CVE-2026-37228

FlexRIC v2.0.0 is affected by a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The code allocates a fixed 32 KB receive buffer and asserts rc = 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. All four SCTP endpoint types (ports 36421 and 36...

Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets)

Summary Four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full Compose YAML and .env content of every custom template stored in the instance. Because Arcane's UI expose...

PT-2005-3247 · Calogic · Calogic

Name of the Vulnerable Software and Affected Versions: CaLogic version 1.2.2 Description: The issue allows remote attackers to execute arbitrary code. This is achieved via the CLPATH parameter to several API endpoints: "/cl minical.php", "/clmcpreload.php", "/mcconfig.php", or "/mcpi-demo.php"...