CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/05/28 2:21 a.m.•8 views

kernel: Linux kernel dpaa2-switch: Kernel memory corruption via out-of-bounds write

A flaw was found in the Linux kernel dpaa2-switch driver. This out-of-bounds write vulnerability occurs because the driver does not validate the numifs value reported by the firmware against the DPSWMAXIF limit. A highly privileged attacker, capable of influencing the DPAA2 firmware or management...

7.8CVSS5.8AI score0.00013EPSS

Exploits0References5

Packet Storm News•added 2026/05/28 12:0 a.m.•6 views

AgentDoG 1.5: A Lightweight and Scalable Alignment Framework for AI Agent Safety and Security

Modern open-world agents such as OpenClaw exhibit powerful cross-environment execution capabilities yet introduce broad new safety risk sources. Meanwhile, advanced frontier AI models drastically lower attack barriers, rendering current agent alignment frameworks inadequate for real-world...

5.9AI score

NVD•added 2026/05/27 5:16 p.m.•8 views

CVE-2026-44326

9.4CVSS0.00045EPSS

Cvelist•added 2026/05/27 3:41 p.m.•37 views

CVE-2026-44326 free5GC: NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions

9.4CVSS0.00045EPSS

ATTACKERKB•added 2026/05/27 3:41 p.m.•7 views

CVE-2026-44326

Exploits1References4Affected Software1

EUVD•added 2026/05/27 3:41 p.m.•7 views

EUVD-2026-32572

Vulnrichment•added 2026/05/27 3:41 p.m.•4 views

CVE-2026-44326 free5GC: NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions

CVE•added 2026/05/27 3:41 p.m.•8 views

CVE-2026-44326

CVE-2026-44326 affects free5gc NEF 3gpp-traffic-influence API. Prior to version 4.2.2, the NEF mounts the 3gpp-traffic-influence endpoint without inbound OAuth2/bearer-token authorization. An unauthenticated or forged-token request reachable on the SBI can create, read, patch, and delete traffic-...

Exploits1References3Affected Software1

CNNVD•added 2026/05/27 12:0 a.m.•4 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of inbound OAuth2/Bearer-token authorization when the NEF module mounted the 3gpp-traffic-influence...

Packet Storm News•added 2026/05/18 12:0 a.m.•3 views

Token by Token, Compromised: Backdoor Vulnerabilities in Unified Autoregressive Models

Unified autoregressive models UAMs are transformer models that generate text as well as image tokens within a single autoregressive pass. Shared parameters and a multimodal vocabulary simplify the training pipeline and facilitate flexible multimodal generation, yet might introduce new...

5.8AI score

Veracode•added 2026/05/16 5:32 a.m.•10 views

Information Disclosure

Free5GC is vulnerable to Information Disclosure. The vulnerability is due to improper request handling in the UDR endpoint GET /nudr-dr/v2/application-data/influenceData/subs-to-notify, where error responses for missing or malformed parameters do not terminate execution. As a result, processing...

7.5CVSS5.8AI score0.00047EPSS

Exploits1References1Affected Software1

Veracode•added 2026/05/16 5:30 a.m.•5 views

Improper Access Control

github.com/free5gc/udr is vulnerable to Improper Access Control. The vulnerability is due to improper request handling in the Traffic Influence Subscription deletion endpoint, which allows an attacker to bypass validation and delete arbitrary subscriptions despite receiving a misleading 404...

8.7CVSS5.9AI score0.00034EPSS

Exploits1References1Affected Software1

Packet Storm News•added 2026/05/14 12:0 a.m.•3 views

Hidden in Memory: Sleeper Memory Poisoning in LLM Agents

Large language models are increasingly augmented with persistent memory, allowing assistants to store user-specific information across sessions for personalization and continuity. This statefulness introduces a new security risk: adversarial content can corrupt what an assistant remembers and...

5.8AI score

Positive Technologies•added 2026/05/12 12:0 a.m.•9 views

PT-2026-40007

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

8.2CVSS5.7AI score0.00042EPSS

Exploits0References3

Github Security Blog•added 2026/05/08 10:58 p.m.•7 views

free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions

Summary free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptions either with no Authorization header at all, or with a forged bearer...

Exploits1References4Affected Software1

Snyk•added 2026/05/08 10:58 p.m.•3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the 3gpp-traffic-influence API route group, which lacks inbound authorization checks. An attacker can create, read, modify, or delete traffic-influence subscriptions by sending unauthenticated or forged requests...

Snyk•added 2026/05/08 10:58 p.m.•4 views

Exploits1References2

Missing Authorization