CVEs from 2026
Total
14,084
critical
critical 1,231
high
high 4,631
medium
medium 4,442
low
low 483
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 505
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45448 | medium | 4.3 | 4.3 | 19d ago | CWE-601 URL redirection to untrusted site ('open redirect') | |||
| CVE-2026-44374 | medium | 4.3 | 4.3 | 19d ago | Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permissi… | |||
| CVE-2026-6575 | medium | 4.3 | 4.3 | 20d ago | Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintain… | |||
| CVE-2026-6474 | medium | 4.3 | 4.3 | 20d ago | Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 1… | |||
| CVE-2026-5365 | medium | 4.3 | 4.3 | 20d ago | The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the request_cancellation() funct… | |||
| CVE-2026-8144 | medium | 4.3 | 4.3 | 20d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with projec… | |||
| CVE-2026-6883 | medium | 4.3 | 4.3 | 20d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merg… | |||
| CVE-2026-6063 | medium | 4.3 | 4.3 | 20d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authent… | |||
| CVE-2026-3607 | medium | 4.3 | 4.3 | 20d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with develo… | |||
| CVE-2026-3074 | medium | 4.3 | 4.3 | 20d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to downlo… | |||
| CVE-2026-3073 | medium | 4.3 | 4.3 | 20d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with develo… | |||
| CVE-2026-1338 | medium | 4.3 | 4.3 | 20d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with devel… | |||
| CVE-2026-7648 | medium | 4.3 | 4.3 | 20d ago | The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. … | |||
| CVE-2026-7525 | medium | 4.3 | 4.3 | 20d ago | The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying tha… | |||
| CVE-2026-44919 | medium | 4.3 | 4.3 | 20d ago | OpenStack Ironic: Pre-Validation Checksum Calculation allows Denial of Service (DoS) via Infinite Block Devices | |||
| CVE-2026-44441 | medium | 4.3 | 4.3 | 20d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making… | |||
| CVE-2026-28374 | medium | 4.3 | 4.3 | 20d ago | Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations. | |||
| CVE-2026-30904 | medium | 4.3 | 4.3 | 20d ago | Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access. | |||
| CVE-2026-44458 | medium | 4.3 | 4.3 | 20d ago | Hono has CSS Declaration Injection via Style Object Values in JSX SSR | |||
| CVE-2026-42058 | medium | 4.3 | 4.3 | 20d ago | An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names. Note: Software versions which have reached End of Technic… | |||
| CVE-2026-4607 | medium | 4.3 | 4.3 | 21d ago | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properl… | |||
| CVE-2026-42961 | medium | 4.3 | 4.3 | 21d ago | ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to… | |||
| CVE-2026-42950 | medium | 4.3 | 4.3 | 21d ago | ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may be… | |||
| CVE-2026-3426 | medium | 4.3 | 4.3 | 21d ago | The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save_widget() and reset_all_widgets() functions in all … | |||
| CVE-2026-28971 | medium | 4.3 | 4.3 | 21d ago | visionOS 26.5 | |||
| CVE-2026-28901 | medium | 4.3 | 4.3 | 21d ago | visionOS 26.5 | |||
| CVE-2026-28917 | medium | 4.3 | 4.3 | 21d ago | visionOS 26.5 | |||
| CVE-2026-34656 | medium | 4.3 | 4.3 | 21d ago | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature by… | |||
| CVE-2026-5146 | medium | 4.3 | 4.3 | 21d ago | Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session v… | |||
| CVE-2026-42541 | medium | 4.3 | 4.3 | 21d ago | Kubewarden vulnerable to RBAC Reconnaissance via unchecked can_i host capability call | |||
| CVE-2026-40421 | medium | 4.3 | 4.3 | 21d ago | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-40416 | medium | 4.3 | 4.3 | 21d ago | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-35429 | medium | 4.3 | 4.3 | 21d ago | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-32175 | medium | 4.3 | 4.3 | 21d ago | A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to ce… | |||
