Latest CVE Vulnerabilities

4.3 MEDIUM

CVE-2026-49054 — WordPress The Post Grid plugin <= 7.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Post Grid: from n/a through 7.9.2.

Remote | Authorization

May 27, 2026 May 27, 2026

May 27, 2026

9.8 CRITICAL

CVE-2026-48027 — Nx Console Embedded Malicious Code Vulnerability - [Actively Exploited]

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available…

nx_console | CISA KEV Remote | Supply Chain

May 27, 2026 May 27, 2026

May 27, 2026

5.4 MEDIUM

CVE-2026-45335 — WeGIA: Middleware whitelist bypass → open redirect via InternoControle.nextPage

WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically th…

wegia | Remote | Misconfiguration

May 27, 2026 May 28, 2026

May 27, 2026

May 28, 2026

5.9 MEDIUM

CVE-2026-45027 — WeGIA: Use of Weak Password Hashing Algorithm (SHA-256, no salt) in html/login.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash() function with the SHA-256 algorith…

wegia | Remote | Cryptography

May 27, 2026 May 27, 2026

May 27, 2026

8.2 HIGH

CVE-2026-44483 — RVF: Prototype pollution in @rvf/set-get reachable via @rvf/core preprocessFormData (HTTP…

RVF (formerly Remix Validated Form) provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get (used by @rvf/core to flatten incoming …

Remote | Injection

May 27, 2026 Jun 01, 2026

May 27, 2026

Jun 01, 2026

6.1 MEDIUM

CVE-2026-44475 — Ella Core: UE Security Capability bypass on NGAP PathSwitchRequest

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored va…

ella_core | Authentication

May 27, 2026 May 27, 2026

May 27, 2026

3.7 LOW

CVE-2026-44474 — Ella Core: Handover failures during concurrent Security Mode Command

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could se…

ella_core | Race Condition

May 27, 2026 May 27, 2026

May 27, 2026

7.1 HIGH

CVE-2026-44473 — Ella Core: UE Downlink Redirection via Forged PDUSessionResourceSetupResponse

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does…

ella_core | Authentication

May 27, 2026 May 27, 2026

May 27, 2026

6.5 MEDIUM

CVE-2026-44353 — Streamlink: Arbitrary local file read via file:// URI in HLS and DASH

Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries an…

streamlink | Remote | Path Traversal

May 27, 2026 Jun 01, 2026

May 27, 2026

Jun 01, 2026

10.0 CRITICAL

CVE-2026-44330 — free5GC: NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD…

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network a…

free5gc | Remote | Authentication

May 27, 2026 May 28, 2026

May 27, 2026

May 28, 2026

10.0 CRITICAL

CVE-2026-44329 — free5GC: SMF UPI management interface lacks auth middleware; unauthenticated topology rea…

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network at…

free5gc | Remote | Authorization

May 27, 2026 May 28, 2026

May 27, 2026

May 28, 2026

8.2 HIGH

CVE-2026-44328 — free5GC: SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF…

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi…

free5gc | Remote | Denial of Service

May 27, 2026 May 28, 2026

May 27, 2026

May 28, 2026

10.0 CRITICAL

CVE-2026-44327 — free5GC: NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM han…

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker wh…

free5gc | Remote | Authorization

May 27, 2026 May 28, 2026

May 27, 2026

May 28, 2026

9.4 CRITICAL

CVE-2026-44326 — free5GC: NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer toke…

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attac…

free5gc | Remote | Authentication

May 27, 2026 May 28, 2026

May 27, 2026

May 28, 2026

7.5 HIGH

CVE-2026-44325 — free5GC: NRF POST /oauth2/token structured-form parser type-confusion panic family (Refle…

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in N…

free5gc | Remote | Memory Corruption

May 27, 2026 May 28, 2026

May 27, 2026

May 28, 2026

6.5 MEDIUM

CVE-2026-44324 — free5GC: UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interfac…

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions han…

free5gc | Remote | Denial of Service

May 27, 2026 May 28, 2026

May 27, 2026

May 28, 2026

6.5 MEDIUM

CVE-2026-44323 — free5GC: UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exis…

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions han…

free5gc | Remote | Information Disclosure

May 27, 2026 May 28, 2026

May 27, 2026

May 28, 2026

7.5 HIGH

CVE-2026-44322 — free5GC: NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure …

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} handler panics with a n…

free5gc | Remote | Information Disclosure

May 27, 2026 May 28, 2026

May 27, 2026

May 28, 2026

7.5 HIGH

CVE-2026-44321 — free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools …

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks c…

free5gc | Remote | Denial of Service

May 27, 2026 May 28, 2026

May 27, 2026

May 28, 2026

7.3 HIGH

CVE-2026-44320 — free5GC: NEF nnef-callback route group is unauthenticated; forged callback requests are a…

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbi…

free5gc | Remote | Authentication

May 27, 2026 May 28, 2026

May 27, 2026

May 28, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences