1410 matches found
EUVD-2026-20572
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...
PT-2026-31426
Name of the Vulnerable Software and Affected Versions LORIS versions 21.0.0 through 27.0.2 and 28.0.0 Description LORIS is a self-hosted web application for neuroimaging research data and project management. A flaw exists where the backend endpoint did not properly verify file access permissions...
PT-2026-31414
Name of the Vulnerable Software and Affected Versions LORIS versions 20.0.0 through 27.0.2 and 28.0.0 Description A flaw exists in the static file router of LORIS, a web application for neuroimaging research data management. This issue allows an attacker to access files outside the intended...
Security Bulletin: Vulnerabilities in Glob might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Glob. The glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names as described by the CVEs in the...
Understanding User Privacy Perceptions of GenAI Smartphones
GenAI smartphones, which natively embed generative AI at the system level, are transforming mobile interactions by automating a wide range of tasks and executing UI actions on behalf of users. Their superior capabilities rely on continuous access to sensitive and context-rich data, raising privac...
PingIdentity PingIDM 安全漏洞
PingIdentity PingIDM is an identity data management platform provided by the American company PingIdentity. There is a security vulnerability in PingIdentity PingIDM, which stems from insufficient access control granularity. This vulnerability could allow attackers to intercept or modify...
CVE-2026-23467 drm/i915/dmc: Fix an unlikely NULL pointer deference at probe
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dmc: Fix an unlikely NULL pointer deference at probe inteldmcupdatedc6allowedcount oopses when DMC hasn't been initialized, and dmc is thus NULL. That would be the case when the call path is intelpowerdomainsinithw -...
SUSE CVE-2026-33065
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...
SUSE CVE-2026-33191
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...
SUSE CVE-2026-33192
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...
CVE-2026-33065
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...
CVE-2026-29522
ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion LFI vulnerability in the /server/nodeupgradesrv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to...
CVE-2026-33064
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...
Linux Distros Unpatched Vulnerability : CVE-2026-33192
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a...
GO-2026-4758 free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request in github.com/free5gc/udm
free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request in github.com/free5gc/udm...
CVE-2026-33192
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...
CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...
CVE-2026-33192
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...
CVE-2026-33192
CVE-2026-33192 — Free5GC UDM PATCH handling issue : In Free5GC UDM (pre-1.4.2), PATCH requests with an empty supi path parameter can trigger internal misbehavior: a 400 from UDR is converted to 500, and PATCH is inappropriately translated to PUT when forwarded to UDR. This reveals internal error ...
CVE-2026-33065
CVE-2026-33065 affects Free5GC UDM (core network component) prior to version 1.4.2. When handling DELETE requests with an empty supi path (e.g., // in the URL), UDM forwards the malformed request to UDR (which returns 400) but UDM propagates it as 500 SYSTEM_FAILURE, leaking internal error handli...