118 matches found
PT-2026-35034
Name of the Vulnerable Software and Affected Versions New API versions prior to 0.12.10 Description A flaw in the Stripe webhook handler allows unauthenticated attackers to forge webhook events and credit arbitrary quota to their accounts without payment. This is caused by three issues: the syste...
SUSE CVE-2026-32937
free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...
CVE-2026-32937
free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the RechargePut function in the nchf-convergedcharging service. An attacker can cause a server-side panic and disrupt recharge functionality by sending a crafted authenticated PUT request with an...
CVE-2026-32937
free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...
CVE-2026-32937
This CVE affects free5GC CHF prior to v1.2.2, where an out-of-bounds slice access in nchf-convergedcharging RechargePut(...) can be triggered by an authenticated PUT to /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=.... The result is a server-side panic converted to HTTP 500 by Gin, ena...
CVE-2026-32937 free5GC CHF has Out-of-Bounds Slice Access that Leads to DoS
free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...
CVE-2026-32937
free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...
CVE-2026-32937 free5GC CHF has Out-of-Bounds Slice Access that Leads to DoS
free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...
Out-of-Bounds Slice Access in free5GC CHF Leading to DoS
Impact This is an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic in github.com/free5gc/chf/internal/sbi.Server.RechargePut... due t...
GHSA-6G43-577R-WF4X Out-of-Bounds Slice Access in free5GC CHF Leading to DoS
Impact This is an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic in github.com/free5gc/chf/internal/sbi.Server.RechargePut... due t...
PT-2026-26176
free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...
EUVD-2022-44693
Malicious code in bioql PyPI...
EUVD-2024-52687
Malicious code in bioql PyPI...
EUVD-2023-1893
Malicious code in bioql PyPI...
CVE-2023-36815
Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account sealos. io/v1/Payment, resulting in the ability to recharge any amou...
CVE-2022-41500
EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery CSRF vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components...
CVE-2021-25527
Improper export of Android application components vulnerability in Samsung Pay India only prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication...
CVE-2024-54879
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely...
CVE-2024-54879
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely...