CVE-2026-8224

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcfsesssetipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to...

PT-2026-39442

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A remote denial of service can be triggered in the PCF component via the pcf sess set ipv6prefix function located in the /src/pcf/context.c file. This occurs through the manipulation of the...

Untrusted Search Path

Overview @pnpm/fetching.binary-fetcher is a fetcher for binary archives Affected versions of this package are vulnerable to Untrusted Search Path via the extractZipToTarget function and the use of unvalidated prefix values. An attacker can overwrite arbitrary files on the file system by supplying...

Percent-encoded cookies can be used to overwrite existing prefixed cookie names

It is possible to forge a secure or host-only cookie prefix in Rack using an arbitrary cookie write by using URL encoding percent-encoding on the name of the cookie. This could result in an application that is dependent on this prefix to determine if a cookie is safe to process being manipulated...