Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1088 matches found

CNNVD
CNNVDadded 2026/04/21 12:0 a.m.10 views

Signal K Server 安全漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.25.0 contained a security vulnerability. This vulnerability stemmed from improper validation of the context parameter in the WebSocket subscription processing logic, which...

7.5CVSS5.8AI score0.00427EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/04/21 12:0 a.m.5 views

PT-2026-34214

Name of the Vulnerable Software and Affected Versions free5GC UDR versions prior to 1.4.3 Description A fail-open request handling flaw exists in the UDR service. The POST handler for the endpoint '/nudr-dr/v2/policy-data/subs-to-notify' continues to process requests even after encountering error...

6.9CVSS5.4AI score0.09955EPSS
Exploits0References8
OPENSUSE Linux
OPENSUSE Linuxadded 2026/04/21 12:0 a.m.4 views

Security update for cockpit-subscriptions (important)

openSUSE security update: security update for cockpit-subscriptions ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20532-1 Rating: important References: bsc1258637 Cross-References: CVE-2026-26996 CVSS scores: CVE-2026-26996 SUSE : 7.5...

8.7CVSS5.7AI score0.00519EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/20 7:22 p.m.2 views

CVE-2026-40248

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...

8.7CVSS5.9AI score0.00427EPSS
Exploits1References1
Patchstack
Patchstackadded 2026/04/20 2:40 p.m.3 views

WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by loris4py in WordPress Plugin Paid Member Subscriptions versions = 2.17.3...

5.8AI score0.00175EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVEadded 2026/04/18 7:22 a.m.2 views

CVE-2026-40246

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

8.7CVSS5.9AI score0.0038EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/18 7:22 a.m.3 views

CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

6.9CVSS6AI score0.00321EPSS
Exploits1References1
Snyk
Snykadded 2026/04/16 11:38 p.m.2 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the handler for creating or updating Traffic Influence Subscriptions due to improper validation of the influenceId path segment. An attacker can create or overwrite arbitrary Traffic Influence Subscriptions,...

8.7CVSS5.7AI score0.00427EPSS
Exploits1References2
Snyk
Snykadded 2026/04/16 11:38 p.m.2 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the handler responsible for reading Traffic Influence Subscriptions. An attacker can access sensitive subscription data, including SUPIs/IMSIs, DNNs, S-NSSAIs, and callback URIs, by supplying arbitrary values f...

8.7CVSS5.6AI score0.00493EPSS
Exploits1References2
NVD
NVDadded 2026/04/16 10:16 p.m.4 views

CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

6.9CVSS0.00321EPSS
Exploits1References1
NVD
NVDadded 2026/04/16 10:16 p.m.4 views

CVE-2026-40246

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

8.7CVSS0.0038EPSS
Exploits1References1
NVD
NVDadded 2026/04/16 10:16 p.m.3 views

CVE-2026-40247

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

8.7CVSS0.00493EPSS
Exploits1References1
NVD
NVDadded 2026/04/16 10:16 p.m.8 views

CVE-2026-40248

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...

8.7CVSS0.00427EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/16 9:59 p.m.2 views

CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

6.9CVSS6AI score0.00321EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/16 9:59 p.m.3 views

CVE-2026-40249 free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

6.9CVSS6AI score0.00321EPSS
Exploits1References1
CVE
CVEadded 2026/04/16 9:57 p.m.21 views

CVE-2026-40248

CVE-2026-40248 affects free5GC UDR (versions 4.2.1 and earlier). The vulnerability stems from improper path validation: when influenceId != subs-to-notify, the handler returns 404 but does not stop, allowing unauthenticated SBI clients to create/modify Traffic Influence Subscriptions by supplying...

8.7CVSS5.9AI score0.00427EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/16 9:57 p.m.5 views

CVE-2026-40248 free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...

8.7CVSS5.9AI score0.00427EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/16 9:57 p.m.19 views

CVE-2026-40248 free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...

8.7CVSS0.00427EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/16 9:57 p.m.1 views

CVE-2026-40248

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...

8.7CVSS5.9AI score0.00427EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/16 9:54 p.m.2 views

CVE-2026-40247

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

8.7CVSS5.9AI score0.00493EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder