Lucene search
K

154 matches found

SUSE CVE
SUSE CVE
added 2026/04/06 11:24 p.m.4 views

SUSE CVE-2026-33903

Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Version...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References3
OSV
OSV
added 2026/04/01 10:59 p.m.4 views

GHSA-6GM8-3G4H-W82M Ella Core Panics Upon NGAP handover failure

Summary Ella Core panics when processing a NGAP handover failure message. Impact If an attacker can force a gNodeB to send NGAP handover failure messages to Ella Core, the process will crash, thereby disrupting service for all connected subscribers. Fix Improve guards in NGAP handover handlers...

5.8CVSS5.9AI score0.00317EPSS
Exploits0References4
CVE
CVE
added 2026/03/27 8:52 p.m.16 views

CVE-2026-33903

Ella Core (private 5G core) is affected by CVE-2026-33903. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message, allowing an attacker to crash the process and cause service disruption for all connected subscribers. The fix is included in version 1.7.0, whi...

6.5CVSS5.9AI score0.00207EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/26 10:11 p.m.3 views

GHSA-F2F3-9CX3-WCMF Ella Core panics when processing a crafted NGAP LocationReport message

Summary Ella Core panics when processing a specially crafted NGAP LocationReport message. Impact An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Fix Add guards in NGAP Location Report handler...

6.5CVSS5.9AI score0.00207EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/26 10:11 p.m.7 views

Ella Core panics when processing a crafted NGAP LocationReport message

Summary Ella Core panics when processing a specially crafted NGAP LocationReport message. Impact An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Fix Add guards in NGAP Location Report handler...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 4:52 p.m.7 views

srvx is vulnerable to middleware bypass via absolute URI in request line

Summary A pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Details When Node.js receives an absolute URI in the request line e.g. GET file://hehe?/internal/run...

6.5CVSS5.8AI score0.00246EPSS
Exploits0References5Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:2 a.m.4 views

HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them

...

5.5CVSS5.8AI score0.00114EPSS
Exploits0
OSV
OSV
added 2026/03/25 11:16 a.m.5 views

UBUNTU-CVE-2026-23348

In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...

4.7CVSS5.7AI score0.00088EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/25 10:28 a.m.23 views

CVE-2026-23382 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them

In the Linux kernel, the following vulnerability has been resolved: HID: Add HIDCLAIMEDINPUT guards in rawevent callbacks missing them In commit 2ff5baa9b527 "HID: appleir: Fix potential NULL dereference at raw event handle", we handle the fact that raw event callbacks can happen even for a HID...

0.00114EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:28 a.m.4 views

CVE-2026-23382

In the Linux kernel, the following vulnerability has been resolved: HID: Add HIDCLAIMEDINPUT guards in rawevent callbacks missing them In commit 2ff5baa9b527 "HID: appleir: Fix potential NULL dereference at raw event handle", we handle the fact that raw event callbacks can happen even for a HID...

5.6AI score0.00114EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2026/03/24 4:16 p.m.7 views

CVE-2026-33336

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...

8.8CVSS0.01115EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/24 3:16 p.m.6 views

EUVD-2026-14911

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...

6.5CVSS6.8AI score0.01115EPSS
Exploits1References2
CVE
CVE
added 2026/03/24 3:16 p.m.14 views

CVE-2026-33336

CVE-2026-33336 affects Vikunja Desktop (Electron wrapper). Starting in 0.21.0 and before 2.2.0, the BrowserWindow runs with nodeIntegration: true and lacks a will-navigate/will-redirect handler, enabling same-window navigations to attacker-controlled origins. A user-generated link in descriptions...

8.8CVSS6.8AI score0.01115EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/18 2:16 a.m.6 views

CVE-2026-22181

OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...

7.6CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/03 9:37 p.m.3 views

GHSA-MQR9-VQHQ-3JXW OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Summary OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated gateway.cmd files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task...

8.5CVSS6.1AI score0.00571EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/19 7:40 p.m.6 views

OpenClaw has a Web Fetch DoS via unbounded response parsing

Summary The webfetch tool could be used to crash the OpenClaw Gateway process OOM / resource exhaustion by fetching and attempting to parse attacker-controlled web pages with oversized response bodies or pathological HTML nesting. Affected Packages / Versions - Package: openclaw npm - Affected...

6.9CVSS5.6AI score0.00388EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.9 views

PT-2026-8034

Name of the Vulnerable Software and Affected Versions LavaLite CMS version 10.1.0 Description An authenticated user with low-level privileges User role can access the admin backend by logging in through the /admin/login endpoint. This occurs because the admin and user authentication guards share...

5.4AI score0.00446EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/13 12:0 a.m.25 views

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

0.00446EPSS
Exploits1References2
OSV
OSV
added 2026/01/31 12:16 p.m.3 views

UBUNTU-CVE-2026-23039

In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drmatomichelperdisableall is called which sets both the fb and crtc for a plane to NULL before invoking a commit. This causes a kernel oops on every displ...

5.7AI score0.00194EPSS
Exploits0References5
CVE
CVE
added 2026/01/31 11:42 a.m.18 views

CVE-2026-23039

The CVE-2026-23039 issue affects the Linux kernel DRM Gud (drm/gud) code path. On USB disconnect, drm_atomic_helper_disable_all() clears plane fb and crtc by setting them to NULL before a commit, which can trigger a kernel oops. The fix implements guards to prevent NULL dereferences when accessin...

5.8AI score0.00194EPSS
Exploits0References2
Rows per page
Query Builder