Devilray: A Systematic Adversarial Model Revealing Blind Spots in Fake Base Station Detection

Fake Base Station FBS detection has been a critical focus of cellular security research for over two decades. However, significant financial and regulatory barriers to accessing commercial FBS C-FBS devices have limited direct visibility into real-world operations, forcing detection systems to be...

PT-2026-39200

Name of the Vulnerable Software and Affected Versions SolidCAM-GPPL-IDE versions 1.0.0 through 1.0.1 Description Opening a .gpp file causes the language server to parse a companion .vmid file from the same directory. The VMID parser uses XDocument.Loadpath without XmlReaderSettings, which in .NET...

GHSA-VRRX-58H3-PRMH Free5GC AMF has Missing Concurrent NAS SMC Validation During NGAP Handover

Summary The AMF in Free5GC v4.2.1 does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command, and vice versa. This can lead to mismatches between NAS and AS...

CVE-2025-70123

An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a...

CVE-2025-62362

gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information...

CVE-2025-62362 Name and e-mail of employee that has done a publication is discoverable in gpp-burgerportaal

gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information...

CVE-2025-62362 Name and e-mail of employee that has done a publication is discoverable in gpp-burgerportaal

gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information...

CVE-2025-62362

CVE-2025-62362 affects gpp-burgerportaal, a Dutch government citizen portal. In versions prior to 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered via browser developer tools. This is an information disclos...

PT-2025-41823

Name of the Vulnerable Software and Affected Versions gpp-burgerportaal versions prior to 2.0.3 gpp-burgerportaal versions prior to 3.0.2 gpp-burgerportaal versions prior to 4.0.1 Description gpp-burgerportaal is a Dutch government citizen portal application. In affected versions, the name and...

EUVD-2025-17181

Malicious code in bioql PyPI...

EUVD-2023-46292

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2012-6616

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The movtextdecodeframe function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service out-of-bounds read and...

CVE-2025-28996

Missing Authorization vulnerability in Thad Allender GPP Slideshow gpp-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GPP Slideshow: from n/a through = 1.3.5...

CVE-2025-28996

Missing Authorization vulnerability in Thad Allender GPP Slideshow gpp-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GPP Slideshow: from n/a through = 1.3.5...

CVE-2025-28996 WordPress GPP Slideshow plugin <= 1.3.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Thad Allender GPP Slideshow gpp-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GPP Slideshow: from n/a through = 1.3.5...

CVE-2025-28996

CVE-2025-28996 relates to GPP Slideshow by Thad Allender. Connected sources confirm a Missing Authorization vulnerability (incomplete access control) affecting GPP Slideshow versions up to 1.3.5. Public documents identify the root cause as authorization bypass/insufficient access checks, enabling...

CVE-2025-28996 WordPress GPP Slideshow <= 1.3.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5...

PT-2025-24137 · Unknown · Phpslideshow

Name of the Vulnerable Software and Affected Versions: GPP Slideshow versions 1.3.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For GPP Slideshow versions...

WordPress GPP Slideshow plugin <= 1.3.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by HLog in WordPress Plugin GPP Slideshow versions = 1.3.5...

OPENSUSE-SU-2024:13313-1 gpp-2.28-1.1 on GA media

These are all security issues fixed in the gpp-2.28-1.1 package on the GA media of openSUSE Tumbleweed...