| CVE-2026-8407 | medium | 4.3 | 4.3 | 21d ago | Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and recovery codes via crafted re… | |||
| CVE-2026-42006 | medium | 4.3 | 4.3 | 22d ago | An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left op… | |||
| CVE-2026-40020 | medium | 4.3 | 4.3 | 22d ago | Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is lim… | |||
| CVE-2026-1934 | medium | 4.3 | 4.3 | 22d ago | The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the s… | |||
| CVE-2026-7616 | medium | 4.3 | 4.3 | 22d ago | The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyi_admin… | |||
| CVE-2026-7562 | medium | 4.3 | 4.3 | 22d ago | The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form a… | |||
| CVE-2026-7050 | medium | 4.3 | 4.3 | 22d ago | The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perf… | |||
| CVE-2026-6932 | medium | 4.3 | 4.3 | 22d ago | The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings u… | |||
| CVE-2026-6710 | medium | 4.3 | 4.3 | 22d ago | The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the Skysa… | |||
| CVE-2026-6709 | medium | 4.3 | 4.3 | 22d ago | The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce… | |||
| CVE-2026-4301 | medium | 4.3 | 4.3 | 22d ago | The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr_review() AJAX handler la… | |||
| CVE-2026-40136 | medium | 4.3 | 4.3 | 22d ago | SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromis… | |||
| CVE-2026-40134 | medium | 4.3 | 4.3 | 22d ago | Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operatio… | |||
| CVE-2026-40129 | medium | 4.3 | 4.3 | 22d ago | Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processe… | |||
| CVE-2026-8349 | medium | 4.3 | 4.3 | 22d ago | omec-project amf crashes when processing malformed LocationReports | |||
| CVE-2026-42885 | medium | 4.3 | 4.3 | 22d ago | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a resolved file path is within a … | |||
| CVE-2026-42884 | medium | 4.3 | 4.3 | 22d ago | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking w… | |||
| CVE-2026-42565 | medium | 4.3 | 4.3 | 22d ago | @workos/authkit-session has an Open Redirect via state-derived redirect target | |||
| CVE-2026-34754 | medium | 4.3 | 4.3 | 22d ago | MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API | |||
| CVE-2026-44997 | medium | 4.3 | 4.3 | 22d ago | OpenClaw's ACP child sessions inherit subagent security envelope constraints | |||
| CVE-2026-42865 | medium | 4.3 | 4.3 | 22d ago | Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated… | |||
| CVE-2026-44198 | medium | 4.3 | 4.3 | 22d ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, … | |||
| CVE-2026-39869 | medium | 4.3 | 4.3 | 23d ago | visionOS 26.5 | |||
| CVE-2026-8195 | medium | 4.3 | 4.3 | 24d ago | A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/C… | |||
| CVE-2026-8194 | medium | 4.3 | 4.3 | 24d ago | A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argu… | |||
| CVE-2026-6667 | medium | 4.3 | 4.3 | 25d ago | PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization)… | |||
| CVE-2026-42456 | medium | 4.3 | 4.3 | 25d ago | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLL… | |||
| CVE-2026-42282 | medium | 4.3 | 4.3 | 25d ago | n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode | |||
| CVE-2026-44557 | medium | 4.3 | 4.3 | 25d ago | Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection | |||
| CVE-2026-42276 | medium | 4.3 | 4.3 | 26d ago | Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session_id} endpoint lets any authenticated user stop any other user's active cha… | |||
| CVE-2026-8117 | medium | 4.3 | 4.3 | 26d ago | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument p… | |||
| CVE-2026-44263 | medium | 4.3 | 4.3 | 26d ago | Weblate Vulnerable to Private Translation Enumeration via Screenshot API | |||
| CVE-2026-41687 | medium | 4.3 | 4.3 | 26d ago | Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php (line 42) and endpoints/payments/add.php (line 40)… | |||
| CVE-2026-41685 | medium | 4.3 | 4.3 | 27d ago | Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking … | |||
