5.3
CVE-2026-3049 - horilla-opensource horilla Query Parameter global_search.py get redirect
A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla_generics/global_search.py of the component Query Parameter Handler. The manipulation of the argument prev_url results in open redirect. The attack can be executed remotely…
6.9
CVE-2026-3046 - itsourcecode E-Logbook with Health Monitoring System for COVID-19 check_profile_old.php sql injecti…
A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This vulnerability affects unknown code of the file /check_profile_old.php. The manipulation of the argument profile_id leads to sql injection. Remote exploitation of the attack is p…
5.3
CVE-2026-24484 - ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
7.5
CVE-2026-24481 - ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containin…
6.5
CVE-2026-21864 - Remote DoS from malformed RESTORE command
Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter (Module) data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted `RESTORE` command can cause Valkey to hit an assertion, causes the server to shutdo…
6.6
CVE-2026-27643 - free5GC has improper error handling in NEF with information exposure
free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details (e.g., invalid character 'n' after top-level value) to remote cli…
6.6
CVE-2026-27642 - free5GC has Improper Input Validation in UDM UEAU Service
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters (e.g., %00) into the supi parameter, triggering internal URL parsing errors (net…
6.6
CVE-2026-26025 - free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and…
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface. No known upstr…
6.6
CVE-2026-26024 - free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and…
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface. No known upstr…
6.6
CVE-2026-25501 - free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.DLDR is se…
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics due to nil pointer dereference and the SMF process terminates. This is triggered by a malformed PFCP SessionReportRequ…