CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

RedhatCVE•added 2026/06/05 7:12 p.m.•7 views

CVE-2026-44320

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback...

7.3CVSS5.6AI score0.00232EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:12 p.m.•8 views

CVE-2026-44315

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a...

9.4CVSS5.6AI score0.00287EPSS

Exploits1References1

RedhatCVE•added 2026/05/28 8:12 p.m.•8 views

CVE-2026-44327

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handl...

10CVSS5.8AI score0.00287EPSS

Exploits1References1

NVD•added 2026/05/27 5:16 p.m.•11 views

CVE-2026-44327

10CVSS0.00287EPSS

Exploits1References3

NVD•added 2026/05/27 5:16 p.m.•11 views

CVE-2026-44326

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptio...

9.4CVSS0.00287EPSS

Exploits1References3

NVD•added 2026/05/27 5:16 p.m.•15 views

CVE-2026-44315

9.4CVSS0.00287EPSS

Exploits1References3

ATTACKERKB•added 2026/05/27 3:52 p.m.•6 views

CVE-2026-44315

9.4CVSS5.9AI score0.00287EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/05/27 3:52 p.m.•6 views

CVE-2026-44315 free5GC: NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions

9.4CVSS5.9AI score0.00287EPSS

Exploits1References3

EUVD•added 2026/05/27 3:52 p.m.•11 views

EUVD-2026-32553

9.4CVSS5.9AI score0.00287EPSS

Exploits1References3

Cvelist•added 2026/05/27 3:48 p.m.•39 views

CVE-2026-44320 free5GC: NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path

7.3CVSS0.00232EPSS

Exploits1References3

ATTACKERKB•added 2026/05/27 3:41 p.m.•8 views

CVE-2026-44326

9.4CVSS5.8AI score0.00287EPSS

Exploits1References4Affected Software1

EUVD•added 2026/05/27 3:40 p.m.•9 views

EUVD-2026-32571

10CVSS5.8AI score0.00287EPSS

Exploits1References3

Vulnrichment•added 2026/05/27 3:40 p.m.•5 views

CVE-2026-44327 free5GC: NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler

10CVSS5.8AI score0.00287EPSS

Exploits1References3

ATTACKERKB•added 2026/05/27 3:40 p.m.•6 views

CVE-2026-44327

10CVSS5.8AI score0.00287EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/05/27 3:40 p.m.•40 views

CVE-2026-44327 free5GC: NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler

10CVSS0.00287EPSS

Exploits1References3

CVE•added 2026/05/27 3:40 p.m.•19 views

CVE-2026-44327

CVE-2026-44327 affects free5GC NEF (nnef-oam route group). Prior to v4.2.2, the OAM route group was mounted without inbound OAuth2/bearer-token authorization, allowing unauthenticated requests to hit OAM endpoints via the SBI. The OAM handler is a stub returning null, but the defect is route-grou...

10CVSS5.8AI score0.00287EPSS

Exploits1References3Affected Software1

Snyk•added 2026/05/08 11:2 p.m.•8 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to the lack of inbound authentication and authorization checks on the nnef-pfdmanagement route group. An attacker can gain unauthorized access to sensitive PFD application data, create or delete PFD...

10CVSS5.8AI score0.00238EPSS

Exploits1References2

Snyk•added 2026/05/08 10:59 p.m.•5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the nnef-oam route group due to missing inbound authentication and authorization checks. An attacker can gain unauthorized access to administrative operations by sending unauthenticated requests to the exposed...

10CVSS5.8AI score0.00287EPSS

Exploits1References3

Github Security Blog•added 2026/05/08 10:59 p.m.•7 views

free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler

Summary free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handler returns 200 OK. The current OAM handler is a stub that returns null, b...

10CVSS5.8AI score0.00287EPSS

Exploits1References5Affected Software1

Snyk•added 2026/05/08 10:58 p.m.•5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the 3gpp-traffic-influence API route group, which lacks inbound authorization checks. An attacker can create, read, modify, or delete traffic-influence subscriptions by sending unauthenticated or forged requests...

9.4CVSS5.8AI score0.00287EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by