CVE & Exploit Intelligence Database

CVE-2025-47384 6.5 MEDIUM EPSS 0.00

Transient DOS when MAC configures config id greater than supported maximum value.

CWE-617 Mar 02, 2026

CVE-2025-47371 6.5 MEDIUM EPSS 0.00

Transient DOS when an LTE RLC packet with invalid TB is received by UE.

CWE-617 Mar 02, 2026

CVE-2026-27809 9.1 CRITICAL 1 Writeup EPSS 0.00

psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data (e.g. a literal run that extends past the expected row size), decode_rle() raises ValueError which propagated all the way to the user, crashing psd.composite() and psd-tools export. decompress() already had a fallback that replaces failed channels with black pixels when result is None, but it never triggered because the ValueError from decode_rle() was not caught. The fix in version 1.12.2 wraps the decode_rle() call in a try/except so the existing fallback handles the error gracefully.

CWE-190 Feb 26, 2026

CVE-2026-27015 6.5 MEDIUM 1 Writeup EPSS 0.00

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in `smartcard_unpack_read_size_align()` (`libfreerdp/utils/smartcard_pack.c:1703`) allows a malicious RDP server to crash the FreeRDP client via a reachable `WINPR_ASSERT` → `abort()`. The crash occurs in upstream builds where `WITH_VERBOSE_WINPR_ASSERT=ON` (default in FreeRDP 3.22.0 / current WinPR CMake defaults). Smartcard redirection must be explicitly enabled by the user (e.g., `xfreerdp /smartcard`; `/smartcard-logon` implies `/smartcard`). Version 3.23.0 fixes the issue.

CWE-617 Feb 25, 2026

CVE-2026-2523 5.3 MEDIUM EPSS 0.00

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE-617 Feb 16, 2026

CVE-2025-48023 6.5 MEDIUM EPSS 0.00

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

CWE-617 Feb 13, 2026

CVE-2025-48020 6.5 MEDIUM EPSS 0.00

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

CWE-617 Feb 13, 2026

CVE-2025-48019 6.5 MEDIUM EPSS 0.00

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

CWE-617 Feb 13, 2026

CVE-2026-25610 6.5 MEDIUM EPSS 0.00

An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints.

CWE-617 Feb 10, 2026

CVE-2025-12131 6.5 MEDIUM EPSS 0.00

A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service.

CWE-617 Feb 05, 2026

CVE-2026-20422 6.5 MEDIUM EPSS 0.00

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919.

CWE-617 Feb 02, 2026

CVE-2026-20405 6.5 MEDIUM EPSS 0.00

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818.

CWE-617 Feb 02, 2026

CVE-2026-20401 7.5 HIGH EPSS 0.00

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738310; Issue ID: MSV-5933.

CWE-754 Feb 02, 2026

CVE-2026-1738 5.3 MEDIUM EPSS 0.00

A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be executed remotely. The exploit has been published and may be used. It is advisable to implement a patch to correct this issue. The issue report is flagged as already-fixed.

CWE-617 Feb 02, 2026

CVE-2026-1737 5.3 MEDIUM EPSS 0.00

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function sgwc_s5c_handle_create_bearer_request of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing a manipulation results in reachable assertion. Remote exploitation of the attack is possible. The exploit is now public and may be used. To fix this issue, it is recommended to deploy a patch. The issue report is flagged as already-fixed.

CWE-617 Feb 02, 2026

CVE-2026-1736 5.3 MEDIUM EPSS 0.00

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. A patch should be applied to remediate this issue. The issue report is flagged as already-fixed.

CWE-617 Feb 02, 2026

CVE-2025-15497 EPSS 0.00

Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service

CWE-617 Jan 30, 2026

CVE-2026-24826 EPSS 0.00

Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects .

CWE-908 Jan 27, 2026

CVE-2026-22990 5.5 MEDIUM EPSS 0.00

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the incremental osdmap to be invalid.

CWE-617 Jan 23, 2026

CVE-2026-23991 5.9 MEDIUM 1 Writeup EPSS 0.00

go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository (or any of its mirrors) returns invalid TUF metadata JSON (valid JSON but not well formed TUF metadata), the client will panic during parsing, causing a denial of service. The panic happens before any signature is validated. This means that a compromised repository/mirror/cache can DoS clients without having access to any signing key. Version 2.3.1 fixes the issue. No known workarounds are available.

CWE-754 Jan 22, 2026