Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/03/20 7:54 a.m.22 views

CVE-2026-33191 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...

8.7CVSS0.00354EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/24 12:18 a.m.3 views

CVE-2026-27642

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

8.7CVSS5.4AI score0.00506EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/23 11:53 p.m.5 views

CVE-2025-69251 free5GC has Improper Input Validation in UDM, Leading to Information Exposure

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the ueId parameter, triggering internal URL parsing errors net/url:...

8.7CVSS5.5AI score0.00462EPSS
Exploits1References6
CVE
CVE
added 2026/02/23 11:53 p.m.14 views

CVE-2025-69251

The CVE-2025-69251 entry affects free5GC UDM (Nudm_UECM service) in versions up to and including 1.4.1. The issue allows remote attackers to inject control characters (e.g., %00) into the ueId parameter, causing internal URL parsing errors (net/url: invalid control character) and exposing system ...

8.7CVSS5.4AI score0.00462EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.7 views

PT-2026-21580

Name of the Vulnerable Software and Affected Versions free5gc UDM versions up to and including 1.4.1 Description free5gc UDM provides Unified Data Management for free5GC, an open-source 5G mobile core network project. A flaw exists where attackers can inject control characters, such as %00, into...

8.7CVSS5.2AI score0.00462EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2002-1270

Malware in sbrugna...

7.5CVSS6.4AI score0.20503EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-9995

Malware in sbrugna...

7.5CVSS7.4AI score0.01987EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-1771

Malicious code in bioql PyPI...

8.2CVSS8.3AI score0.00846EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-0377

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00797EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/07/01 12:7 p.m.3 views

firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...

6.5CVSS5.8AI score0.00285EPSS
Exploits0References5
Amazon
Amazon
added 2025/03/26 12:0 a.m.5 views

Medium: python3.9

Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 A...

7.8CVSS7.8AI score0.0067EPSS
Exploits0
OSV
OSV
added 2025/03/20 6:48 p.m.6 views

GHSA-Q9F5-625G-XM39 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`

Summary URLs starting with // are not parsed properly, and the request REQUESTFILENAME variable contains a wrong value, leading to potential rules bypass. Details If a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI...

5.4CVSS7.1AI score0.00294EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/11 5:0 a.m.15 views

CVE-2025-1211

Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery SSRF due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host as 127.0.0.1 which is correct, and hackney...

6.5CVSS0.0048EPSS
Exploits0References4
CNVD
CNVD
added 2022/01/18 12:0 a.m.33 views

Apache Knox SSO Cross-Site Scripting Vulnerability

Knox Sso is the Apache Foundation's Web Ui Sso Single Sign-On feature for your cluster. A security vulnerability exists in Apache Knox SSO that stems from a URL parsing error that could craft requests to redirect users to a malicious page. A request containing a specially crafted request paramete...

6.1CVSS5.9AI score0.02579EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2011/09/07 12:0 a.m.27 views

Google Chrome < 13.0.782.215 Multiple Vulnerabilities (Sep 2011) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.2AI score0.02347EPSS
Exploits1References2
Rows per page
Query Builder