Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7910 matches found

RedhatCVE
RedhatCVEadded 2025/12/19 12:41 a.m.9 views

CVE-2025-65563

A denial-of-service vulnerability exists in the omec-project UPF component upf-epc/pfcpiface up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory NodeID Information Element, the association setup handler...

7.5CVSS6.7AI score0.00369EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/12/19 12:0 a.m.5 views

PT-2026-26121

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where the admin tagset is not released if initialization fails during NVMe/FC controller creation. Specifically, the nvme fabrics component creates an...

7.8CVSS6.4AI score0.00395EPSS
Exploits0References435
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/12/18 7:50 p.m.6 views

Malicious code in f5rest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f8084e3c4c369a7dc22b67657aa22f3faf8e9b98df2721c9ff4e4c17d36fe028 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score
Exploits0References1
OSV
OSVadded 2025/12/18 7:50 p.m.8 views

MAL-2025-192609 Malicious code in f5rest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f8084e3c4c369a7dc22b67657aa22f3faf8e9b98df2721c9ff4e4c17d36fe028 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
OSV
OSVadded 2025/12/18 7:50 p.m.6 views

MAL-2025-192608 Malicious code in f5-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dc7c52cb0573811c8391ab93a1a04c99826ebc3fffb98aa82cfe8deb4e58fc1d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/12/18 7:50 p.m.8 views

Malicious code in f5-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dc7c52cb0573811c8391ab93a1a04c99826ebc3fffb98aa82cfe8deb4e58fc1d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/12/18 7:49 p.m.6 views

Malicious code in bigip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 87f7e50e3df233ffefcde85171a87ec41d45bbb3d3fb7fbc6da742e9e95b6bb1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score
Exploits0References1
OSV
OSVadded 2025/12/18 7:49 p.m.4 views

MAL-2025-192607 Malicious code in bigip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 87f7e50e3df233ffefcde85171a87ec41d45bbb3d3fb7fbc6da742e9e95b6bb1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
Snyk
Snykadded 2025/12/18 7:46 p.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the association setup handler process. An attacker can cause the service to crash and disrupt user-plane services by sending a PFCP Association Setup Request that omits the mandatory Recovery Time Stamp...

8.7CVSS5.6AI score0.0036EPSS
Exploits1References2
Snyk
Snykadded 2025/12/18 7:46 p.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the association setup handler process. An attacker can cause the service to crash and disrupt user-plane services by sending a PFCP Association Setup Request that omits the mandatory Recovery Time Stamp...

8.7CVSS5.6AI score0.0036EPSS
Exploits1References2
Snyk
Snykadded 2025/12/18 7:45 p.m.4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the association setup handler process. An attacker can cause the service to crash and disrupt user-plane services by sending a PFCP Association Setup Request that omits the mandatory NodeID Information Eleme...

8.7CVSS5.6AI score0.00369EPSS
Exploits1References2
Snyk
Snykadded 2025/12/18 7:45 p.m.5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the association setup handler process. An attacker can cause the service to crash and disrupt user-plane services by sending a PFCP Association Setup Request that omits the mandatory NodeID Information Eleme...

8.7CVSS5.6AI score0.00369EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/12/18 7:44 p.m.4 views

CVE-2025-62521

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS8.3AI score0.04151EPSS
Exploits3References1
NVD
NVDadded 2025/12/18 7:16 p.m.8 views

CVE-2025-65564

A denial-of-service vulnerability exists in the omec-upf upf-epc-pfcpiface in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory Recovery Time Stamp Information Element, the association setup handler dereferences a nil pointer...

7.5CVSS0.0036EPSS
Exploits1References2
OSV
OSVadded 2025/12/18 7:16 p.m.4 views

CVE-2025-65563

A denial-of-service vulnerability exists in the omec-project UPF component upf-epc/pfcpiface up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory NodeID Information Element, the association setup handler...

7.5CVSS6.7AI score
Exploits0References2
OSV
OSVadded 2025/12/18 7:16 p.m.4 views

CVE-2025-65559

An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request type=50, the UPF crashes with a reachable assertion in lib/pfcp/context.c ogspfcpobjectteidhashset if the CreatePDR?PDI?F-TEID has CH=1 and the F-TEID address-family flags IPv4/IPv6 do not...

7.5CVSS6.8AI score
Exploits0References1
OSV
OSVadded 2025/12/18 7:16 p.m.3 views

CVE-2025-65564

A denial-of-service vulnerability exists in the omec-upf upf-epc-pfcpiface in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory Recovery Time Stamp Information Element, the association setup handler dereferences a nil pointer...

7.5CVSS5.8AI score0.0036EPSS
Exploits1References2
EUVD
EUVDadded 2025/12/18 6:30 p.m.6 views

EUVD-2025-204302

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...

6.4AI score0.00212EPSS
Exploits0References3
NVD
NVDadded 2025/12/18 4:15 p.m.6 views

CVE-2025-63386

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...

9.1CVSS0.00212EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/12/18 3:10 p.m.2 views

CVE-2025-65010 Missing authorizations for admin panel password change in WODESYS WD-R608U router

WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...

7.1CVSS6.8AI score0.00165EPSS
Exploits0References3
Rows per page
Query Builder