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the UDM component failing to validate the supi path parameters of the six GET processors in the nudm-sdm...

CVE-2026-41526

A flaw was found in KDE KCoreAddons. The KShell::quoteArgs function, intended to safely quote arguments for shell commands, does not properly handle special characters. This vulnerability allows an attacker to inject control characters, such as \x01, leading to an escape from the shell...

CVE-2026-27642

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

CVE-2026-27642

In free5GC UDM (Nudm_UEAU), versions up to 1.4.1 are affected. Remote attackers can inject control characters (for example, %00) into the supi parameter, triggering net/url parsing errors and exposing system‑level error details, enabling service fingerprinting. A fix is available via free5gc/udm ...

free5GC 输入验证错误漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC such as 1.4.1 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from the ability to inject control characters in the supi parameter, which could...

free5gc UDM 安全漏洞

free5gc UDM is a core network element of the open-source 5G mobile core network developed by free5GC. Versions of free5gc UDM prior to 1.4.1 contain security vulnerabilities. These vulnerabilities stem from the possibility for remote attackers to inject control characters into the ueId parameter,...

CVE-2026-21439

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...

EUVD-2025-5464

Malicious code in bioql PyPI...

EUVD-2025-5466

Malicious code in bioql PyPI...

EUVD-2023-32955

Malicious code in bioql PyPI...

EUVD-2025-5465

Malicious code in bioql PyPI...

Control Character Injection

github.com/cilium/hubble is vulnerable to control character injection. The vulnerability is due to improper sanitization of control characters in the terminal output when monitoring Kafka traffic using Layer 7 Protocol Visibility and allows an attacker to manipulate output, conceal log entries, o...

[SECURITY] [DLA 4130-1] shadow security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4130-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler April 18, 2025 https://wiki.debian.org/LTS -...

MongoDB Shell < 2.3.9 Control Character Injection (MONGOSH-2024, MONGOSH-2025, MONGOSH-2026)

The version of MongoDB Shell installed on the remote host is prior to 2.3.9. It is, therefore, affected by a vulnerability as referenced in the MONGOSH-2024, MONGOSH-2025, MONGOSH-2026 advisories. - The MongoDB Shell may be susceptible to control character injection where an attacker with control...

Control Character Injection

Mongosh is vulnerable to Control Character Injection. The vulnerability is due to improper input handling due to an attacker controlling the autocompletion feature, allowing the execution of obfuscated malicious text when a user presses ‘tab’ to autocomplete input...

Linux Distros Unpatched Vulnerability : CVE-2023-29383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit...

CVE-2025-1693

The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying...

CVE-2025-1692

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue...