CVE-2026-37221

FlexRIC v2.0.0 crashes when receiving a RICSUBSCRIPTIONRESPONSE with an unknown ricid that has no corresponding pending event. The near-RT RIC uses assert to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged...

PT-2026-45431

FlexRIC v2.0.0 crashes when receiving a RIC SUBSCRIPTION RESPONSE with an unknown ric id that has no corresponding pending event. The near-RT RIC uses assert to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged RIC SUBSCRIPTIO...

CVE-2026-37221

FlexRIC v2.0.0 is affected. Processing a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has no corresponding pending event can trigger an assertion failure (near-RT RIC) leading to SIGABRT in Debug builds or a NULL pointer dereference (SIGSEGV) in Release builds. This can be exploited remo...

CVE-2026-44473

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection,...

PT-2026-39667

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.10.0 Description A radio with a valid NG Setup can send a forged 'PDUSessionResourceSetupResponse' carrying any UE's AMF-UE-NGAP-ID. The software fails to verify if the message arrived on the SCTP association boun...

CVE-2021-31228

An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...

PT-2025-47500

Name of the Vulnerable Software and Affected Versions Newtec Celox UHD versions celox-21.6.13 Description The Newtec Celox UHD models CELOXA504, CELOXA820 is affected by an authentication bypass. An attacker can gain Superuser or Operator access without valid credentials by modifying intercepted...

CVE-2025-63210

The Newtec Celox UHD models: CELOXA504, CELOXA820 running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response body during the loginWithUserNa...

CVE-2023-28452

An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a...

samlify 数据伪造问题漏洞

samlify is a Node.js library for SAML SSO by tngan individual developer. A data forgery issue vulnerability exists in samlify versions prior to 2.10.0, which stems from a signature wrapping attack that could lead to a forged SAML response...

dnspython: denial of service in stub resolver

The dnspython stub resolver is vulnerable to a denial of service DoS risk if an attacker sends a malicious response forged with the correct address and port before a legitimate one arrives on the UDP port used by dnspython for the query. In such cases, dnspython could either switch to another...

dnspython: denial of service in stub resolver

The dnspython stub resolver is vulnerable to a denial of service DoS risk if an attacker sends a malicious response forged with the correct address and port before a legitimate one arrives on the UDP port used by dnspython for the query. In such cases, dnspython could either switch to another...

SUSE CVE-2010-0097

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC 1 NSEC and 2 NSEC3 records, which allows remote attackers to add the Authenticated Data AD flag to a forged NXDOMAIN response for an existing domain...

apache-cxf: SAML SSO processing is vulnerable to wrapping attack

It was found that Apache CXF permitted wrapping attacks in its support for SAML SSO. A malicious user could construct a SAML response that would bypass the login screen and possibly gain access to restricted information or resources...

Securifi Almond Man-in-the-Middle Attack Vulnerability

Securifi Almond is a wireless router product from Securifi. A man-in-the-middle attack vulnerability exists in Securifi Almond. It allows remote attackers to forge a response by using a linear algorithm to select the ID value in the header when the program executes a DNS query...

CVE-2014-0239

The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged response packet that triggers a...

DNS cache poisoning details leaked-vulnerability warning-the black bar safety net

Yesterday Mantasano on an article describing the Dan Kaminsky DNS name server attack details. The article was published a few minutes after that to be deleted. Although Dan Kaminsky have combined The vendor released a patch, but is still in the patch of the push phase, there are still a...