1154 matches found
CVE-2026-33191
CVE-2026-33191 affects Free5GC UDM (Nudm_SubscriberDataManagement API) where null byte injections in the supi URL path parameter (URL-encoded %00) trigger Go’s net/url parsing error, leading to a 500 Internal Server Error and enabling denial-of-service conditions. Multiple sources confirm the iss...
CVE-2026-33191 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...
CVE-2026-33191
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...
CVE-2026-33191 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...
UBUNTU-CVE-2026-33191
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...
CVE-2026-33191
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...
free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error
Impact This is an Improper Input Validation vulnerability with Denial of Service and Injection implications. - Security Impact: A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's NudmSubscriberDataManagement API. This causes URL parsing failure in...
GHSA-P9HG-PQ3Q-V9GV free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error
Impact This is an Improper Input Validation vulnerability with Denial of Service and Injection implications. - Security Impact: A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's NudmSubscriberDataManagement API. This causes URL parsing failure in...
PT-2026-26208
Impact This is an Improper Input Validation vulnerability with Denial of Service and Injection implications. - Security Impact: A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's Nudm SubscriberDataManagement API. This causes URL parsing failure i...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the NewXMLTree function. An attacker can trigger the write of a single 0 byte. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Release - GitHub Releas...
Out-of-bounds Write
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
EUVD-2026-12534
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...
CVE-2026-0708
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...
CVE-2026-0708
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...
CVE-2026-0708 Libucl: libucl: denial of service via embedded null byte in ucl input
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...
CVE-2026-0708
CVE-2026-0708 (Libucl) describes a denial-of-service in libucl caused by a crafted UCL input containing a key with an embedded null byte. This can trigger a segmentation fault in ucl_object_emit during parsing/emitting, leading to DoS on affected systems. The CVSS base score is 8.3 ( HIGH ) with ...
CVE-2026-0708 Libucl: libucl: denial of service via embedded null byte in ucl input
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...
libucl 安全漏洞
Libucl is a C-language general configuration library parser developed by Vsevolod Stakhov. Libucl has a security vulnerability. This vulnerability arises from the uclobjectemit function during parsing and emitting UCL inputs containing embedded null-byte keys, which may lead to a denial-of-servic...
PT-2026-25869
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the ucl object emit function when parsing and emitting the...
Easy File Sharing Web Server v7.2 - Buffer Overflow
Exploit title: Easy File Sharing Web Server v7.2 - Buffer Overflow Date: 16/10/2025 Exploit Author: Donwor X: @realDonwor Discord: Donwor Website: https://github.com/D0nw0r Software Link: https://www.exploit-db.com/apps/60f3ff1f3cd34dec80fba130ea481f31-efssetup.exe Version: Easy File Sharing Web...