CVE-2026-7536

A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsfsessaddbyipaddress of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr can lead to denial of service. The attack can be launched...

An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).

...

The vulnerability of the FortiTester software-based diagnostic and audit tools for computer networks, as well as the FortiAnalyzer tool for event monitoring and analysis, stems from the lack of protective measures taken for website structures. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the FortiTester software for diagnosing and auditing computer networks, as well as the FortiAnalyzer software for monitoring and analyzing security events, is related to the lack of protective measures taken for the website structure. Exploiting this vulnerability could allow...

UBUNTU-CVE-2016-10739

In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the...