CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

367 matches found

Positive Technologies•added 2026/03/23 12:0 a.m.•2 views

PT-2026-27213

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4...

6.9CVSS5.8AI score0.00302EPSS

Exploits0References4

NVD•added 2026/03/20 8:16 a.m.•3 views

CVE-2026-33191

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...

8.7CVSS0.00354EPSS

Exploits0References2

NVD•added 2026/03/20 8:16 a.m.•7 views

CVE-2026-33065

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

6.9CVSS0.00282EPSS

Exploits1References4

Cvelist•added 2026/03/20 8:9 a.m.•21 views

CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS0.00321EPSS

Exploits1References3

CVE•added 2026/03/20 8:9 a.m.•9 views

CVE-2026-33192

CVE-2026-33192 — Free5GC UDM PATCH handling issue : In Free5GC UDM (pre-1.4.2), PATCH requests with an empty supi path parameter can trigger internal misbehavior: a 400 from UDR is converted to 500, and PATCH is inappropriately translated to PUT when forwarded to UDR. This reveals internal error ...

8.7CVSS5.7AI score0.00321EPSS

Exploits1References3Affected Software1

OSV•added 2026/03/20 8:9 a.m.•4 views

CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS6.2AI score0.00321EPSS

Exploits1References5

Cvelist•added 2026/03/20 8:3 a.m.•25 views

CVE-2026-33065 free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request

6.9CVSS0.00282EPSS

Exploits1References4

ATTACKERKB•added 2026/03/20 8:3 a.m.•4 views

CVE-2026-33065

6.9CVSS5.8AI score0.00282EPSS

Exploits1References5Affected Software1

CVE•added 2026/03/20 8:3 a.m.•11 views

CVE-2026-33065

CVE-2026-33065 affects Free5GC UDM (core network component) prior to version 1.4.2. When handling DELETE requests with an empty supi path (e.g., // in the URL), UDM forwards the malformed request to UDR (which returns 400) but UDM propagates it as 500 SYSTEM_FAILURE, leaking internal error handli...

6.9CVSS5.8AI score0.00282EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/03/20 7:54 a.m.•3 views

CVE-2026-33191 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error

8.7CVSS5.8AI score0.00354EPSS

Exploits0References2

OSV•added 2026/03/20 7:54 a.m.•3 views

CVE-2026-33191 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error

8.7CVSS6.3AI score0.00354EPSS

Exploits0References4

Github Security Blog•added 2026/03/18 8:11 p.m.•4 views

free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error

Impact This is an Improper Input Validation vulnerability with Denial of Service and Injection implications. - Security Impact: A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's NudmSubscriberDataManagement API. This causes URL parsing failure in...

8.7CVSS5.8AI score0.00354EPSS

Exploits0References5Affected Software1

OSV•added 2026/03/18 8:7 p.m.•2 views

GHSA-958M-GXMC-MCCM free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request

Impact This is an Improper Error Handling vulnerability with Information Exposure implications. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leaks intern...

6.9CVSS5.7AI score0.00282EPSS

Exploits1References6

RedhatCVE•added 2026/03/05 7:31 p.m.•4 views

CVE-2025-59787

2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts...

6.5CVSS5.9AI score0.00191EPSS

Exploits0References1