CVE-2026-40343

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

CVE-2026-40249

CVE-2026-40249 affects free5GC UDR (versions 4.2.1 and earlier). The PUT handler for /nudr-dr/v2/policy-data/subs-to-notify/{subsId} may continue processing after request body read or deserialization errors, invoking the processor with an uninitialized/partially initialized PolicyDataSubscription...

free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors

Summary A fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify/subsId PUT handler to continue processing requests even after request body retrieval or deserialization errors. This may allow unintended modification of existing Policy Data notificatio...

USN-7984-1 pagure vulnerabilities

Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic links in Git repositories. A remote attacker could possibly use this issue to cause Pagure to expose files outside the intended repository boundaries. CVE-2024-4981 Thomas Chauchefoin discovered that Pagure did not properly...

YaCy security vulnerabilities

YaCy is a distributed network search engine open source from YaCy Search Engine. There is a security vulnerability in YaCy, which stems from the program file YaCyDefaultServlet.Java having input errors during web page generation, which may lead to cross-site scripting attacks...

CVE-2018-25154 GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

EUVD-2018-0967

Malware in sbrugna...

EUVD-2019-5272

Malware in sbrugna...

EUVD-2020-24619

Malware in sbrugna...

CVE-2019-14099

Device misbehavior may be observed when incorrect offset, length or number of buffers is passed by user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C...

The vulnerability of the AuthenticationFilter class in the Apache Pinot OLAP data store allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the AuthenticationFilter class in the Apache Pinot OLAP data store is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to influence the confidentiality, integrity, and accessibility of the protected information...

Vulnerability of Windows operating system control consoles, allowing attackers to circumvent existing security restrictions

The vulnerability of Windows operating system consoles is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to bypass existing security restrictions...

UBUNTU-CVE-2024-53087

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix possible exec queue leak in exec IOCTL In a couple of places after an exec queue is looked up the exec IOCTL returns on input errors without dropping the exec queue ref. Fix this ensuring the exec queue ref is dropped...

The vulnerability of the Elastick Stack Filebeat software, which logs log messages, is related to errors in input data in the httpjson format. As a result, the content of the http-request headers for Authorization or Proxy-Authorization may be logged in the debugging logs, allowing an intruder to access confidential information.

The vulnerability of the Elastick Stack Filebeat software for logging records is related to errors in the httpjson input data. As a result, the content of the http-request headers Authorization or Proxy-Authorization may be logged in the debugging logs. Exploiting this vulnerability can allow an...

The vulnerability of the library for optimizing machine learning models, Intel Neural Compressor, related to errors in processing input data, allows attackers to exploit it to gain increased privileges.

The vulnerability of the Intel Neural Compressor library for optimizing machine learning models is related to errors in processing input data. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

The vulnerability of the template mechanism in the SugarCRM system allows a perpetrator to execute arbitrary code.

The vulnerability of the template mechanism in the SugarCRM system is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a specially crafted PNG file, which contains embedded PHP code...

The vulnerability of the Utility component of the Java SE software platform and the Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK virtual machines allows attackers to cause partial service interruptions.

The vulnerability of the Utility component of the Java SE software platform and the Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK virtual machines is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to cause partial service disruption...

The vulnerability of the Hotspot component in the Java SE software platform and Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK virtual machines allows attackers to access confidential information.

The vulnerability of the Hotspot component in the Java SE software platform and Oracle GraalVM Enterprise Edition/Oracle GraalVM for JDK virtual machines is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to access confidential information...