Lucene search
K

14 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 3:44 p.m.7 views

CVE-2026-44324

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does n...

6.5CVSS6AI score0.0042EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/05/08 10:50 p.m.8 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through improper handling of error conditions in the PatchIndividualApplicationPFDManagement process. An attacker can cause the application to panic and return a 500 Internal Server...

8.7CVSS5.8AI score0.0039EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC 1.4.2 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the UDR service, where open-ended failure request handling was flawed. As a result, the POST handler...

6.9CVSS5.9AI score0.09955EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/18 7:22 a.m.4 views

CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

6.9CVSS6AI score0.00321EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/18 7:22 a.m.5 views

CVE-2026-40246

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

8.7CVSS5.9AI score0.0038EPSS
Exploits1References1
NVD
NVD
added 2026/04/16 10:16 p.m.5 views

CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

6.9CVSS0.00321EPSS
Exploits1References1
NVD
NVD
added 2026/04/16 10:16 p.m.9 views

CVE-2026-40248

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...

8.7CVSS0.00427EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/16 9:59 p.m.3 views

CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

6.9CVSS6AI score0.00321EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/16 9:40 p.m.4 views

CVE-2026-40246

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

8.7CVSS5.9AI score0.0038EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/16 9:40 p.m.7 views

CVE-2026-40246 free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

8.7CVSS5.9AI score0.0038EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.11 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the process of creating or updating traffic-influenced subscriptions in the UDR service. After a verification...

8.7CVSS5.9AI score0.00427EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC such as 1.4.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the UDR service’s handling of traffic affected by subscriptions. After a verification failure, the proce...

8.7CVSS5.8AI score0.0038EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.10 views

PT-2026-32975

Name of the Vulnerable Software and Affected Versions free5GC UDR service versions prior to 4.2.1 Description An improper path validation issue exists in the UDR service. The handler for creating or updating Traffic Influence Subscriptions checks if the influenceId path segment equals...

8.7CVSS6AI score0.00427EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.8 views

PT-2026-21593

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details e.g., invalid character 'n' after top-level value to remote clients...

8.7CVSS5.4AI score0.00275EPSS
Exploits1References5
Rows per page
Query Builder