CVE-2026-40343

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

CVE-2026-40249

CVE-2026-40249 affects free5GC UDR (versions 4.2.1 and earlier). The PUT handler for /nudr-dr/v2/policy-data/subs-to-notify/{subsId} may continue processing after request body read or deserialization errors, invoking the processor with an uninitialized/partially initialized PolicyDataSubscription...

free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors

Summary A fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify/subsId PUT handler to continue processing requests even after request body retrieval or deserialization errors. This may allow unintended modification of existing Policy Data notificatio...

USN-7984-1 pagure vulnerabilities

Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic links in Git repositories. A remote attacker could possibly use this issue to cause Pagure to expose files outside the intended repository boundaries. CVE-2024-4981 Thomas Chauchefoin discovered that Pagure did not properly...

YaCy security vulnerabilities

YaCy is a distributed network search engine open source from YaCy Search Engine. There is a security vulnerability in YaCy, which stems from the program file YaCyDefaultServlet.Java having input errors during web page generation, which may lead to cross-site scripting attacks...

CVE-2018-25154 GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

EUVD-2020-24619

Malware in sbrugna...

EUVD-2019-5272

Malware in sbrugna...

EUVD-2018-0967

Malware in sbrugna...

CVE-2019-14099

Device misbehavior may be observed when incorrect offset, length or number of buffers is passed by user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C...

UBUNTU-CVE-2024-53087

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix possible exec queue leak in exec IOCTL In a couple of places after an exec queue is looked up the exec IOCTL returns on input errors without dropping the exec queue ref. Fix this ensuring the exec queue ref is dropped...

PT-2023-3980 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition version 7.0.0.0.0 Description: The issue is related to errors in processing input data in the Analytics Server component of Oracle Business Intelligence Enterprise Edition. This can be exploited...

Pimcore Cross-Site Scripting Vulnerability (CNVD-2022-38753)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications. pimcore suffers from a cross-site scriptin...

chaskiq Cross-Site Scripting Vulnerability (CNVD-2022-08227)

Chaskiq is an open source messaging platform. It is used for marketing, support and sales. chaskiq suffers from a cross-site scripting vulnerability that stems from the fact that chaskiq is vulnerable to input errors during web page generation "cross-site scripting". An attacker could exploit thi...

Chaskiq 跨站脚本漏洞

Chaskiq is an open source messaging platform. It is used for marketing, support and sales. chaskiq suffers from a cross-site scripting vulnerability that stems from the fact that chaskiq is vulnerable to input errors during web page generation "cross-site scripting". An attacker could exploit thi...

livehelperchat cross-site scripting vulnerability (CNVD-2022-01685)

livehelperchat is available through live helper chat and can be used to provide live support on the website for free. A cross-site scripting vulnerability exists in livehelperchat that stems from the vulnerability of livehelperchat to input errors when generating web pages. An attacker can exploi...

livehelperchat cross-site scripting vulnerability (CNVD-2022-01684)

livehelperchat is available through live helper chat and can be used to provide live support on the website for free. A cross-site scripting vulnerability exists in livehelperchat that stems from the vulnerability of livehelperchat to input errors when generating web pages. An attacker can exploi...

livehelperchat cross-site scripting vulnerability (CNVD-2022-01688)

livehelperchat is available through live helper chat and can be used to provide live support on the website for free. A cross-site scripting vulnerability exists in livehelperchat, which stems from vulnerability to input errors when generating web pages. No detailed vulnerability details are...