28531 matches found
EUVD-2026-31533
A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and m...
CVE-2026-9299
Summary: CVE-2026-9299 affects omec-project amf up to 2.1.1. The vulnerability lies in the function PDUSessionResourceModifyIndication in /go/src/amf/ngap/handler.go, where input handling leads to memory corruption. This enables remote exploitation, and publicly available exploits have been publi...
CVE-2026-9298
The CVE-2026-9298 entry describes a memory corruption vulnerability in the omec-project amf up to version 2.1.1, affecting the PathSwitchRequest Handler. The issue is exploitable remotely, with a publicly available exploit, and vendors are advised to implement the official patch to fix it. The im...
EUVD-2026-31530
A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory corruption. The attack may be launched remotely. The exploit is now public and may be used. It is...
PT-2026-42880
A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be use...
PT-2026-42879
A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practic...
MAL-2026-4281 Malicious code in project-init-tools (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in project-init-tools (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
PT-2026-42876
A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory corruption. The attack may be launched remotely. The exploit is now public and may be used. It is...
web-app-security-lab
Vulnerable Web App — Attack & Defend Lab A deliberately-vulne...
CVE-2026-36226
Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...
CVE-2026-43001
A flaw was found in OpenStack Keystone. An attacker holding an unrestricted application credential could exploit a vulnerability in the POST /v3/credentials endpoint where the caller-supplied projectid for an EC2-type credential was not validated against the project of the authenticating...
Exploit for CVE-2026-36226
CVE-2026-36226: Advantech WebAccess/SCADA Create New Project U...
CVE-2026-36226
CVE-2026-36226 affects Advantech WebAccess/SCADA 8.0-2015.08.16. A cross-site scripting flaw resides in the Admin Dashboard’s Create New Project User component, where unsanitized input in the decryption field can be rendered and execute JavaScript in an authenticated user’s browser context. Docum...
VulnCheck KEV: CVE-2026-39365
Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...
EUVD-2026-31474
Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...
CVE-2026-36226
Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...
CVE-2026-36226
Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...
Advantech WebAccess/SCADA 安全漏洞
Advantech WebAccess/SCADA is a SCADA software based on the browser architecture developed by Advantech China Research & Development. This software supports dynamic graphical displays and real-time data control, and provides functionality for remote control and management of automation devices. Th...
PT-2026-42803
Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...