|
1601
|
9.4 |
CRITICAL
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker…
|
CWE-862
Missing Authorization
|
CVE-2026-44315
|
2026-05-29 03:34 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1602
|
7.5 |
HIGH
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler (HandleCreateSmPolicyRequest) panics with a nil-pointe…
|
CWE-476
CWE-754
NULL Pointer Dereference
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-44316
|
2026-05-29 03:31 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1603
|
6.5 |
MEDIUM
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose as…
|
CWE-476
CWE-754
NULL Pointer Dereference
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-44317
|
2026-05-29 03:30 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1604
|
5.3 |
MEDIUM
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write on the global Subscrip…
|
CWE-362
CWE-820
Race Condition
Missing Synchronization
|
CVE-2026-44318
|
2026-05-29 03:24 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1605
|
7.3 |
HIGH
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbi…
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-44320
|
2026-05-29 03:23 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1606
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/edit_customer.php. Such manipulation of the argume…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9446
|
2026-05-29 03:16 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1607
|
8.1 |
HIGH
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse() function in object/saml_sp.go calls sp.RetrieveAssertionInfo() and immedia…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2026-9095
|
2026-05-29 03:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1608
|
- |
|
-
|
-
|
bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corru…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-42250
|
2026-05-29 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1609
|
7.8 |
HIGH
Local
|
-
|
-
|
gix-submodule before 0.29.0 (gitoxide before 0.5.21, gix before 0.84.0) incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration …
|
CWE-77
Command Injection
|
CVE-2026-40034
|
2026-05-29 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1610
|
- |
|
-
|
-
|
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full h…
|
CWE-20
Improper Input Validation
|
CVE-2026-45076
|
2026-05-29 03:03 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
