CVE-2026-8120 Open5GS NSSF nnssf-handler.c denial of service

A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssfnnrfnsselectionhandlegetfromamforvnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has...

CVE-2026-8120

A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssfnnrfnsselectionhandlegetfromamforvnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has...

CVE-2026-8120 Open5GS NSSF nnssf-handler.c denial of service

A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssfnnrfnsselectionhandlegetfromamforvnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has...

CVE-2026-8120

Open5GS up to 2.7.7 is affected by CVE-2026-8120. The NSSF component’s function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf in src/nssf/nnssf-handler.c is vulnerable. Remote manipulation can trigger a denial of service. An exploit has been published and may be used. The report notes the pr...

PT-2026-38753

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

PT-2026-38653

Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description An issue exists in the file '/admin/message.php' where the manipulation of the seenid argument allows for SQL injection, a technique used to interfere with the queries that an...

PT-2026-38652

Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description A remote SQL injection exists in the wishlist.php file. This issue occurs when the delwlistid argument is manipulated, allowing an attacker to execute unauthorized database queries...

PT-2026-38696

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

PT-2026-38604

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A flaw in the NSSF component allows a remote attacker to cause a denial of service through manipulation of the nssf nnrf nsselection handle get from amf or vnssf function located in the...

PT-2026-38747

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

PT-2026-38664

Name of the Vulnerable Software and Affected Versions Totolink X5000R version 9.1.0u.6369 B20230113 Description A buffer overflow occurs in the sub 458E40 function within the '/boafrm/formDdns' file. This issue is triggered by the manipulation of the submit-url argument, allowing for remote...

PT-2026-38606

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A remote denial of service issue exists in the NSSF component. The flaw is located in the ogs sbi discovery option add service names function within the /lib/sbi/message.c library, where specific...

PT-2026-38886

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

PT-2026-38755

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

PT-2026-38657

Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Sales and Inventory System version 1.0 Description A flaw in the '/index.php?page=users' endpoint allows for remote cross-site scripting XSS, which occurs when an attacker manipulates the Name argument. Cross-site...

PT-2026-38765

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitab...

PT-2026-38644

Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description A remote SQL injection is possible via an unknown function within the '/admin/viewmsg.php' file. The issue occurs when the msgid argument is manipulated, allowing an attacker to...

CVE-2026-8117 SourceCodester Pizzafy Ecommerce System index.php cross site scripting

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2026-8116

A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been mad...

CVE-2026-8116

CVE-2026-8116 affects the project “huangjunsen0406 xiaozhi-mcphub” up to version 1.0.3. The vulnerability is in the file src/controllers/dxtController.ts, where manipulation of the argument manifest.name enables path traversal. The attack could be initiated remotely, and the exploit has been publ...