18 matches found
MINI-7PRW-57M6-WF4X
Bulletin has no description...
EUVD-2026-32574
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does n...
CVE-2026-31744
Summary: CVE-2026-31744 concerns the Linux kernel energy model code path that processes perf domain IDs. The function dev_energymodel_nl_get_perf_domains_doit() calls em_perf_domain_get_by_id() and uses its return value without verifying it; if a caller supplies a non-existent perf domain ID, em_...
SUSE CVE-2026-27840
ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...
MINI-5F9H-5Q73-M67R
Bulletin has no description...
CVE-2026-27840
ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...
CVE-2025-65563
A denial-of-service vulnerability exists in the omec-project UPF component upf-epc/pfcpiface up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory NodeID Information Element, the association setup handler...
Assessment of Quantitative Cyber-Physical Reliability of SCADA Systems in Autonomous Vehicle to Grid (V2G) Capable Smart Grids
The integration of electric vehicles EVs into power grids via Vehicle-to-Grid V2G system technology is increasing day by day, but these phenomena present both advantages and disadvantages. V2G can increase grid reliability by providing distributed energy storage and ancillary services. However, o...
UBUNTU-CVE-2024-58060
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject structops registration that uses module ptr and the module btfid is missing There is a UAF report in the bpfstructops when CONFIGMODULES=n. In particular, the report is on tcpcongestionops that has a "struct module...
Open5GS 安全漏洞
Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS, which can be exploited to cause a denial of service by an attacker who sends an "ENB Status Transmission" message...
Open5GS 安全漏洞
Open5GS is Open5GS open source an open source implementation of 5G Core and Epc in C, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS, which can be exploited to cause a denial of service by an attacker who sends a "handover canceled" message that lacks the...
CVE-2024-20109
CVE-2024-20109 affects the component identified as ccu (referenced across Red Hat/NVD entries and related advisories). The root cause is a missing bounds check that allows an out-of-bounds write, resulting in local escalation of privileges with System-level execution privileges required. No user ...
PT-2024-18263 · Unknown · Lunary-Ai/Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary affected versions not specified Description: An incorrect authorization issue exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint "/api/evaluations". This...
UBUNTU-CVE-2024-26751
In the Linux kernel, the following vulnerability has been resolved: ARM: ep93xx: Add terminator to gpiodlookuptable Without the terminator, if a conid is passed to gpiofind that does not exist in the lookup table the function will not stop looping correctly, and eventually cause an oops...
SUSE CVE-2005-3810
ipconntrackprotoicmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service kernel oops via a message without ICMP ID ICMPID information, which leads to a null dereference...
CVE-2022-35572
On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, and potentially other vendors/devices due to code reuse, the /SysInfo.htm URI does not require a session ID. This web page calls a showsysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS...
CVE-2020-26552
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access...
Tomcat/JBoss Web - Bypass of CSRF prevention filter
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...