| CVE-2026-44604 |
Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command |
28.05.2026 |
|
| CVE-2026-6427 |
a3 Lazy Load <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Element |
28.05.2026 |
6.4 |
| CVE-2026-6455 |
WP Contact Form 7 DB Handler <= 3.0 - Cross-Site Request Forgery to Arbitrary File Deletion via 'contact_form' Parameter |
28.05.2026 |
8.1 |
| CVE-2026-7052 |
HT Contact Form <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field |
28.05.2026 |
7.2 |
| CVE-2026-7552 |
Geo Mashup <= 1.13.19 - Missing Authorization to Unauthenticated Plugin Settings Disclosure via 'geo_mashup_content' Parameter |
28.05.2026 |
5.3 |
| CVE-2026-7621 |
SMTP2GO for WordPress <= 1.16.0 - Missing Authorization to Authenticated (Subscriber+) Log Read/Truncate |
28.05.2026 |
4.3 |
| CVE-2026-7634 |
SlimStat Analytics <= 5.4.11 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header |
28.05.2026 |
7.2 |
| CVE-2026-7651 |
User Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' Parameter |
28.05.2026 |
5.3 |
| CVE-2026-7660 |
Easy Updates Manager <= 9.0.20 - Reflected Cross-Site Scripting via 'paged' Parameter |
28.05.2026 |
6.1 |
| CVE-2026-7797 |
Appointment Booking Calendar <= 1.6.11.8 - Unauthenticated SQL Injection via 'append_where_sql' Parameter |
28.05.2026 |
7.5 |
| CVE-2026-7862 |
Eupago Gateway For Woocommerce < 4.7.2 - Unauthenticated Arbitrary Refund Initiation |
28.05.2026 |
|
| CVE-2026-8682 |
3D Viewer <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification via settings REST endpoint |
28.05.2026 |
4.3 |
| CVE-2026-9227 |
GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter |
28.05.2026 |
8.8 |
| CVE-2026-9618 |
PeachPay <= 1.120.46 - Cross-Site Request Forgery to Stripe Unlink |
28.05.2026 |
4.3 |
| CVE-2026-9806 |
Stored Cross-Site Scripting (XSS) in CTI Transmute Notification Panel via Malicious Convert Names |
28.05.2026 |
|
| CVE-2026-3173 |
Meta Field Block <= 1.5.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary User Meta Exposure |
28.05.2026 |
6.5 |
| CVE-2026-7533 |
Easy Digital Downloads <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking via 'square_tokens' Parameter |
28.05.2026 |
4.3 |
| CVE-2026-9009 |
Crawlomatic Multipage Scraper Post Generator <= 2.7.2 - Authenticated (Author+) Remote Code Execution via 'callback_raw' Shortcode Attribute |
28.05.2026 |
8.8 |
| CVE-2026-9644 |
LiveSmart Video Chat <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
28.05.2026 |
6.4 |
| CVE-2026-9673 |
|
28.05.2026 |
6.8 |
| CVE-2026-9798 |
Keycloak: keycloak: brute-force protection bypass in ciba flow |
28.05.2026 |
|
| CVE-2026-9801 |
Keycloak: keycloak: denial of service via malformed ldap password policy response |
28.05.2026 |
|
| CVE-2026-9802 |
Keycloak: keycloak: unauthorized account access via replayed refresh tokens after cluster restart |
28.05.2026 |
|
| CVE-2026-9803 |
Keycloak: keycloak: denial of service via malformed authorization header |
28.05.2026 |
|
| CVE-2026-2374 |
Login No Captcha reCAPTCHA <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting via PHP_SELF |
28.05.2026 |
7.2 |
| CVE-2026-32995 |
|
28.05.2026 |
|
| CVE-2026-32996 |
|
28.05.2026 |
|
| CVE-2026-32997 |
|
28.05.2026 |
|
| CVE-2026-32998 |
|
28.05.2026 |
|
| CVE-2026-32999 |
|
28.05.2026 |
9.1 |
| CVE-2026-5737 |
Independent Analytics <= 2.14.9 - Unauthenticated Server-Side Request Forgery via Tracking Route |
28.05.2026 |
6.5 |
| CVE-2026-7802 |
Frontend Admin by DynamiApps <= 3.29.2 - Missing Authorization to Authenticated (Subscriber+) Account Takeover via 'user_id' URL Query Parameter |
28.05.2026 |
8.8 |
| CVE-2026-9228 |
