CVE-2026-37233

FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eqxappricgenid in src/ric/iApp/xappricid.c compares m0-xappid against itself m0-xappid instead of the other argument m1-xappid, effectively ignoring the xApp identity dimension. A malicio...

CVE-2026-37233

CVE-2026-37233 affects FlexRIC v2.0.0. The iApp/xApp isolation contains an authorization bypass: the function eq_xapp_ric_gen_id() compares m0->xapp_id against itself rather than the other argument, effectively ignoring the xApp identity dimension. A malicious xApp connected to the iApp (port ...

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability stems from an authorization bypass in the iApp’s xApp isolation mechanism. The comparison function incorrectly compares xappid with itself...

CVE-2026-37233

FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eqxappricgenid in src/ric/iApp/xappricid.c compares m0-xappid against itself m0-xappid instead of the other argument m1-xappid, effectively ignoring the xApp identity dimension. A malicio...

CVE-2026-40246

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC such as 1.4.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the UDR service’s handling of traffic affected by subscriptions. After a verification failure, the proce...

free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions

Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to delete Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment. Details The...

GHSA-G9CW-QWHF-24JP free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions

Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to delete Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment. Details The...

GO-2026-4758 free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request in github.com/free5gc/udm

free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request in github.com/free5gc/udm...

Linux Distros Unpatched Vulnerability : CVE-2026-25238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may...

UBUNTU-CVE-2026-25238

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0...

CVE-2026-25238

PEAR framework: Vulnerable before version 1.33.0 due to SQL injection in bug subscription deletion via crafted email value. Root cause is weak email validation that permits SQL injection in the deletion flow. Impact is described as high for confidentiality, integrity, and availability. The issue ...

EUVD-2026-5197

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0...

CVE-2026-25238 PEAR is Vulnerable to SQL Injection in Bug Subscription Deletion via Weak Email Validation

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0...

CVE-2026-25238

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0...

CVE-2026-25238 PEAR is Vulnerable to SQL Injection in Bug Subscription Deletion via Weak Email Validation

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0...

pearweb SQL注入漏洞

PearWeb is a PHP extension and application repository developed by PEAR. Versions of PearWeb prior to 1.33.0 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect subscription deletion operations, which allowed attackers to inject SQL commands through specially crafte...

PT-2026-6287

Name of the Vulnerable Software and Affected Versions PEAR versions prior to 1.33.0 Description PEAR is a framework and distribution system for reusable PHP components. A SQL injection issue in bug subscription deletion could allow attackers to inject SQL via a crafted email value. The issue was...

EUVD-2023-2007

Malicious code in bioql PyPI...