CVE-2026-44316

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the...

Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

Summary A nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSODELEGATERBACTONAMESPACE=true. Details When getServiceAccountclaims, ssoNamespace...

EUVD-2002-0405

Malware in sbrugna...

EUVD-2018-9632

Malware in sbrugna...

EUVD-2002-1016

Malware in sbrugna...

CVE-2025-32959 CUBA Vulnerable to Denial of Service (DoS) in the File Storage

CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run...

CVE-2025-32959 CUBA Vulnerable to Denial of Service (DoS) in the File Storage

CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run...

Use After Free

@fastly/js-compute is vulnerable to Use After Free. The vulnerability is due to re-use of previously freed memory in the FetchEvent.client and certain CacheEntry.prototype and Device.lookup functions. This issue could allow for an unintended data leak and often results in a Compute service crash...

@fastly/js-compute has a use-after-free in some host call implementations

Impact The implementation of the following functions were determined to include a use-after-free bug: FetchEvent.client.tlsCipherOpensslName FetchEvent.client.tlsProtocol FetchEvent.client.tlsClientCertificate FetchEvent.client.tlsJA3MD5 FetchEvent.client.tlsClientHello...

GHSA-MP3G-VPM9-9VQV @fastly/js-compute has a use-after-free in some host call implementations

Impact The implementation of the following functions were determined to include a use-after-free bug: FetchEvent.client.tlsCipherOpensslName FetchEvent.client.tlsProtocol FetchEvent.client.tlsClientCertificate FetchEvent.client.tlsJA3MD5 FetchEvent.client.tlsClientHello...

juzawebCMS Incorrect Access Control vulnerability

juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...

Improper Neutralization Of Special Elements

gitlab is vulnerable to Improper Neutralization of Special Elements. The vulnerability is due to there is no proper validation for user-supplied input, specifically when committing directories containing LF Line Feed characters. This flaw results in HTTP 500 errors when viewing the affected commi...

Mail.ru: [samokat.ru] PHP modules path disclosure due to lack of error handling

Hi security team @mailru we found a Information disclosure in phpproject in subsamokat.ru On one side of the server samokat.ru generates a full stack error trace instead of an HTTP 500 error. The complete error stack trace reveals the full path of the PHPConfiguration module directory on the...

Security Bulletin: Potential information leakages vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology

Summary Multiple vulnerabilities in the IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager RQM, Rational...

CVE-2019-19342

A flaw was found in Ansible Tower 3.6.1 and 3.5.3 when /websocket is requested and the password contains the '' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker...

XenMobile Server experiences a communications error with Apple Deployment Programs (formerly DEP)

XenMobile Server administrators may notice that newly added Apple devices, which are registered viaApple Deployment Programs formerly DEP, do not appear on XenMobile Server. Previously enrolled devices are not affected. Apple DEP connectivity test initiated from the XenMobile server may also fail...

MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection

Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download: https://datapacket.dl.sourceforge.net/project/maxon/maxon.rar Version:...

CVE-2018-17891

Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a...

Code injection

Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a...

CVE-2017-1239

IBM Quality Manager RQM 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357...