Timetable and Event Schedule by MotoPress <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via action_get_event_data Function |
28.05.2026 |
4.3 |
| CVE-2026-9241 |
FOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter |
28.05.2026 |
4.3 |
| CVE-2026-9791 |
Keycloak-rhel9: organization data leak after feature disabled in keycloak |
28.05.2026 |
|
| CVE-2026-9792 |
Keycloak: keycloak: security restriction bypass allows unauthorized ropc token acquisition |
28.05.2026 |
|
| CVE-2026-9793 |
Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing |
28.05.2026 |
|
| CVE-2026-9794 |
Keycloak: keycloak: information disclosure via saml ecp endpoint |
28.05.2026 |
|
| CVE-2026-9795 |
Keycloak: keycloak: privilege escalation via improper scope mapping enforcement |
28.05.2026 |
|
| CVE-2026-9796 |
Keycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnerability |
28.05.2026 |
|
| CVE-2026-9789 |
NitroSense V3: Security Vulnerability Information |
28.05.2026 |
|
| CVE-2026-8915 |
|
28.05.2026 |
8.8 |
| CVE-2026-4888 |
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending |
28.05.2026 |
4.3 |
| CVE-2026-45322 |
OS Command Injection in Microsoft UFO Shell Action Replay via Stored Session JSON |
27.05.2026 |
7.8 |
| CVE-2026-46402 |
Microsoft UFO uses untrusted task_name in log paths, allowing authenticated path traversal and log file creation outside the logs directory |
27.05.2026 |
8.1 |
| CVE-2026-46414 |
Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking |
27.05.2026 |
8.8 |
| CVE-2026-46416 |
Microsoft UFO shared WebSocket handler state causes cross-client response hijacking |
27.05.2026 |
6.3 |
| CVE-2026-46538 |
Microsoft UFO accepts cross-device TASK_END messages by session_id only, allowing peer task-result injection |
27.05.2026 |
5.9 |
| CVE-2026-46544 |
Microsoft UFO reuses client-supplied WebSocket session IDs and replays stale task results to new authenticated requesters |
27.05.2026 |
5.3 |
| CVE-2026-9739 |
|
27.05.2026 |
|
| CVE-2026-44247 |
Volcano: Webhook server vulnerable to OOM due to unbounded HTTP request body size |
27.05.2026 |
6.8 |
| CVE-2026-44720 |
OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover |
27.05.2026 |
|
| CVE-2026-45083 |
Goobi viewer: Unauthenticated Solr Streaming Expression Proxy |
27.05.2026 |
9.8 |
| CVE-2026-45152 |
uniget: Command Injection in tool.Check Leading to Arbitrary Code Execution |
27.05.2026 |
7.8 |
| CVE-2026-9208 |
Tanium addressed an unauthorized code execution vulnerability in Connect. |
27.05.2026 |
8.8 |
| CVE-2026-21785 |
HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy |
27.05.2026 |
4 |
| CVE-2026-44660 |
UltraJSON: Memory Leak in ujson.dump() on Write Failure |
27.05.2026 |
|
| CVE-2026-44709 |
pam_usb: PINENTRY_FALLBACK_APP environment variable allows arbitrary command execution |
27.05.2026 |
7.8 |
| CVE-2026-44710 |
pam_usb: NULL pointer dereference from UDisks device fields causes PAM crash and login denial-of-service |
27.05.2026 |
4.6 |
| CVE-2026-44711 |
pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption |
27.05.2026 |
7.9 |
| CVE-2026-44712 |
pam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agent |
27.05.2026 |
8.2 |
| CVE-2026-44713 |
pam_usb: Command injection via $TMUX environment variable leads to RCE as root |
27.05.2026 |
8.8 |
| CVE-2026-45136 |
claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh |
27.05.2026 |
|
| CVE-2026-45137 |
Anchor: Program<'info, System> is not properly validated |
27.05.2026 |
8.2 |
| CVE-2026-47269 |
pam_usb: deny_remote feature incorrectly classifies IPv4-mapped IPv6 remote connections as local |
27.05.2026 |
7.4 |
| CVE-2026-47270 |
pam_usb: strtok() race condition in multi-threaded PAM hosts can corrupt deny_remote result |
27.05.2026 |
6.3 |
| CVE-2026-44590 |
Sherlock: Command Injection via pull_request_target in validate_modified_targets.yml |
27.05.2026 |
9.3 |
| CVE-2026-44724 |
systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name |
27.05.2026 |
7.8 |
| CVE-2026-45134 |
LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning |
27.05.2026 |
7.1 |
| CVE-2026-47271 |
pam_usb: OOM guards removed by -DNDEBUG cause NULL dereference and authentication process crash |
27.05.2026 |
5.1 |
| CVE-2026-47272 |
pam_usb: OTP pad authentication bypass via missing system pad check and uninitialized RNG buffer |
27.05.2026 |
7.1 |
| CVE-2026-47273 |
pam_usb: XPath injection via PAM-supplied identifiers in pam_usb configuration queries |
27.05.2026 |
6.5 |
| CVE-2026-47274 |
pam_usb: Uncontrolled search path in pam_usb tools allows privilege escalation via PATH manipulation |
27.05.2026 |
6.3 |
| CVE-2026-48064 |
pam_usb: PAM_RHOST check skipped when deny_remote=false allows XDMCP authentication bypass |
27.05.2026 |
8.1 |
| CVE-2026-48065 |
pam_usb: Unchecked integer multiplication before xmalloc() in conf.c allows heap-based buffer overflow on 32-bit targets |
27.05.2026 |
6.7 |
| CVE-2026-48066 |
pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication |
27.05.2026 |
5.7 |
| CVE-2026-48792 |
pam_usb: pusb_has_virtual_input_device() silently discards EACCES, disabling remote desktop detection under non-root execution |
27.05.2026 |
4.4 |
| CVE-2026-8359 |
Gladinet Triofox WOSHttpStatusModule.dll NULL Function Pointer Call DoS |
27.05.2026 |
7.5 |
| CVE-2026-8360 |
Gladinet Triofox Unchecked Return Value to NULL Pointer Dereference DOS |
27.05.2026 |
7.5 |
| CVE-2026-8361 |
Gladinet Triofox Path Traversal in WOSDefaultHttpModule.dll |
27.05.2026 |
7.5 |
| CVE-2026-8362 |
Gladinet Triofox Stack-based Buffer Overflow in WOSDefaultHttpModule.dll |
28.05.2026 |
9.8 |
| CVE-2026-8363 |
Gladinet Triofox Stack-based Buffer Overflow in WOSDeviceDropFolder.dll |
28.05.2026 |
9.8 |
| CVE-2026-8364 |
Gladinet Triofox Missing Authentication for Critical Functions |
28.05.2026 |
9.8 |
| CVE-2026-33552 |
|
27.05.2026 |
|
| CVE-2026-42197 |
RELATE Vulnerable to Stored XSS via Unprivileged User Profile |
27.05.2026 |
8.7 |
| CVE-2026-42877 |
FacturaScripts: Stored XSS via product reference in sales/purchases |
27.05.2026 |
5.4 |
| CVE-2026-44681 |
Authlib: Open Redirect in Authlib OIDC Implicit/Hybrid Authorization |
27.05.2026 |
6.1 |
| CVE-2026-44886 |
Pi.Alert: Web Interface Vulnerable to Unauthenticated Blind SQL Injection |
27.05.2026 |
|
| CVE-2026-44887 |
Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Path) |
27.05.2026 |
9.8 |
| CVE-2026-44888 |
Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Interger) |
27.05.2026 |
9.8 |
| CVE-2026-45102 |
OneUptime: RCE due to Node.js' vm module escape via error objects and infinite recursion |
27.05.2026 |
9.9 |
| CVE-2026-45104 |
MapServer: NULL pointer dereference in SLD `<ElseFilter>` rule parsing reachable via WMS `SLD_BODY` |
27.05.2026 |
7.5 |
| CVE-2026-45108 |
Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow |
27.05.2026 |
8.4 |
| CVE-2026-47161 |
RELATE Vulnerable to Remote Code Execution (RCE) via Insecure Celery Pickle Deserialization |
27.05.2026 |
|
| CVE-2026-49009 |
|
27.05.2026 |
|
| CVE-2026-9759 |
NULL Pointer Dereference in Wireshark |
27.05.2026 |
5.5 |
| CVE-2026-1402 |
Allocation of Resources Without Limits or Throttling in GitLab |
27.05.2026 |
6.5 |
| CVE-2026-2601 |
Missing Authorization in GitLab |
27.05.2026 |
4.3 |
| CVE-2026-42878 |
FacturaScripts: Unauthenticated phpinfo() Disclosure via Installer Endpoint in FacturaScripts |
27.05.2026 |
5.3 |
| CVE-2026-42879 |
FacturaScripts: Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images |
27.05.2026 |
6.3 |
| CVE-2026-44635 |
Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()` |
27.05.2026 |
7.5 |
| CVE-2026-45046 |
Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content |
27.05.2026 |
5.5 |
| CVE-2026-4868 |
Authorization Bypass Through User-Controlled Key in GitLab |
28.05.2026 |
8.2 |
| CVE-2026-5296 |
Missing Authorization in GitLab |
27.05.2026 |
4.3 |
| CVE-2026-6713 |
Incorrect Authorization in GitLab |
27.05.2026 |
5.3 |
| CVE-2026-8716 |
Use of Incorrectly-Resolved Name or Reference in GitLab |
27.05.2026 |
4.3 |
| CVE-2025-67903 |
|
27.05.2026 |
|
| CVE-2025-69600 |
|
27.05.2026 |
|
| CVE-2026-38807 |
|
27.05.2026 |
|
| CVE-2026-38808 |
|
27.05.2026 |
|
| CVE-2026-42328 |
go-ipld-prime: DAG-CBOR and DAG-JSON decoders unbounded recursion depth |
27.05.2026 |
6.2 |
| CVE-2026-42553 |
Cinny: Access token disclosure via invalidated emoji pack avatar URL in service worker |
27.05.2026 |
|
| CVE-2026-44345 |
BentoML: Dockerfile command injection via docker.base_image |
27.05.2026 |
8.8 |
| CVE-2026-44346 |
BentoML: Dockerfile command injection via envs[*].name in bentofile.yaml |
27.05.2026 |
8.8 |
| CVE-2026-44378 |
Botan: Quadratic complexity decoding BER indefinite length encodings |
27.05.2026 |
|
| CVE-2026-44460 |
FileRise: TOTP Bypass via Setup Endpoint Disclosing Existing Secret |
27.05.2026 |
7.4 |
| CVE-2026-44521 |
elFinder: SQL Injection MySQL Volume Driver (elFinderVolumeMySQL) |
27.05.2026 |
8.8 |
| CVE-2026-45047 |
bird-lg-go: Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding |
27.05.2026 |
7.5 |
| CVE-2026-45061 |
Budibase: SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`) |
27.05.2026 |
7.7 |
| CVE-2026-45081 |
Frappe HR: Permission Bypass in HRMS Leave Details API |
27.05.2026 |
6.5 |
| CVE-2026-45087 |
Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode |
27.05.2026 |
10 |
| CVE-2026-45088 |
Dalfox: Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` in Dalfox Server Mode |
27.05.2026 |
7.5 |
| CVE-2026-45089 |
Dalfox: Unauthenticated Arbitrary File Create/Append via `output` Option in Dalfox Server Mode |
27.05.2026 |
8.2 |
| CVE-2026-45090 |
Dalfox: Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode) |
27.05.2026 |
7.5 |
| CVE-2026-45548 |
Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation |
27.05.2026 |
7.7 |
| CVE-2026-45715 |
Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration |
27.05.2026 |
7.7 |
| CVE-2026-45716 |
Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration |
27.05.2026 |
8.8 |
| CVE-2026-45717 |
Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL. |
27.05.2026 |
8.8 |
| CVE-2026-45718 |
Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows |
27.05.2026 |
5.4 |
| CVE-2026-45719 |
Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API |
27.05.2026 |
6.5 |
| CVE-2026-46424 |
Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour |
27.05.2026 |
4.2 |
| CVE-2026-46425 |
Budibase: SCIM endpoints lack role-based authorization, BASIC users CRUD tenant users |
27.05.2026 |
9.9 |
| CVE-2026-46426 |
Budibase: Unrestricted Upload of File with Dangerous Type |
27.05.2026 |
7.6 |
| CVE-2026-46427 |
Budibase: Snowflake private key returned unmasked from datasource API to BASIC users |
27.05.2026 |
7.7 |
| CVE-2026-48128 |
Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step |
27.05.2026 |
|
| CVE-2026-48146 |
Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection |
27.05.2026 |
7.7 |
| CVE-2026-48147 |
Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker |
27.05.2026 |
6.5 |
| CVE-2026-48148 |
Budibase: Unvalidated VectorDB Host Parameter Enables SSRF |
27.05.2026 |
|
| CVE-2026-48149 |
Budibase: Stored XSS in Text component: BASIC users execute JS in admin session via MarkdownViewer innerHTML + CDN+srcdoc CSP bypass |
27.05.2026 |
8.1 |
| CVE-2026-48150 |
Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign |
27.05.2026 |
9 |
| CVE-2026-48151 |
Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema |
27.05.2026 |
7.5 |
| CVE-2026-48152 |
Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL |
27.05.2026 |
8.1 |
| CVE-2026-48153 |
Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata |
27.05.2026 |
8.5 |
| CVE-2026-4390 |
TeamSpeak 3 Server Connection State Management process_resend_queue use after free |
27.05.2026 |
|
| CVE-2026-4391 |
TeamSpeak 3 Server ECC Key heap-based overflow |
27.05.2026 |
|
| CVE-2026-4392 |
TeamSpeak 3 Server clientek Handshake assertion |
27.05.2026 |
|
| CVE-2026-5509 |
Arbitrary Command Injection via Browser Developer Console in TP-Link Archer BE450 and BE7200 |
28.05.2026 |
|
| CVE-2025-68712 |
|
27.05.2026 |
|
| CVE-2025-70116 |
|
27.05.2026 |
|
| CVE-2026-38930 |
|
27.05.2026 |
|
| CVE-2026-38931 |
|
27.05.2026 |
|
| CVE-2026-38945 |
|
27.05.2026 |
|
| CVE-2026-42081 |
free5GC: UE Security Capability bypass on NGAP PathSwitchRequest |
27.05.2026 |
6.1 |
| CVE-2026-42082 |
free5GC: Missing Concurrent NAS SMC Validation During NGAP Handover |
27.05.2026 |
3.7 |
| CVE-2026-42083 |
free5GC: PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI |
27.05.2026 |
8.2 |
| CVE-2026-42459 |
free5GC: Improper Input Validation and Generation of Error Message Containing Sensitive Information in github.com/free5gc/udm |
27.05.2026 |
|
| CVE-2026-42790 |
nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification |
28.05.2026 |
|
| CVE-2026-44315 |
free5GC: NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions |
27.05.2026 |
9.4 |
| CVE-2026-44316 |
free5GC: PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference |
27.05.2026 |
7.5 |
| CVE-2026-44317 |
free5GC: PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference |
27.05.2026 |
6.5 |
| CVE-2026-44319 |
free5GC: NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri) |
27.05.2026 |
7.5 |
| CVE-2026-44320 |
free5GC: NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path |
27.05.2026 |
7.3 |
| CVE-2026-44321 |
free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf) |
27.05.2026 |
7.5 |
| CVE-2026-44322 |
free5GC: NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference |
27.05.2026 |
7.5 |
| CVE-2026-44323 |
free5GC: UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference) |
27.05.2026 |
4.3 |
| CVE-2026-44324 |
free5GC: UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request) |
27.05.2026 |
6.5 |
| CVE-2026-44325 |
free5GC: NRF POST /oauth2/token structured-form parser type-confusion panic family (Reflect.Set on incompatible types) |
27.05.2026 |
7.5 |
| CVE-2026-44326 |
free5GC: NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions |
27.05.2026 |
9.4 |
| CVE-2026-44327 |
free5GC: NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler |
27.05.2026 |
10 |
| CVE-2026-44328 |
free5GC: SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating |
27.05.2026 |
8.2 |
| CVE-2026-44329 |
free5GC: SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers |
27.05.2026 |
10 |
| CVE-2026-48027 |
Compromised Nx Console version 18.95.0 |
28.05.2026 |
|