CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/29 1:21 p.m.•1 views

JLSEC-2026-304

HDF5 Library through 1.14.3 allows stack consumption in the function H5Eprintfstack in H5Eint.c...

7.5CVSS8.2AI score0.00418EPSS

Tenable Nessus•added 2026/03/24 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-33192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a...

8.7CVSS5.8AI score0.00015EPSS

Exploits1References2

UbuntuCve•added 2026/03/20 12:0 a.m.•3 views

CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS5.7AI score0.00015EPSS

Exploits1References4

CNNVD•added 2026/03/20 12:0 a.m.•4 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.2 contained security vulnerabilities. These vulnerabilities stemmed from UDM’s improper handling of PATCH requests with empty supi path parameters. UDM incorrectly converted downstrea...

8.7CVSS6.4AI score0.00015EPSS

Exploits1References3

OSV•added 2026/03/18 8:11 p.m.•2 views

GHSA-5RVC-5CWX-G5X8 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Impact This is an Improper Error Handling vulnerability with Information Exposure implications, combined with an HTTP Method Translation issue. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with ...

8.7CVSS5.7AI score0.00015EPSS

Exploits1References5

OSV•added 2026/03/18 8:11 p.m.•3 views

GHSA-P9HG-PQ3Q-V9GV free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error

Impact This is an Improper Input Validation vulnerability with Denial of Service and Injection implications. - Security Impact: A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's NudmSubscriberDataManagement API. This causes URL parsing failure in...

8.7CVSS5.8AI score0.00204EPSS

Exploits0References5

Positive Technologies•added 2026/03/18 12:0 a.m.•3 views

PT-2026-26187

Impact This is an Improper Error Handling vulnerability with Information Exposure implications. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leaks intern...

6.9CVSS5.8AI score0.00049EPSS

Exploits1References10

RedhatCVE•added 2026/02/25 4:6 a.m.•2 views

CVE-2025-69250

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the service reliably leaks detailed internal error messages e.g., strconv.ParseInt parsing errors to remote clients when processi...

8.7CVSS5.4AI score0.00141EPSS

Exploits1References1

NVD•added 2026/02/24 12:16 a.m.•3 views

CVE-2025-69250

8.7CVSS0.00141EPSS

Exploits1References4

CNNVD•added 2026/02/24 12:0 a.m.•3 views

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC such as 1.4.1 and earlier contained code vulnerabilities. These vulnerabilities resulted from the risk of leaking detailed internal error messages when processing invalid pduSessionId inputs. This...

8.7CVSS5.9AI score0.00141EPSS

Exploits1References4

ATTACKERKB•added 2026/01/15 1:15 p.m.•1 views

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

7.5CVSS5.6AI score0.00022EPSS

Exploits0References7

RedhatCVE•added 2026/01/09 8:53 a.m.•4 views

CVE-2021-27606

SAP NetWeaver ABAP Server and ABAP Platform Enqueue Server, versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a...

7.5CVSS7AI score0.00278EPSS

Exploits0References1

NVD•added 2025/11/18 4:15 p.m.•6 views

CVE-2025-9977

Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...

5.3CVSS0.02579EPSS

7.5CVSS6.9AI score0.00211EPSS

EUVD-2021-14381

Malware in sbrugna...

7.5CVSS7.8AI score0.00278EPSS

EUVD-2021-14353

Malware in sbrugna...

6.1CVSS7.7AI score0.00256EPSS

EUVD-2021-10880

Malware in sbrugna...

Exploits0References5

4.3CVSS6.4AI score0.00485EPSS

EUVD-2015-0997

Malware in sbrugna...

Tenable Nessus•added 2025/10/07 12:0 a.m.•1 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-437848)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-437848 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion...

7.8CVSS6.1AI score0.00012EPSS

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-20067

Malicious code in bioql PyPI...

7.6AI score0.00049EPSS