| CVE-2026-27415 | medium | 4.3 | 4.3 | 27d ago | Cross-Site Request Forgery (CSRF) vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5. | |||
| CVE-2026-44264 | medium | 4.3 | 4.3 | 27d ago | Weblate vulnerable to XSS via crafted Markdown | |||
| CVE-2026-44111 | medium | 4.3 | 4.3 | 27d ago | OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with… | |||
| CVE-2026-8014 | medium | 4.3 | 4.3 | 27d ago | Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-8013 | medium | 4.3 | 4.3 | 27d ago | Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: L… | |||
| CVE-2026-8011 | medium | 4.3 | 4.3 | 27d ago | Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-8005 | medium | 4.3 | 4.3 | 27d ago | Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic.… | |||
| CVE-2026-8004 | medium | 4.3 | 4.3 | 27d ago | Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted C… | |||
| CVE-2026-7999 | medium | 4.3 | 4.3 | 27d ago | Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium… | |||
| CVE-2026-7986 | medium | 4.3 | 4.3 | 27d ago | Insufficient policy enforcement in Autofill in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7983 | medium | 4.3 | 4.3 | 27d ago | Out of bounds read in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7979 | medium | 4.3 | 4.3 | 27d ago | Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7972 | medium | 4.3 | 4.3 | 27d ago | Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium securi… | |||
| CVE-2026-7969 | medium | 4.3 | 4.3 | 27d ago | Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium … | |||
| CVE-2026-7961 | medium | 4.3 | 4.3 | 27d ago | Insufficient validation of untrusted input in Permissions in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to leak cross-origin data via malicious network traf… | |||
| CVE-2026-7946 | medium | 4.3 | 4.3 | 27d ago | Insufficient policy enforcement in WebUI in Google Chrome on Linux, Mac, Windows, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site iso… | |||
| CVE-2026-7942 | medium | 4.3 | 4.3 | 27d ago | Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7936 | medium | 4.3 | 4.3 | 27d ago | Object lifecycle issue in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7933 | medium | 4.3 | 4.3 | 27d ago | Out of bounds read in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Medium) | |||
| CVE-2026-7915 | medium | 4.3 | 4.3 | 27d ago | Insufficient data validation in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security sev… | |||
| CVE-2026-7904 | medium | 4.3 | 4.3 | 27d ago | Out of bounds read in Fonts in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-20193 | medium | 4.3 | 4.3 | 27d ago | A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive inf… | |||
| CVE-2026-20189 | medium | 4.3 | 4.3 | 27d ago | A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulner… | |||
| CVE-2026-20172 | medium | 4.3 | 4.3 | 27d ago | A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the a… | |||
| CVE-2026-8027 | medium | 4.3 | 4.3 | 27d ago | A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argumen… | |||
| CVE-2026-2306 | medium | 4.3 | 4.3 | 28d ago | The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the `createFluentCartTable` function in al… | |||
| CVE-2026-43882 | medium | 4.3 | 4.3 | 28d ago | AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event Spoofing | |||
| CVE-2026-3601 | medium | 4.3 | 4.3 | 29d ago | The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `embed_form_action()` function in all versions up t… | |||
| CVE-2026-6701 | medium | 4.3 | 4.3 | 29d ago | The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This… | |||
| CVE-2026-6700 | medium | 4.3 | 4.3 | 29d ago | The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the settings_page_… | |||
| CVE-2026-7781 | medium | 4.3 | 4.3 | 29d ago | A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handle_amf_registration_update of the file /src/udm/nudm-handler.c of the compo… | |||
| CVE-2026-7780 | medium | 4.3 | 4.3 | 29d ago | A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational of the file /src/udm/udm-sm.c of the component smf-registrations Endpoint. … |