CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/27 3:45 p.m.•6 views

CVE-2026-44323

4.3CVSS5.8AI score0.00053EPSS

Exploits1References5Affected Software1

Cvelist•added 2026/05/27 3:45 p.m.•34 views

CVE-2026-44323 free5GC: UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

4.3CVSS0.00053EPSS

EUVD•added 2026/05/27 3:45 p.m.•6 views

EUVD-2026-32575

4.3CVSS5.8AI score0.00053EPSS

Vulnrichment•added 2026/05/27 3:39 p.m.•7 views

CVE-2026-44328 free5GC: SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/upNodeRef handler unconditionally dereferences upNode.UPF after the type-guarded...

8.2CVSS5.8AI score0.00057EPSS

ATTACKERKB•added 2026/05/27 3:39 p.m.•4 views

CVE-2026-44328

8.2CVSS5.8AI score0.00057EPSS

Exploits1References5Affected Software1

CVE•added 2026/05/27 3:39 p.m.•5 views

CVE-2026-44328

Summary: CVE-2026-44328 affects free5GC SMF 4.2.1 and is fixed in 4.2.2 via upstream patch PR#199. The SMBI UPI route group was left without inbound OAuth2 middleware, allowing unauthenticated access to delete endpoints. The DELETE /upi/v1/upNodesLinks/{upNodeRef} handler unconditionally derefere...

8.2CVSS5.8AI score0.00057EPSS

Exploits1References4Affected Software1

Snyk•added 2026/05/27 3:39 p.m.•3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the parseinterface function. An attacker can cause a crash of the application by providing a crafted USB configuration descriptor, such as via virtualized USB passthrough, file-based descriptor parsing, or...

6.9CVSS5.8AI score0.00012EPSS

Exploits0References2

EUVD•added 2026/05/27 3:33 p.m.•4 views

EUVD-2026-32267

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix NULL pointer dereference in acpievaddressspacedispatch Cover a missed execution path with a new check...

5.9AI score0.00031EPSS

Exploits0References7

EUVD•added 2026/05/27 3:33 p.m.•3 views

EUVD-2026-32250

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...

5.7AI score0.00022EPSS

Exploits0References4

EUVD-2026-32249

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix invalid deref of rawdata when exportbinary is unset If the exportbinary parameter is disabled on runtime, profiles that were loaded before that will still have their rawdata stored in apparmorfs, with a symbolic lin...

Exploits0References9

EUVD-2026-32227

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inline data read failure for ztailpacking pclusters Compressed folios for ztailpacking pclusters must be valid before adding these pclusters to I/O chains. Otherwise, zerofsdecompresspcluster may assume they are alread...

5.7AI score0.00023EPSS

Exploits0References5

EUVD-2026-32384

In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - don't deref NULL sksocket member after tcpclose When deleting a peer in case of keepalive expiration, the peer is removed from the OpenVPN hashtable and is temporary inserted in a "release list" for further processing...

5.9AI score0.00022EPSS

Exploits0References4

EUVD-2026-32377

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference. T...

EUVD•added 2026/05/27 3:33 p.m.•5 views

Exploits0References8

EUVD-2026-32343

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtpbusremoveallclients During a warm reset flow, the cl-device pointer may be NULL if the reset occurs while clients are still being enumerated. Accessing cl-device-referencecount witho...

5.7AI score0.00023EPSS

Exploits0References5

EUVD•added 2026/05/27 3:33 p.m.•7 views

EUVD-2026-32340

In the Linux kernel, the following vulnerability has been resolved: phy: freescale: imx8qm-hsio: fix NULL pointer dereference During the probe the refclkpad pointer is set to NULL if the 'fsl,refclk-pad-mode' property is not defined in the devicetree node. But in imxhsioconfigureclkpad this point...

5.8AI score0.00023EPSS

Exploits0References5

EUVD•added 2026/05/27 3:33 p.m.•5 views

EUVD-2026-32335

In the Linux kernel, the following vulnerability has been resolved: power: supply: wm97xx: Fix NULL pointer dereference in powersupplychanged In probe, requestirq is called before allocating/registering a powersupply handle. If an interrupt is fired between the call to requestirq and...

EUVD•added 2026/05/27 3:33 p.m.•4 views

Exploits0References9

EUVD-2026-32323

In the Linux kernel, the following vulnerability has been resolved: scsi: csiostor: Fix dereference of null pointer rn The error exit path when rn is NULL ends up deferencing the null pointer rn via the use of the macro CSIOINCSTATS. Fix this by adding a new error return path label after the use ...