Lucene search
+L

1410 matches found

EUVD
EUVD
added 2026/04/08 6:23 p.m.5 views

EUVD-2026-20572

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...

6.3CVSS5.9AI score0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.10 views

PT-2026-31426

Name of the Vulnerable Software and Affected Versions LORIS versions 21.0.0 through 27.0.2 and 28.0.0 Description LORIS is a self-hosted web application for neuroimaging research data and project management. A flaw exists where the backend endpoint did not properly verify file access permissions...

6.3CVSS5.9AI score0.00165EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31414

Name of the Vulnerable Software and Affected Versions LORIS versions 20.0.0 through 27.0.2 and 28.0.0 Description A flaw exists in the static file router of LORIS, a web application for neuroimaging research data management. This issue allows an attacker to access files outside the intended...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 8:21 p.m.4 views

Security Bulletin: Vulnerabilities in Glob might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Glob. The glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names as described by the CVEs in the...

7.5CVSS7.1AI score0.03136EPSS
Exploits1Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.5 views

Understanding User Privacy Perceptions of GenAI Smartphones

GenAI smartphones, which natively embed generative AI at the system level, are transforming mobile interactions by automating a wide range of tasks and executing UI actions on behalf of users. Their superior capabilities rely on continuous access to sensitive and context-rich data, raising privac...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

PingIdentity PingIDM 安全漏洞

PingIdentity PingIDM is an identity data management platform provided by the American company PingIdentity. There is a security vulnerability in PingIdentity PingIDM, which stems from insufficient access control granularity. This vulnerability could allow attackers to intercept or modify...

9.1CVSS5.8AI score0.00237EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/03 3:15 p.m.26 views

CVE-2026-23467 drm/i915/dmc: Fix an unlikely NULL pointer deference at probe

In the Linux kernel, the following vulnerability has been resolved: drm/i915/dmc: Fix an unlikely NULL pointer deference at probe inteldmcupdatedc6allowedcount oopses when DMC hasn't been initialized, and dmc is thus NULL. That would be the case when the call path is intelpowerdomainsinithw -...

0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.5 views

SUSE CVE-2026-33065

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

6.9CVSS5.8AI score0.00282EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.5 views

SUSE CVE-2026-33191

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.6 views

SUSE CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS5.8AI score0.00321EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.5 views

CVE-2026-33065

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

6.9CVSS5.7AI score0.00282EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.9 views

CVE-2026-29522

ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion LFI vulnerability in the /server/nodeupgradesrv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to...

8.7CVSS6AI score0.00965EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.4 views

CVE-2026-33064

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

8.7CVSS5.8AI score0.00486EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-33192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a...

8.7CVSS5.8AI score0.00321EPSS
Exploits1References2
OSV
OSV
added 2026/03/23 6:14 p.m.10 views

GO-2026-4758 free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request in github.com/free5gc/udm

free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request in github.com/free5gc/udm...

6.9CVSS5.8AI score0.00282EPSS
Exploits1References5
NVD
NVD
added 2026/03/20 9:16 a.m.11 views

CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS0.00321EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/20 8:9 a.m.29 views

CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS0.00321EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:9 a.m.6 views

CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS5.7AI score0.00321EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/20 8:9 a.m.20 views

CVE-2026-33192

CVE-2026-33192 — Free5GC UDM PATCH handling issue : In Free5GC UDM (pre-1.4.2), PATCH requests with an empty supi path parameter can trigger internal misbehavior: a 400 from UDR is converted to 500, and PATCH is inappropriately translated to PUT when forwarded to UDR. This reveals internal error ...

8.7CVSS5.7AI score0.00321EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/20 8:3 a.m.21 views

CVE-2026-33065

CVE-2026-33065 affects Free5GC UDM (core network component) prior to version 1.4.2. When handling DELETE requests with an empty supi path (e.g., // in the URL), UDM forwards the malformed request to UDR (which returns 400) but UDM propagates it as 500 SYSTEM_FAILURE, leaking internal error handli...

6.9CVSS5.8AI score0.00282EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder