Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,101 - 14,120 of 38,432 CVEs
CVE-2026-44330 CRITICAL - 10.0

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token (e.g. Authorizat...

Vendor: go
Product: github.com/free5gc/nef
Published: May 08, 2026
Source: GitHub
CVE-2026-44329 CRITICAL - 10.0

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, a...

Vendor: go
Product: github.com/free5gc/smf
Published: May 08, 2026
Source: GitHub
CVE-2026-44328 HIGH - 8.2

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/{upNodeRef} handler unconditionally dereferences upNode.UPF after the type-guar...

Vendor: go
Product: github.com/free5gc/smf
Published: May 08, 2026
Source: GitHub
CVE-2026-44327 CRITICAL - 10.0

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the han...

Vendor: go
Product: github.com/free5gc/nef
Published: May 08, 2026
Source: GitHub
CVE-2026-44326 CRITICAL - 9.4

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscript...

Vendor: go
Product: github.com/free5gc/nef
Published: May 08, 2026
Source: GitHub
CVE-2026-44325 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/api_accesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, specia...

Vendor: go
Product: github.com/free5gc/nrf
Published: May 08, 2026
Source: GitHub
CVE-2026-44324 MEDIUM - 6.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueI...

Vendor: go
Product: github.com/free5gc/udr
Published: May 08, 2026
Source: GitHub
CVE-2026-44323 MEDIUM - 4.3

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one...

Vendor: go
Product: github.com/free5gc/udr
Published: May 08, 2026
Source: GitHub
CVE-2026-44322 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != ...

Vendor: go
Product: github.com/free5gc/nef
Published: May 08, 2026
Source: GitHub
CVE-2026-44321 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into UpNodesFrom...

Vendor: go
Product: github.com/free5gc/smf
Published: May 08, 2026
Source: GitHub
CVE-2026-44320 HIGH - 7.3

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token (e.g. Authorization: Bearer not-a-real-token) is enough to reach the SMF-call...

Vendor: go
Product: github.com/free5gc/nef
Published: May 08, 2026
Source: GitHub
CVE-2026-44319 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications(), the notifier calls NnefPFDmanagementNotify(...) and on any delivery...

Vendor: go
Product: github.com/free5gc/nef
Published: May 08, 2026
Source: GitHub
CVE-2026-44318 MEDIUM - 6.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock() via BSFContext.GetSubscription(subId), ...

Vendor: go
Product: github.com/free5gc/bsf
Published: May 08, 2026
Source: GitHub
CVE-2026-44317 MEDIUM - 6.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" (enabling traffic-routing feature negotiation) and whose medC...

Vendor: go
Product: github.com/free5gc/pcf
Published: May 08, 2026
Source: GitHub
CVE-2026-44316 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler (HandleCreateSmPolicyRequest) panics with a nil-pointer dereference when a downstream OpenAPI consumer call (UDR lookup) returns 404 Not Found and the...

Vendor: go
Product: github.com/free5gc/pcf
Published: May 08, 2026
Source: GitHub
CVE-2026-44315 CRITICAL - 9.4

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with...

Vendor: go
Product: github.com/free5gc/nef
Published: May 08, 2026
Source: GitHub
CVE-2026-44309 MEDIUM - 5.3

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git o...

Vendor: go
Product: github.com/sigstore/gitsign
Published: May 08, 2026
Source: GitHub
CVE-2026-44566 HIGH - 7.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with na...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub
CVE-2026-44567 HIGH - 7.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is set...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub
CVE-2026-44549 HIGH - 7.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheet_to_html to embed an XSS payload into the generated HTM...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub