Monthly
Heap-based buffer overflow in TeamSpeak 3 Server's ECC Key Parser allows remote unauthenticated attackers to crash the server, causing a denial of service against all versions up to and including 3.13.7. The vulnerability was discovered and disclosed by modzero security research (advisory mz-26-01-teamspeak) with a coordinated vendor response resulting in TeamSpeak security advisory TS-SA-2026-001. A proof-of-concept exploit exists per SSVC data, and the attack is automatable, meaning exploitation can be scripted at scale against exposed TeamSpeak server instances. No public exploit identified as confirmed actively exploited in the wild (not listed in CISA KEV at time of analysis).
Use-after-free in TeamSpeak 3 Server versions 3.13.0 through 3.13.7 allows a low-privileged remote attacker to corrupt server memory via the process_resend_queue function within Connection State Management, resulting in limited integrity and availability impact. Discovered and disclosed by modzero.com (advisory MZ-26-01) and acknowledged by TeamSpeak via official security advisory TS-SA-2026-001, the vendor has released version 3.13.8 as the fix. No public exploit code exists and no active exploitation has been identified at time of analysis.
Stack-based buffer overflow in the UTT HiPER 1250GW router (firmware up to 3.2.7-210907-180535) lets a network-adjacent authenticated user corrupt memory by supplying an oversized 'Profile' argument to the /goform/formGroupConfig endpoint of the Web Management Interface. The CVSS 4.0 score is 7.4, and publicly available exploit code exists, though the EPSS probability is very low (0.04%, 13th percentile) and it is not on the CISA KEV list. Successful exploitation can crash the device or potentially achieve arbitrary code execution on the router's management plane.
Stack-based buffer overflow in the web management interface of the UTT HiPER 1250GW router (firmware through 3.2.7-210907-180535) lets a remote, low-privileged attacker corrupt memory by submitting an oversized Profile value to the /goform/formConfigFastDirectionW handler, which passes it to an unbounded strcpy. The CVSS 4.0 vector rates confidentiality, integrity, and availability impact as High, consistent with potential code execution or device crash. Publicly available exploit code exists per the VulDB submission, though EPSS is very low (0.04%, 13th percentile) and there is no public exploit identified as actively exploited.
Stack-based buffer overflow in the UTT HiPER 1200GW router's Web Management Interface lets an authenticated, network-adjacent attacker corrupt memory by submitting oversized values to the PPTP client configuration handler (/goform/formPptpClientConfig), affecting firmware up to 2.5.3-170306. A successful overflow can crash the device or potentially achieve code execution on the embedded gateway, with high confidentiality, integrity, and availability impact on the device itself. Publicly available exploit code exists (CVSS 4.0 base 7.4), but the EPSS score is very low at 0.04% (13th percentile) and the issue is not listed in CISA KEV.
Stack buffer overflow in the UTT HiPER 1200GW router (firmware up to 2.5.3-170306) lets a remote, low-privileged user crash the device or potentially execute arbitrary code by submitting oversized sysAdmUser or sysAdmPass values to the /goform/setSysAdm endpoint of the Web Management Interface. The flaw stems from an unbounded strcpy call, and publicly available exploit code exists, though EPSS rates near-term mass exploitation as very low (0.04%). No CISA KEV listing or vendor patch has been identified.
Memory corruption in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows authenticated remote attackers to corrupt memory by sending malformed NGReset messages to the 5G core network component. The vulnerability stems from insufficient validation of PLMN ID strings in SUCI (Subscription Concealed Identifier) processing within the NGReset message handler. Public exploit code exists (GitHub issue #678), and vendor patch is available (PR #666 upgrading to version 2.2.0). EPSS data not available but exploit code publication increases real-world exploitation likelihood for targeted attacks against 5G core infrastructure.
Memory corruption in the omec-project AMF (Access and Mobility Management Function) NGSetupRequest Handler allows network-adjacent authenticated attackers to corrupt process memory via crafted NGAP messages or malformed SUCI values, affecting confidentiality, integrity, and availability. The vulnerability stems from missing nil-pointer guards in the NGAP dispatcher and absent input validation when parsing Subscription Concealed Identifiers (SUCI) during UE registration and identity response flows. Exploit code has been publicly disclosed (GitHub issue #679), and no public exploit identified at time of analysis confirms active KEV exploitation, though the CVSS temporal vector E:P confirms proof-of-concept availability.
Memory corruption in omec-project AMF versions up to 2.1.1 exposes 5G core network infrastructure to remote exploitation via crafted NGAP PDUSessionResourceModifyIndication messages, allowing low-privileged attackers to achieve partial confidentiality, integrity, and availability impact on the Access and Mobility Management Function. A publicly available exploit exists (confirmed by CVSS E:P and GitHub issue #681), and an official vendor patch has been released in version 2.2.0 via PR #666. No CISA KEV listing was identified at time of analysis, so active widespread exploitation is not confirmed.
Memory corruption in omec-project AMF (Access and Mobility Management Function) through version 2.1.1 allows authenticated remote attackers to corrupt memory by sending crafted NGAP or NAS messages targeting the PathSwitchRequest handler and related message processing paths. The CVSS vector (AV:N/AC:L/PR:L/UI:N/C:L/I:L/A:L) indicates low-complexity network exploitation requiring only low-privilege credentials, with partial impacts across confidentiality, integrity, and availability. Publicly available exploit code exists (confirmed by GitHub issue #680 and the E:P temporal modifier); no active exploitation is confirmed in CISA KEV.
Heap-based buffer overflow in TeamSpeak 3 Server's ECC Key Parser allows remote unauthenticated attackers to crash the server, causing a denial of service against all versions up to and including 3.13.7. The vulnerability was discovered and disclosed by modzero security research (advisory mz-26-01-teamspeak) with a coordinated vendor response resulting in TeamSpeak security advisory TS-SA-2026-001. A proof-of-concept exploit exists per SSVC data, and the attack is automatable, meaning exploitation can be scripted at scale against exposed TeamSpeak server instances. No public exploit identified as confirmed actively exploited in the wild (not listed in CISA KEV at time of analysis).
Use-after-free in TeamSpeak 3 Server versions 3.13.0 through 3.13.7 allows a low-privileged remote attacker to corrupt server memory via the process_resend_queue function within Connection State Management, resulting in limited integrity and availability impact. Discovered and disclosed by modzero.com (advisory MZ-26-01) and acknowledged by TeamSpeak via official security advisory TS-SA-2026-001, the vendor has released version 3.13.8 as the fix. No public exploit code exists and no active exploitation has been identified at time of analysis.
Stack-based buffer overflow in the UTT HiPER 1250GW router (firmware up to 3.2.7-210907-180535) lets a network-adjacent authenticated user corrupt memory by supplying an oversized 'Profile' argument to the /goform/formGroupConfig endpoint of the Web Management Interface. The CVSS 4.0 score is 7.4, and publicly available exploit code exists, though the EPSS probability is very low (0.04%, 13th percentile) and it is not on the CISA KEV list. Successful exploitation can crash the device or potentially achieve arbitrary code execution on the router's management plane.
Stack-based buffer overflow in the web management interface of the UTT HiPER 1250GW router (firmware through 3.2.7-210907-180535) lets a remote, low-privileged attacker corrupt memory by submitting an oversized Profile value to the /goform/formConfigFastDirectionW handler, which passes it to an unbounded strcpy. The CVSS 4.0 vector rates confidentiality, integrity, and availability impact as High, consistent with potential code execution or device crash. Publicly available exploit code exists per the VulDB submission, though EPSS is very low (0.04%, 13th percentile) and there is no public exploit identified as actively exploited.
Stack-based buffer overflow in the UTT HiPER 1200GW router's Web Management Interface lets an authenticated, network-adjacent attacker corrupt memory by submitting oversized values to the PPTP client configuration handler (/goform/formPptpClientConfig), affecting firmware up to 2.5.3-170306. A successful overflow can crash the device or potentially achieve code execution on the embedded gateway, with high confidentiality, integrity, and availability impact on the device itself. Publicly available exploit code exists (CVSS 4.0 base 7.4), but the EPSS score is very low at 0.04% (13th percentile) and the issue is not listed in CISA KEV.
Stack buffer overflow in the UTT HiPER 1200GW router (firmware up to 2.5.3-170306) lets a remote, low-privileged user crash the device or potentially execute arbitrary code by submitting oversized sysAdmUser or sysAdmPass values to the /goform/setSysAdm endpoint of the Web Management Interface. The flaw stems from an unbounded strcpy call, and publicly available exploit code exists, though EPSS rates near-term mass exploitation as very low (0.04%). No CISA KEV listing or vendor patch has been identified.
Memory corruption in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows authenticated remote attackers to corrupt memory by sending malformed NGReset messages to the 5G core network component. The vulnerability stems from insufficient validation of PLMN ID strings in SUCI (Subscription Concealed Identifier) processing within the NGReset message handler. Public exploit code exists (GitHub issue #678), and vendor patch is available (PR #666 upgrading to version 2.2.0). EPSS data not available but exploit code publication increases real-world exploitation likelihood for targeted attacks against 5G core infrastructure.
Memory corruption in the omec-project AMF (Access and Mobility Management Function) NGSetupRequest Handler allows network-adjacent authenticated attackers to corrupt process memory via crafted NGAP messages or malformed SUCI values, affecting confidentiality, integrity, and availability. The vulnerability stems from missing nil-pointer guards in the NGAP dispatcher and absent input validation when parsing Subscription Concealed Identifiers (SUCI) during UE registration and identity response flows. Exploit code has been publicly disclosed (GitHub issue #679), and no public exploit identified at time of analysis confirms active KEV exploitation, though the CVSS temporal vector E:P confirms proof-of-concept availability.
Memory corruption in omec-project AMF versions up to 2.1.1 exposes 5G core network infrastructure to remote exploitation via crafted NGAP PDUSessionResourceModifyIndication messages, allowing low-privileged attackers to achieve partial confidentiality, integrity, and availability impact on the Access and Mobility Management Function. A publicly available exploit exists (confirmed by CVSS E:P and GitHub issue #681), and an official vendor patch has been released in version 2.2.0 via PR #666. No CISA KEV listing was identified at time of analysis, so active widespread exploitation is not confirmed.
Memory corruption in omec-project AMF (Access and Mobility Management Function) through version 2.1.1 allows authenticated remote attackers to corrupt memory by sending crafted NGAP or NAS messages targeting the PathSwitchRequest handler and related message processing paths. The CVSS vector (AV:N/AC:L/PR:L/UI:N/C:L/I:L/A:L) indicates low-complexity network exploitation requiring only low-privilege credentials, with partial impacts across confidentiality, integrity, and availability. Publicly available exploit code exists (confirmed by GitHub issue #680 and the E:P temporal modifier); no active exploitation is confirmed in CISA KEV.