CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6687 matches found

NVD•added 2026/05/11 4:17 p.m.•8 views

CVE-2026-8292

A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarelparse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argument hnrf-uri leads to denial of service. The attack may be performed from remote. The exploit has...

6.5CVSS0.00045EPSS

Exploits1References5

Cvelist•added 2026/05/11 3:0 p.m.•29 views

CVE-2026-8292 Open5GS NRF conv.c yuarel_parse denial of service

5.3CVSS0.00045EPSS

Exploits1References5

CVE•added 2026/05/11 3:0 p.m.•7 views

CVE-2026-8292

Open5GS up to 2.7.7 contains a vulnerability in NRF: the yuarel_parse function in /lib/sbi/conv.c can be triggered by manipulating hnrf-uri, causing denial of service. The issue is exploitable remotely and public exploits are disclosed; Open5GS was informed via an issue but has not responded. No ...

6.5CVSS5.4AI score0.00045EPSS

Exploits1References5Affected Software1

SUSE CVE•added 2026/05/11 2:13 p.m.•4 views

SUSE CVE-2026-43395

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xesyncentryparse can allocate references syncobj, fence, chain fence, or user fence before hitting a later failure path. Several of those paths returned directly,...

5.8AI score0.00013EPSS

Exploits0References3

OSV•added 2026/05/11 5:44 a.m.•3 views

BIT-GOLANG-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.3CVSS5.8AI score0.00012EPSS

Exploits0References5

Vulnrichment•added 2026/05/11 3:45 a.m.•8 views

CVE-2026-8270 Open5GS SMF ogs_nas_parse_qos_rules denial of service

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogsnasparseqosrules of the component SMF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The proje...

5.3CVSS5.5AI score0.00045EPSS

Exploits1References5

CNNVD•added 2026/05/11 12:0 a.m.•4 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities; these vulnerabilities stem from the smf component’s ogsnasparseqosrules function, which may lead...

6.5CVSS5.8AI score0.00045EPSS

Exploits1References1

SUSE CVE•added 2026/05/09 2:43 a.m.•8 views

SUSE CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

7.5CVSS5.8AI score0.00054EPSS

Exploits0References3

SUSE CVE•added 2026/05/09 2:41 a.m.•5 views

SUSE CVE-2026-43192

In the Linux kernel, the following vulnerability has been resolved: dm mpath: Add missing dmputdevice when failing to get scsi dh name When commit fd81bc5cca8f "scsi: devicehandler: Return error pointer in scsidhattachedhandlername" added code to fail parsing the path if scsidhattachedhandlername...

5.8AI score0.00014EPSS

Exploits0References3

SUSE CVE•added 2026/05/09 2:40 a.m.•5 views

SUSE CVE-2026-43264

In the Linux kernel, the following vulnerability has been resolved: fbdev: of: displaytiming: fix refcount leak in ofgetdisplaytimings ofparsephandle returns a devicenode with refcount incremented, which is stored in 'entry' and then copied to 'nativemode'. When the error paths at lines 184 or 19...

3.3CVSS5.8AI score0.00013EPSS

Exploits0References4

RedhatCVE•added 2026/05/09 2:21 a.m.•4 views

CVE-2025-63703

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

9.8CVSS5.8AI score0.00021EPSS

Exploits0References1

Tenable Nessus•added 2026/05/09 12:0 a.m.•3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016817)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016817 advisory. The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to ...

5.3CVSS7.2AI score0.00024EPSS

Exploits0References4

Vulnrichment•added 2026/05/08 10:47 p.m.•3 views

CVE-2026-41682 pupnp: Port truncation via atoi() cast in parse_uri() allows SSRF port confusion

pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi cast in parseuri. This issue has been patched in version 1.18.5...

6.9CVSS5.7AI score0.00016EPSS

Exploits0References3

OSV•added 2026/05/08 7:0 p.m.•2 views

GHSA-GF5M-WCRH-7928 open-webui Vulnerable to Stored XSS via Model Description

!IMPORTANT Relationship to CVE-2024-7990 CVE-2024-7990 issued by huntr.dev, March 2025 describes a stored XSS in the same field — the model description — but exploits a different bypass mechanism: a second-order injection through the sanitizeResponseContent function's video-tag placeholder...

7.3CVSS6AI score0.00036EPSS

Exploits1References3