Lucene search
K

11 matches found

Snyk
Snyk
added last week6 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 3:31 a.m.5 views

GHSA-FXVJ-WQV2-XGCQ AMF Improperly Restricts Operations within the Bounds of a Memory Buffer

A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS5.4AI score0.00303EPSS
Exploits0References8
NVD
NVD
added 2026/05/18 2:16 a.m.22 views

CVE-2026-8779

A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS0.00303EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/18 1:45 a.m.9 views

CVE-2026-8781

A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and ma...

5.3CVSS5.5AI score0.00303EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:45 a.m.10 views

CVE-2026-8274

A security vulnerability has been detected in npitre cramfs-tools up to 2.1. Affected is the function dodirectory of the file cramfsck.c of the component Directory Handler. Such manipulation leads to path traversal. The attack can only be performed from a local environment. The exploit has been...

5.3CVSS5.6AI score0.00173EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 2:56 p.m.10 views

Jervis Has a JWT Algorithm Confusion Vulnerability

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL244-L249 The code doesn't validate that the JWT header specifies "alg":"RS256". Impact Depending on the broader system, this could allow JWT...

6.9CVSS7AI score0.00128EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/01/13 2:53 p.m.4 views

GHSA-36H5-VRQ6-PP34 Jervis's Salt for PBKDF2 derived from password

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL869-L870...

8.7CVSS6.9AI score0.00116EPSS
Exploits0References7
OSV
OSV
added 2025/10/10 8:15 p.m.1 views

DEBIAN-CVE-2025-61919

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefo...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/09/08 8:53 a.m.4 views

CVE-2025-58782

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

6.5CVSS6.6AI score0.01286EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/02/22 12:0 a.m.7 views

PT-2023-20601

Name of the Vulnerable Software and Affected Versions markdown-it-py versions prior to 2.2.0 Description A denial of service could be caused if an attacker is allowed to force null assertions with specially crafted input. Recommendations For versions prior to 2.2.0, update to version 2.2.0 or lat...

7.1CVSS5.5AI score0.00225EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.4 views

PT-2022-8304 · Unknown · Nakiami Mellivora

Name of the Vulnerable Software and Affected Versions: Nakiami Mellivora versions up to 2.1.x Description: A problematic vulnerability was found in the Admin Panel component, specifically in the function print user ip log of the file include/layout/user.inc.php. The manipulation of the argument...

4.8CVSS4.1AI score0.00524EPSS
Exploits0References7
Rows per page
Query Builder