Aggregator

CVE-2026-33065 | Free5GC up to 1.4.1 Delete Request information exposure (ID 783)

VulDB Recent Entries
3 months ago
A vulnerability marked as problematic has been reported in Free5GC up to 1.4.1. This affects an unknown part of the component Delete Request Handler. The manipulation leads to information exposure through error message. This vulnerability is listed as CVE-2026-33065. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-33064 | Free5GC up to 1.4.1 UDM Service /sdm-subscriptions DataChangeNotificationProcedure missing default case in switch statement (ID 781)

VulDB Recent Entries
3 months ago
A vulnerability labeled as problematic has been found in Free5GC up to 1.4.1. Affected by this issue is the function DataChangeNotificationProcedure of the file /sdm-subscriptions of the component UDM Service. Executing a manipulation can lead to missing default case in switch statement. This vulnerability is tracked as CVE-2026-33064. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2026-33191 | Free5GC up to 1.4.1 URL Parser Nudm_SubscriberDataManagement null byte or nul character (GHSA-p9hg-pq3q-v9gv)

VulDB Recent Entries
3 months ago
A vulnerability identified as problematic has been detected in Free5GC up to 1.4.1. Affected by this vulnerability is the function Nudm_SubscriberDataManagement of the component URL Parser. Performing a manipulation results in improper neutralization of null byte or nul character. This vulnerability is identified as CVE-2026-33191. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-4488 | UTT HiPER 1250GW up to 3.2.7-210907-180535 /goform/setSysAdm strcpy GroupName buffer overflow

VulDB Recent Entries
3 months ago
A vulnerability categorized as critical has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. This vulnerability is referenced as CVE-2026-4488. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

CVE-2026-4487 | UTT HiPER 1200GW up to 2.5.3-170306 /goform/websHostFilter strcpy buffer overflow (EUVD-2026-13710)

VulDB Recent Entries
3 months ago
A vulnerability was found in UTT HiPER 1200GW up to 2.5.3-170306. It has been rated as critical. This impacts the function strcpy of the file /goform/websHostFilter. This manipulation causes buffer overflow. The identification of this vulnerability is CVE-2026-4487. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

Marquis 公司数据泄露事件波及 67.2 万人

HackerNews
3 months ago
HackerNews 编译,转载请注明出处: 为信用社与银行提供营销及合规解决方案的服务商Marquis本周披露,去年公开的一起数据泄露事件实际影响约67.2 万人。 这家总部位于得克萨斯州的公司于 2025 年 8 月发现,黑客已入侵其系统。 在去年 12 月发布的通知中,该公司称攻击者窃取了姓名、住址、社会安全号码、出生日期、纳税人识别号等个人信息,以及支付卡号等财务信息。这些数据是Marquis代其服务的 700 家银行及信用社中的数十家机构存储的。 Marquis在首次披露泄露事件时,并未公布受影响总人数。此前根据其向美国各州监管部门提交的各州受影响人数,以及涉事金融机构自行披露的数据,外界估算至少有 78 万人受影响。 数据安全机构 Comparitech 在 2026 年 2 月曾预估,受影响人数或高达 160 万。 但Marquis本周向缅因州总检察长办公室证实,实际受影响人数仅略超 67.2 万。 若 67.2 万为真实受影响人数,则此前部分银行与信用社公布的数字可能存在重复统计 —— 部分用户在多家机构均开立账户。 目前尚无网络犯罪团伙宣称对Marquis攻击事件负责,但 Comparitech 此前报道,爱荷华州一家信用社曾发布泄露通知(现已删除),称Marquis支付了赎金,这家金融科技公司尚未对此予以证实。 Marquis未立即回应《安全周刊》要求其证实或否认该说法的问询。 Marquis此前表示,此次攻击利用了SonicWall 防火墙漏洞。在该公司发现攻击期间,Akira 勒索软件组织正加紧利用 SonicWall 防火墙漏洞实施入侵。 消息来源:securityweek.com; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews

Managed ad