Lucene search
K

999 matches found

CVE
CVE
added 2026/03/24 12:0 a.m.13 views

CVE-2026-30653

The CVE-2026-30653 issue affects Free5GC v4.2.0 and earlier, where the AMF component’s HandleAuthenticationFailure function is vulnerable to remote triggering that can cause a denial of service. The description confirms the vulnerable element is within Free5GC’s AMF, but the provided documents do...

7.5CVSS5.7AI score0.00392EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/22 1:32 a.m.4 views

EUVD-2026-14264

A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called...

6.9CVSS5.6AI score0.00427EPSS
Exploits0References7
OSV
OSV
added 2026/02/23 9:42 p.m.8 views

CVE-2025-69248 free5GC has Array Index Out of Bounds in AMF Leading to Denial of Service

free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. Remote unauthenticated attackers can crash the AMF service by sending a specially crafted NA...

8.7CVSS5.6AI score0.00566EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/16 12:32 a.m.6 views

CVE-2026-2524 Open5GS MME mme_s11_handle_create_session_response denial of service

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mmes11handlecreatesessionresponse of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the...

6.9CVSS5.2AI score0.00611EPSS
Exploits1References6
EUVD
EUVD
added 2026/02/16 12:31 a.m.6 views

EUVD-2026-6139

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be...

9.8CVSS5.2AI score0.00548EPSS
Exploits2References9
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.9 views

PT-2026-8284

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be...

6.9CVSS5.3AI score0.00548EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/02/14 1:28 a.m.4 views

CVE-2025-70121

An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method NASMobileIdentity5GS.go when accessing index 5 of ...

7.5CVSS5.6AI score0.0034EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.7 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Version 4.0.1 of free5GC contains a security vulnerability caused by an array index out-of-bounds issue in the AMF component. This vulnerability could allow remote attackers to cause denial-of-service attacks using a...

7.5CVSS5.8AI score0.0034EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.5 views

CVE-2025-37177

An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within th...

6.5CVSS6.9AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.6 views

CVE-2025-37169

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system...

7.2CVSS7.7AI score0.00477EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.6 views

CVE-2025-37168

Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and...

9.1CVSS7.2AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.5 views

CVE-2025-37171

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

7.2CVSS7.9AI score0.01203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.8 views

CVE-2025-37175

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary comman...

7.2CVSS7.5AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.6 views

CVE-2025-37172

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

7.2CVSS7.9AI score0.01096EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.5 views

CVE-2025-37170

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

7.2CVSS7.9AI score0.01122EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.5 views

CVE-2025-37173

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected...

7.2CVSS6.7AI score0.00367EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 8:16 p.m.4 views

CVE-2025-37177

An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within th...

6.5CVSS5.9AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 8:16 p.m.4 views

CVE-2025-37173

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected...

7.2CVSS5.8AI score0.00367EPSS
Exploits0References1
NVD
NVD
added 2026/01/13 8:16 p.m.6 views

CVE-2025-37171

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

7.2CVSS0.01203EPSS
Exploits0References1
NVD
NVD
added 2026/01/13 8:16 p.m.4 views

CVE-2025-37172

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

7.2CVSS0.01096EPSS
Exploits0References1
Rows per page
Query Builder